linux/net
Eric W. Biederman 426b5303eb [NETNS]: Modify the neighbour table code so it handles multiple network namespaces
I'm actually surprised at how much was involved.  At first glance it
appears that the neighbour table data structures are already split by
network device so all that should be needed is to modify the user
interface commands to filter the set of neighbours by the network
namespace of their devices.

However a couple things turned up while I was reading through the
code.  The proxy neighbour table allows entries with no network
device, and the neighbour parms are per network device (except for the
defaults) so they now need a per network namespace default.

So I updated the two structures (which surprised me) with their very
own network namespace parameter.  Updated the relevant lookup and
destroy routines with a network namespace parameter and modified the
code that interacts with users to filter out neighbour table entries
for devices of other namespaces.

I'm a little concerned that we can modify and display the global table
configuration and from all network namespaces.  But this appears good
enough for now.

I keep thinking modifying the neighbour table to have per network
namespace instances of each table type would should be cleaner.  The
hash table is already dynamically sized so there are it is not a
limiter.  The default parameter would be straight forward to take care
of.  However when I look at the how the network table is built and
used I still find some assumptions that there is only a single
neighbour table for each type of table in the kernel.  The netlink
operations, neigh_seq_start, the non-core network users that call
neigh_lookup.  So while it might be doable it would require more
refactoring than my current approach of just doing a little extra
filtering in the code.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28 15:00:03 -08:00
..
9p 9p: add missing end-of-options record for trans_fd 2007-11-06 08:02:53 -06:00
802 [TR]: Use ctl paths to register net/token-ring/ table 2008-01-28 14:56:28 -08:00
8021q [VLAN]: nested VLAN: fix lockdep's recursive locking warning 2008-01-10 22:38:31 -08:00
appletalk [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
atm [NETNS]: Modify the neighbour table code so it handles multiple network namespaces 2008-01-28 15:00:03 -08:00
ax25 [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
bluetooth [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
bridge [NETFILTER]: Add CONFIG_NETFILTER_ADVANCED option 2008-01-28 14:59:12 -08:00
can [CAN]: Add virtual CAN netdevice driver 2008-01-28 14:54:12 -08:00
core [NETNS]: Modify the neighbour table code so it handles multiple network namespaces 2008-01-28 15:00:03 -08:00
dccp [INET]: Uninline the __inet_hash function. 2008-01-28 14:59:26 -08:00
decnet [NETNS]: Modify the neighbour table code so it handles multiple network namespaces 2008-01-28 15:00:03 -08:00
econet [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
ethernet [NET]: Validate device addr prior to interface-up 2007-10-23 21:27:50 -07:00
ieee80211 [IEEE80211]: Use htons() where appropriate. 2008-01-28 14:58:02 -08:00
ipv4 [NETNS]: Modify the neighbour table code so it handles multiple network namespaces 2008-01-28 15:00:03 -08:00
ipv6 [NETNS]: Modify the neighbour table code so it handles multiple network namespaces 2008-01-28 15:00:03 -08:00
ipx [IPX]: Use existing sock refcnt debugging infrastructure 2007-11-10 21:39:26 -08:00
irda [IRDA]: Use htons() where appropriate. 2008-01-28 14:58:03 -08:00
iucv [IUCV]: use LIST_HEAD instead of LIST_HEAD_INIT 2008-01-28 14:56:54 -08:00
key [AF_KEY]: Fix skb leak on pfkey_send_migrate() error 2008-01-20 20:31:45 -08:00
lapb [LAPB] net/lapb/lapb_iface.c: use LIST_HEAD instead of LIST_HEAD_INIT 2008-01-28 14:56:52 -08:00
llc [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
mac80211 net/mac80211/Kconfig: whitespace corrections 2008-01-28 14:59:55 -08:00
netfilter [NETFILTER]: Add CONFIG_NETFILTER_ADVANCED option 2008-01-28 14:59:12 -08:00
netlabel [NETLABEL]: Spelling fixes 2007-12-20 14:03:11 -08:00
netlink [NETLINK]: kzalloc() conversion 2008-01-28 14:57:06 -08:00
netrom [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
packet [PACKET]: Fix /proc/net/packet crash due to bogus private pointer 2008-01-28 14:58:19 -08:00
rfkill rfkill: call rfkill_led_trigger_unregister() on error 2008-01-20 20:31:36 -08:00
rose [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
rxrpc [RXRPC]: Use cpu_to_be32() where appropriate. 2008-01-28 14:58:04 -08:00
sched [NETFILTER]: Mark hooks __read_mostly 2008-01-28 14:56:07 -08:00
sctp [SCTP]: Follow Add-IP security consideratiosn wrt INIT/INIT-ACK 2008-01-28 14:59:25 -08:00
sunrpc [SUNRPC]: Use htonl() where appropriate. 2008-01-28 14:58:05 -08:00
tipc [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
unix [NETNS]: struct net content re-work (v3) 2008-01-28 14:57:14 -08:00
wanrouter
wireless net/wireless/Kconfig: whitespace corrections 2008-01-28 14:59:55 -08:00
x25 [X25]: use LIST_HEAD instead of LIST_HEAD_INIT 2008-01-28 14:56:53 -08:00
xfrm [XFRM]: Drop packets when replay counter would overflow 2008-01-28 15:00:02 -08:00
compat.c [NETFILTER]: ip6_tables: add compat support 2008-01-28 14:58:36 -08:00
Kconfig [NETFILTER]: Add CONFIG_NETFILTER_ADVANCED option 2008-01-28 14:59:12 -08:00
Makefile [CAN]: Add PF_CAN core module 2008-01-28 14:54:10 -08:00
nonet.c
socket.c [NET] sysctl: make sysctl_somaxconn per-namespace 2008-01-28 14:56:57 -08:00
sysctl_net.c [NET]: Remove the empty net_table 2008-01-28 14:56:29 -08:00
TUNABLE