ipv6 netns: Address labels per namespace

 */

 */

extern int			ipv6_addr_label_init(void);

extern int			ipv6_addr_label_init(void);

extern void			ipv6_addr_label_rtnl_register(void);

extern void			ipv6_addr_label_rtnl_register(void);

extern u32			ipv6_addr_label(const struct in6_addr *addr,

extern u32			ipv6_addr_label(struct net *net,

						const struct in6_addr *addr,

						int type, int ifindex);

						int type, int ifindex);

/*

/*

	return 0;

	return 0;

}

}

static int ipv6_get_saddr_eval(struct ipv6_saddr_score *score,

static int ipv6_get_saddr_eval(struct net *net,

			       struct ipv6_saddr_score *score,

			       struct ipv6_saddr_dst *dst,

			       struct ipv6_saddr_dst *dst,

			       int i)

			       int i)

{

{

		break;

		break;

	case IPV6_SADDR_RULE_LABEL:

	case IPV6_SADDR_RULE_LABEL:

		/* Rule 6: Prefer matching label */

		/* Rule 6: Prefer matching label */

		ret = ipv6_addr_label(&score->ifa->addr, score->addr_type,

		ret = ipv6_addr_label(net,

				      &score->ifa->addr, score->addr_type,

				      score->ifa->idev->dev->ifindex) == dst->label;

				      score->ifa->idev->dev->ifindex) == dst->label;

		break;

		break;

#ifdef CONFIG_IPV6_PRIVACY

#ifdef CONFIG_IPV6_PRIVACY

	dst.addr = daddr;

	dst.addr = daddr;

	dst.ifindex = dst_dev ? dst_dev->ifindex : 0;

	dst.ifindex = dst_dev ? dst_dev->ifindex : 0;

	dst.scope = __ipv6_addr_src_scope(dst_type);

	dst.scope = __ipv6_addr_src_scope(dst_type);

	dst.label = ipv6_addr_label(daddr, dst_type, dst.ifindex);

	dst.label = ipv6_addr_label(net, daddr, dst_type, dst.ifindex);

	dst.prefs = prefs;

	dst.prefs = prefs;

	hiscore->rule = -1;

	hiscore->rule = -1;

			for (i = 0; i < IPV6_SADDR_RULE_MAX; i++) {

			for (i = 0; i < IPV6_SADDR_RULE_MAX; i++) {

				int minihiscore, miniscore;

				int minihiscore, miniscore;

				minihiscore = ipv6_get_saddr_eval(hiscore, &dst, i);

				minihiscore = ipv6_get_saddr_eval(net, hiscore, &dst, i);

				miniscore = ipv6_get_saddr_eval(score, &dst, i);

				miniscore = ipv6_get_saddr_eval(net, score, &dst, i);

				if (minihiscore > miniscore) {

				if (minihiscore > miniscore) {

					if (i == IPV6_SADDR_RULE_SCOPE &&

					if (i == IPV6_SADDR_RULE_SCOPE &&

 */

 */

struct ip6addrlbl_entry

struct ip6addrlbl_entry

{

{

#ifdef CONFIG_NET_NS

	struct net *lbl_net;

#endif

	struct in6_addr prefix;

	struct in6_addr prefix;

	int prefixlen;

	int prefixlen;

	int ifindex;

	int ifindex;

	u32 seq;

	u32 seq;

} ip6addrlbl_table;

} ip6addrlbl_table;

static inline

struct net *ip6addrlbl_net(const struct ip6addrlbl_entry *lbl)

{

#ifdef CONFIG_NET_NS

	return lbl->lbl_net;

#else

	return &init_net;

#endif

}

/*

/*

 * Default policy table (RFC3484 + extensions)

 * Default policy table (RFC3484 + extensions)

 *

 *

#define IPV6_ADDR_LABEL_DEFAULT	0xffffffffUL

#define IPV6_ADDR_LABEL_DEFAULT	0xffffffffUL

static const __initdata struct ip6addrlbl_init_table

static const __net_initdata struct ip6addrlbl_init_table

{

{

	const struct in6_addr *prefix;

	const struct in6_addr *prefix;

	int prefixlen;

	int prefixlen;

