Commit 79e1ad14 authored by Jiri Benc's avatar Jiri Benc Committed by David S. Miller

rtnetlink: use netnsid to query interface

Currently, when an application gets netnsid from the kernel (for example as
the result of RTM_GETLINK call on one end of the veth pair), it's not much
useful. There's no reliable way to get to the netns fd from the netnsid, nor
does any kernel API accept netnsid.

Extend the RTM_GETLINK call to also accept netnsid. It will operate on the
netns with the given netnsid in such case. Of course, the calling process
needs to have enough capabilities in the target name space; for now, require
CAP_NET_ADMIN. This can be relaxed in the future.

To signal to the calling process that the kernel understood the new
IFLA_IF_NETNSID attribute in the query, it will include it in the response.
This is needed to detect older kernels, as they will just ignore
IFLA_IF_NETNSID and query in the current name space.

This patch implemetns IFLA_IF_NETNSID only for get and dump. For set
operations, this can be extended later.
Signed-off-by: default avatarJiri Benc <jbenc@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9354d452
...@@ -160,6 +160,7 @@ enum { ...@@ -160,6 +160,7 @@ enum {
IFLA_XDP, IFLA_XDP,
IFLA_EVENT, IFLA_EVENT,
IFLA_NEW_NETNSID, IFLA_NEW_NETNSID,
IFLA_IF_NETNSID,
__IFLA_MAX __IFLA_MAX
}; };
......
...@@ -921,7 +921,8 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev, ...@@ -921,7 +921,8 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev,
+ nla_total_size(4) /* IFLA_EVENT */ + nla_total_size(4) /* IFLA_EVENT */
+ nla_total_size(4) /* IFLA_NEW_NETNSID */ + nla_total_size(4) /* IFLA_NEW_NETNSID */
+ nla_total_size(1); /* IFLA_PROTO_DOWN */ + nla_total_size(1); /* IFLA_PROTO_DOWN */
+ nla_total_size(4) /* IFLA_IF_NETNSID */
+ 0;
} }
static int rtnl_vf_ports_fill(struct sk_buff *skb, struct net_device *dev) static int rtnl_vf_ports_fill(struct sk_buff *skb, struct net_device *dev)
...@@ -1370,13 +1371,14 @@ static noinline_for_stack int nla_put_ifalias(struct sk_buff *skb, ...@@ -1370,13 +1371,14 @@ static noinline_for_stack int nla_put_ifalias(struct sk_buff *skb,
} }
static int rtnl_fill_link_netnsid(struct sk_buff *skb, static int rtnl_fill_link_netnsid(struct sk_buff *skb,
const struct net_device *dev) const struct net_device *dev,
struct net *src_net)
{ {
if (dev->rtnl_link_ops && dev->rtnl_link_ops->get_link_net) { if (dev->rtnl_link_ops && dev->rtnl_link_ops->get_link_net) {
struct net *link_net = dev->rtnl_link_ops->get_link_net(dev); struct net *link_net = dev->rtnl_link_ops->get_link_net(dev);
if (!net_eq(dev_net(dev), link_net)) { if (!net_eq(dev_net(dev), link_net)) {
int id = peernet2id_alloc(dev_net(dev), link_net); int id = peernet2id_alloc(src_net, link_net);
if (nla_put_s32(skb, IFLA_LINK_NETNSID, id)) if (nla_put_s32(skb, IFLA_LINK_NETNSID, id))
return -EMSGSIZE; return -EMSGSIZE;
...@@ -1427,10 +1429,11 @@ static int rtnl_fill_link_af(struct sk_buff *skb, ...@@ -1427,10 +1429,11 @@ static int rtnl_fill_link_af(struct sk_buff *skb,
return 0; return 0;
} }
static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, static int rtnl_fill_ifinfo(struct sk_buff *skb,
struct net_device *dev, struct net *src_net,
int type, u32 pid, u32 seq, u32 change, int type, u32 pid, u32 seq, u32 change,
unsigned int flags, u32 ext_filter_mask, unsigned int flags, u32 ext_filter_mask,
u32 event, int *new_nsid) u32 event, int *new_nsid, int tgt_netnsid)
{ {
struct ifinfomsg *ifm; struct ifinfomsg *ifm;
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
...@@ -1448,6 +1451,9 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, ...@@ -1448,6 +1451,9 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
ifm->ifi_flags = dev_get_flags(dev); ifm->ifi_flags = dev_get_flags(dev);
ifm->ifi_change = change; ifm->ifi_change = change;
if (tgt_netnsid >= 0 && nla_put_s32(skb, IFLA_IF_NETNSID, tgt_netnsid))
goto nla_put_failure;
if (nla_put_string(skb, IFLA_IFNAME, dev->name) || if (nla_put_string(skb, IFLA_IFNAME, dev->name) ||
nla_put_u32(skb, IFLA_TXQLEN, dev->tx_queue_len) || nla_put_u32(skb, IFLA_TXQLEN, dev->tx_queue_len) ||
nla_put_u8(skb, IFLA_OPERSTATE, nla_put_u8(skb, IFLA_OPERSTATE,
...@@ -1513,7 +1519,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, ...@@ -1513,7 +1519,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
goto nla_put_failure; goto nla_put_failure;
} }
if (rtnl_fill_link_netnsid(skb, dev)) if (rtnl_fill_link_netnsid(skb, dev, src_net))
goto nla_put_failure; goto nla_put_failure;
if (new_nsid && if (new_nsid &&
