linux/net/ipv6
Eric W. Biederman 426b5303eb [NETNS]: Modify the neighbour table code so it handles multiple network namespaces
I'm actually surprised at how much was involved.  At first glance it
appears that the neighbour table data structures are already split by
network device so all that should be needed is to modify the user
interface commands to filter the set of neighbours by the network
namespace of their devices.

However a couple things turned up while I was reading through the
code.  The proxy neighbour table allows entries with no network
device, and the neighbour parms are per network device (except for the
defaults) so they now need a per network namespace default.

So I updated the two structures (which surprised me) with their very
own network namespace parameter.  Updated the relevant lookup and
destroy routines with a network namespace parameter and modified the
code that interacts with users to filter out neighbour table entries
for devices of other namespaces.

I'm a little concerned that we can modify and display the global table
configuration and from all network namespaces.  But this appears good
enough for now.

I keep thinking modifying the neighbour table to have per network
namespace instances of each table type would should be cleaner.  The
hash table is already dynamically sized so there are it is not a
limiter.  The default parameter would be straight forward to take care
of.  However when I look at the how the network table is built and
used I still find some assumptions that there is only a single
neighbour table for each type of table in the kernel.  The netlink
operations, neigh_seq_start, the non-core network users that call
neigh_lookup.  So while it might be doable it would require more
refactoring than my current approach of just doing a little extra
filtering in the code.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28 15:00:03 -08:00
..
netfilter [NETFILTER]: Add CONFIG_NETFILTER_ADVANCED option 2008-01-28 14:59:12 -08:00
addrconf_core.c
addrconf.c [IPV6]: fix section mismatch warnings 2008-01-28 14:57:46 -08:00
addrlabel.c [NET]: Make rtnetlink infrastructure network namespace aware (v3) 2008-01-28 14:54:25 -08:00
af_inet6.c [IPV6]: make the protocol initialization to return an error code 2008-01-28 14:57:13 -08:00
ah6.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
anycast.c
datagram.c [IPSEC]: Make callers of xfrm_lookup to use XFRM_LOOKUP_WAIT 2008-01-28 14:57:42 -08:00
esp6.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
exthdrs_core.c
exthdrs.c [IPV6]: make extended headers to return an error at initialization 2008-01-28 14:57:10 -08:00
fib6_rules.c [IPV6]: Make fib6_rules_init to return an error code. 2008-01-28 14:56:46 -08:00
icmp.c [IPSEC]: Do not let packets pass when ICMP flag is off 2008-01-28 14:57:43 -08:00
inet6_connection_sock.c
inet6_hashtables.c
ip6_fib.c [IPV6]: Always pass a valid nl_info to inet6_rt_notify. 2008-01-28 14:57:55 -08:00
ip6_flowlabel.c [IPV6]: make flowlabel to return an error 2008-01-28 14:57:10 -08:00
ip6_input.c [IPv6] RAW: Compact the API for the kernel 2008-01-28 14:54:29 -08:00
ip6_output.c [NETNS]: Modify the neighbour table code so it handles multiple network namespaces 2008-01-28 15:00:03 -08:00
ip6_tunnel.c [IPV6]: Add ip6_local_out 2008-01-28 14:53:47 -08:00
ipcomp6.c
ipv6_sockglue.c [IPV6]: make the protocol initialization to return an error code 2008-01-28 14:57:13 -08:00
Kconfig
Makefile [IPV6]: Make the ipv6/sysctl_net_ipv6.c compilation cleaner 2008-01-28 14:56:29 -08:00
mcast.c [NETFILTER]: Introduce NF_INET_ hook values 2008-01-28 14:53:55 -08:00
mip6.c [IPSEC]: Move state lock into x->type->input 2008-01-28 14:53:52 -08:00
ndisc.c [NETNS]: Modify the neighbour table code so it handles multiple network namespaces 2008-01-28 15:00:03 -08:00
netfilter.c [NETFILTER]: constify nf_afinfo 2008-01-28 14:59:05 -08:00
proc.c [UDP]: Restore missing inDatagrams increments 2008-01-28 14:56:33 -08:00
protocol.c
raw.c [IPV6]: fix section mismatch warnings 2008-01-28 14:57:46 -08:00
reassembly.c [IPV6]: make frag to return an error at initialization 2008-01-28 14:57:11 -08:00
route.c [IPV6]: Always pass a valid nl_info to inet6_rt_notify. 2008-01-28 14:57:55 -08:00
sit.c [IPV6] sit: Rebinding of SIT tunnels to other interfaces 2008-01-28 14:57:56 -08:00
sysctl_net_ipv6.c [IPV6]: Use sysctl paths to register ipv6 sysctl tables 2008-01-28 14:56:30 -08:00
tcp_ipv6.c [TCP]: Convert several length variable to unsigned. 2008-01-28 14:59:56 -08:00
tunnel6.c
udp_impl.h
udp.c [UDP]: Move udp_stats_in6 into net/ipv4/udp.c 2008-01-28 14:58:06 -08:00
udplite.c [IPV6]: fix section mismatch warnings 2008-01-28 14:57:46 -08:00
xfrm6_input.c [XFRM]: RFC4303 compliant auditing 2008-01-28 15:00:01 -08:00
xfrm6_mode_beet.c [IPSEC]: Separate inner/outer mode processing on input 2008-01-28 14:53:46 -08:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c [IPSEC]: Rename tunnel-mode functions to avoid collisions with tunnels 2008-01-28 14:59:18 -08:00
xfrm6_output.c [NETFILTER]: Introduce NF_INET_ hook values 2008-01-28 14:53:55 -08:00
xfrm6_policy.c [XFRM] IPv6: Fix dst/routing check at transformation. 2008-01-28 14:59:36 -08:00
xfrm6_state.c [IPV6]: Make xfrm6_init to return an error code. 2008-01-28 14:56:45 -08:00
xfrm6_tunnel.c