/* Object management */

/* Object management */

static inline void ip6addrlbl_free(struct ip6addrlbl_entry *p)

static inline void ip6addrlbl_free(struct ip6addrlbl_entry *p)

{

{

#ifdef CONFIG_NET_NS

	release_net(p->lbl_net);

#endif

	kfree(p);

	kfree(p);

}

}

}

}

/* Find label */

/* Find label */

static int __ip6addrlbl_match(struct ip6addrlbl_entry *p,

static int __ip6addrlbl_match(struct net *net,

			      struct ip6addrlbl_entry *p,

			      const struct in6_addr *addr,

			      const struct in6_addr *addr,

			      int addrtype, int ifindex)

			      int addrtype, int ifindex)

{

{

	if (!net_eq(ip6addrlbl_net(p), net))

		return 0;

	if (p->ifindex && p->ifindex != ifindex)

	if (p->ifindex && p->ifindex != ifindex)

		return 0;

		return 0;

	if (p->addrtype && p->addrtype != addrtype)

	if (p->addrtype && p->addrtype != addrtype)

	return 1;

	return 1;

}

}

static struct ip6addrlbl_entry *__ipv6_addr_label(const struct in6_addr *addr,

static struct ip6addrlbl_entry *__ipv6_addr_label(struct net *net,

						  const struct in6_addr *addr,

						  int type, int ifindex)

						  int type, int ifindex)

{

{

	struct hlist_node *pos;

	struct hlist_node *pos;

	struct ip6addrlbl_entry *p;

	struct ip6addrlbl_entry *p;

	hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) {

	hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) {

		if (__ip6addrlbl_match(p, addr, type, ifindex))

		if (__ip6addrlbl_match(net, p, addr, type, ifindex))

			return p;

			return p;

	}

	}

	return NULL;

	return NULL;

}

}

u32 ipv6_addr_label(const struct in6_addr *addr, int type, int ifindex)

u32 ipv6_addr_label(struct net *net,

		    const struct in6_addr *addr, int type, int ifindex)

{

{

	u32 label;

	u32 label;

	struct ip6addrlbl_entry *p;

	struct ip6addrlbl_entry *p;

	type &= IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK;

	type &= IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK;

	rcu_read_lock();

	rcu_read_lock();

	p = __ipv6_addr_label(addr, type, ifindex);

	p = __ipv6_addr_label(net, addr, type, ifindex);

	label = p ? p->label : IPV6_ADDR_LABEL_DEFAULT;

	label = p ? p->label : IPV6_ADDR_LABEL_DEFAULT;

	rcu_read_unlock();

	rcu_read_unlock();

}

}

/* allocate one entry */

/* allocate one entry */

static struct ip6addrlbl_entry *ip6addrlbl_alloc(const struct in6_addr *prefix,

static struct ip6addrlbl_entry *ip6addrlbl_alloc(struct net *net,

						 const struct in6_addr *prefix,

						 int prefixlen, int ifindex,

						 int prefixlen, int ifindex,

						 u32 label)

						 u32 label)

{

{

	newp->addrtype = addrtype;

	newp->addrtype = addrtype;

	newp->label = label;

	newp->label = label;

	INIT_HLIST_NODE(&newp->list);

	INIT_HLIST_NODE(&newp->list);

#ifdef CONFIG_NET_NS

	newp->lbl_net = hold_net(net);

#endif

	atomic_set(&newp->refcnt, 1);

	atomic_set(&newp->refcnt, 1);

	return newp;

	return newp;

}

}

		hlist_for_each_entry_safe(p, pos, n,

		hlist_for_each_entry_safe(p, pos, n,

					  &ip6addrlbl_table.head, list) {

					  &ip6addrlbl_table.head, list) {

			if (p->prefixlen == newp->prefixlen &&

			if (p->prefixlen == newp->prefixlen &&

			    net_eq(ip6addrlbl_net(p), ip6addrlbl_net(newp)) &&

			    p->ifindex == newp->ifindex &&

			    p->ifindex == newp->ifindex &&

			    ipv6_addr_equal(&p->prefix, &newp->prefix)) {

			    ipv6_addr_equal(&p->prefix, &newp->prefix)) {

				if (!replace) {

				if (!replace) {

}

}

/* add a label */

/* add a label */

static int ip6addrlbl_add(const struct in6_addr *prefix, int prefixlen,

static int ip6addrlbl_add(struct net *net,

			  const struct in6_addr *prefix, int prefixlen,

			  int ifindex, u32 label, int replace)

			  int ifindex, u32 label, int replace)

{

{

	struct ip6addrlbl_entry *newp;

	struct ip6addrlbl_entry *newp;

			(unsigned int)label,

			(unsigned int)label,

			replace);

			replace);

	newp = ip6addrlbl_alloc(prefix, prefixlen, ifindex, label);

	newp = ip6addrlbl_alloc(net, prefix, prefixlen, ifindex, label);

	if (IS_ERR(newp))

	if (IS_ERR(newp))

		return PTR_ERR(newp);

		return PTR_ERR(newp);

	spin_lock(&ip6addrlbl_table.lock);

	spin_lock(&ip6addrlbl_table.lock);

}

}

/* remove a label */

/* remove a label */

static int __ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen,

static int __ip6addrlbl_del(struct net *net,

			    const struct in6_addr *prefix, int prefixlen,

			    int ifindex)

			    int ifindex)

{

{

	struct ip6addrlbl_entry *p = NULL;

	struct ip6addrlbl_entry *p = NULL;

	hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) {

	hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) {

		if (p->prefixlen == prefixlen &&

		if (p->prefixlen == prefixlen &&

		    net_eq(ip6addrlbl_net(p), net) &&

		    p->ifindex == ifindex &&

		    p->ifindex == ifindex &&

		    ipv6_addr_equal(&p->prefix, prefix)) {

		    ipv6_addr_equal(&p->prefix, prefix)) {

			hlist_del_rcu(&p->list);

			hlist_del_rcu(&p->list);

	return ret;

	return ret;

}

}

static int ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen,

static int ip6addrlbl_del(struct net *net,

			  const struct in6_addr *prefix, int prefixlen,

			  int ifindex)

			  int ifindex)

{

{

	struct in6_addr prefix_buf;

	struct in6_addr prefix_buf;

	ipv6_addr_prefix(&prefix_buf, prefix, prefixlen);

	ipv6_addr_prefix(&prefix_buf, prefix, prefixlen);

	spin_lock(&ip6addrlbl_table.lock);

	spin_lock(&ip6addrlbl_table.lock);

	ret = __ip6addrlbl_del(&prefix_buf, prefixlen, ifindex);

	ret = __ip6addrlbl_del(net, &prefix_buf, prefixlen, ifindex);

	spin_unlock(&ip6addrlbl_table.lock);

	spin_unlock(&ip6addrlbl_table.lock);

	return ret;

	return ret;

}

}

/* add default label */

/* add default label */

static __init int ip6addrlbl_init(void)

static int __net_init ip6addrlbl_net_init(struct net *net)

{

{

	int err = 0;

	int err = 0;

	int i;

	int i;

	ADDRLABEL(KERN_DEBUG "%s()\n", __func__);

	ADDRLABEL(KERN_DEBUG "%s()\n", __func__);

	for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) {

	for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) {

		int ret = ip6addrlbl_add(ip6addrlbl_init_table[i].prefix,

		int ret = ip6addrlbl_add(net,

					 ip6addrlbl_init_table[i].prefix,

					 ip6addrlbl_init_table[i].prefixlen,

					 ip6addrlbl_init_table[i].prefixlen,

					 0,

					 0,

					 ip6addrlbl_init_table[i].label, 0);

					 ip6addrlbl_init_table[i].label, 0);

	return err;

	return err;

}

}

static void __net_exit ip6addrlbl_net_exit(struct net *net)

{

	struct ip6addrlbl_entry *p = NULL;

	struct hlist_node *pos, *n;

	/* Remove all labels belonging to the exiting net */

	spin_lock(&ip6addrlbl_table.lock);

	hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) {

		if (net_eq(ip6addrlbl_net(p), net)) {

			hlist_del_rcu(&p->list);

			ip6addrlbl_put(p);

		}

	}

	spin_unlock(&ip6addrlbl_table.lock);

}

static struct pernet_operations ipv6_addr_label_ops = {

	.init = ip6addrlbl_net_init,

	.exit = ip6addrlbl_net_exit,

};

int __init ipv6_addr_label_init(void)

int __init ipv6_addr_label_init(void)

{

{

	spin_lock_init(&ip6addrlbl_table.lock);

	spin_lock_init(&ip6addrlbl_table.lock);

	return ip6addrlbl_init();

	return register_pernet_subsys(&ipv6_addr_label_ops);

}

}

static const struct nla_policy ifal_policy[IFAL_MAX+1] = {

static const struct nla_policy ifal_policy[IFAL_MAX+1] = {

	u32 label;

	u32 label;

	int err = 0;

	int err = 0;

	if (net != &init_net)

		return 0;

	err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);

	err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);

	if (err < 0)

	if (err < 0)

		return err;

		return err;

		return -EINVAL;

		return -EINVAL;

	if (ifal->ifal_index &&

	if (ifal->ifal_index &&

	    !__dev_get_by_index(&init_net, ifal->ifal_index))

	    !__dev_get_by_index(net, ifal->ifal_index))

		return -EINVAL;

		return -EINVAL;

	if (!tb[IFAL_ADDRESS])

	if (!tb[IFAL_ADDRESS])

	switch(nlh->nlmsg_type) {

	switch(nlh->nlmsg_type) {

	case RTM_NEWADDRLABEL:

	case RTM_NEWADDRLABEL:

		err = ip6addrlbl_add(pfx, ifal->ifal_prefixlen,

		err = ip6addrlbl_add(net, pfx, ifal->ifal_prefixlen,

				     ifal->ifal_index, label,

				     ifal->ifal_index, label,

				     nlh->nlmsg_flags & NLM_F_REPLACE);

				     nlh->nlmsg_flags & NLM_F_REPLACE);

		break;

		break;

	case RTM_DELADDRLABEL:

	case RTM_DELADDRLABEL:

		err = ip6addrlbl_del(pfx, ifal->ifal_prefixlen,

		err = ip6addrlbl_del(net, pfx, ifal->ifal_prefixlen,

				     ifal->ifal_index);

				     ifal->ifal_index);

		break;

		break;

	default:

	default:

	int idx = 0, s_idx = cb->args[0];

	int idx = 0, s_idx = cb->args[0];

	int err;

	int err;

	if (net != &init_net)

		return 0;

	rcu_read_lock();

	rcu_read_lock();

	hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) {

	hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) {

		if (idx >= s_idx) {

		if (idx >= s_idx &&

		    net_eq(ip6addrlbl_net(p), net)) {

			if ((err = ip6addrlbl_fill(skb, p,

			if ((err = ip6addrlbl_fill(skb, p,

						   ip6addrlbl_table.seq,

						   ip6addrlbl_table.seq,

						   NETLINK_CB(cb->skb).pid,

						   NETLINK_CB(cb->skb).pid,

	struct ip6addrlbl_entry *p;

	struct ip6addrlbl_entry *p;

	struct sk_buff *skb;

	struct sk_buff *skb;

	if (net != &init_net)

		return 0;

	err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);

	err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);

	if (err < 0)

	if (err < 0)

		return err;

		return err;

		return -EINVAL;

		return -EINVAL;

	if (ifal->ifal_index &&

	if (ifal->ifal_index &&

	    !__dev_get_by_index(&init_net, ifal->ifal_index))

	    !__dev_get_by_index(net, ifal->ifal_index))

		return -EINVAL;

		return -EINVAL;

	if (!tb[IFAL_ADDRESS])

	if (!tb[IFAL_ADDRESS])

		return -EINVAL;

		return -EINVAL;

	rcu_read_lock();

	rcu_read_lock();

	p = __ipv6_addr_label(addr, ipv6_addr_type(addr), ifal->ifal_index);

	p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index);

	if (p && ip6addrlbl_hold(p))

	if (p && ip6addrlbl_hold(p))

		p = NULL;

		p = NULL;

	lseq = ip6addrlbl_table.seq;

	lseq = ip6addrlbl_table.seq;

		goto out;

		goto out;

	}

	}

	err = rtnl_unicast(skb, &init_net, NETLINK_CB(in_skb).pid);

	err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid);

out:

out:

	return err;

	return err;

}

}