...@@ -1571,6 +1577,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = { ...@@ -1571,6 +1577,7 @@ static const struct nla_policy ifla_policy[IFLA_MAX+1] = {
[IFLA_XDP] = { .type = NLA_NESTED }, [IFLA_XDP] = { .type = NLA_NESTED },
[IFLA_EVENT] = { .type = NLA_U32 }, [IFLA_EVENT] = { .type = NLA_U32 },
[IFLA_GROUP] = { .type = NLA_U32 }, [IFLA_GROUP] = { .type = NLA_U32 },
[IFLA_IF_NETNSID] = { .type = NLA_S32 },
}; };
static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = { static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = {
...@@ -1674,9 +1681,28 @@ static bool link_dump_filtered(struct net_device *dev, ...@@ -1674,9 +1681,28 @@ static bool link_dump_filtered(struct net_device *dev,
return false; return false;
} }
static struct net *get_target_net(struct sk_buff *skb, int netnsid)
{
struct net *net;
net = get_net_ns_by_id(sock_net(skb->sk), netnsid);
if (!net)
return ERR_PTR(-EINVAL);
/* For now, the caller is required to have CAP_NET_ADMIN in
* the user namespace owning the target net ns.
*/
if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) {
put_net(net);
return ERR_PTR(-EACCES);
}
return net;
}
static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
{ {
struct net *net = sock_net(skb->sk); struct net *net = sock_net(skb->sk);
struct net *tgt_net = net;
int h, s_h; int h, s_h;
int idx = 0, s_idx; int idx = 0, s_idx;
struct net_device *dev; struct net_device *dev;
...@@ -1686,6 +1712,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1686,6 +1712,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
const struct rtnl_link_ops *kind_ops = NULL; const struct rtnl_link_ops *kind_ops = NULL;
unsigned int flags = NLM_F_MULTI; unsigned int flags = NLM_F_MULTI;
int master_idx = 0; int master_idx = 0;
int netnsid = -1;
int err; int err;
int hdrlen; int hdrlen;
...@@ -1704,6 +1731,15 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1704,6 +1731,15 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX, if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX,
ifla_policy, NULL) >= 0) { ifla_policy, NULL) >= 0) {
if (tb[IFLA_IF_NETNSID]) {
netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
tgt_net = get_target_net(skb, netnsid);
if (IS_ERR(tgt_net)) {
tgt_net = net;
netnsid = -1;
}
}
if (tb[IFLA_EXT_MASK]) if (tb[IFLA_EXT_MASK])
ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
...@@ -1719,17 +1755,19 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1719,17 +1755,19 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0; idx = 0;
head = &net->dev_index_head[h]; head = &tgt_net->dev_index_head[h];
hlist_for_each_entry(dev, head, index_hlist) { hlist_for_each_entry(dev, head, index_hlist) {
if (link_dump_filtered(dev, master_idx, kind_ops)) if (link_dump_filtered(dev, master_idx, kind_ops))
goto cont; goto cont;
if (idx < s_idx) if (idx < s_idx)
goto cont; goto cont;
err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, err = rtnl_fill_ifinfo(skb, dev, net,
RTM_NEWLINK,
NETLINK_CB(cb->skb).portid, NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq, 0, cb->nlh->nlmsg_seq, 0,
flags, flags,
ext_filter_mask, 0, NULL); ext_filter_mask, 0, NULL,
netnsid);
if (err < 0) { if (err < 0) {
if (likely(skb->len)) if (likely(skb->len))
...@@ -1748,6 +1786,8 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -1748,6 +1786,8 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
cb->args[0] = h; cb->args[0] = h;
cb->seq = net->dev_base_seq; cb->seq = net->dev_base_seq;
nl_dump_check_consistent(cb, nlmsg_hdr(skb)); nl_dump_check_consistent(cb, nlmsg_hdr(skb));
if (netnsid >= 0)
put_net(tgt_net);
return err; return err;
} }
...@@ -2360,6 +2400,9 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -2360,6 +2400,9 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh,
if (err < 0) if (err < 0)
goto errout; goto errout;
if (tb[IFLA_IF_NETNSID])
return -EOPNOTSUPP;
if (tb[IFLA_IFNAME]) if (tb[IFLA_IFNAME])
nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
else else
...@@ -2454,6 +2497,9 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -2454,6 +2497,9 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh,
if (err < 0) if (err < 0)
return err; return err;
if (tb[IFLA_IF_NETNSID])
return -EOPNOTSUPP;
if (tb[IFLA_IFNAME]) if (tb[IFLA_IFNAME])
nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
...@@ -2585,6 +2631,9 @@ static int rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -2585,6 +2631,9 @@ static int rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh,
if (err < 0) if (err < 0)
return err; return err;
if (tb[IFLA_IF_NETNSID])
return -EOPNOTSUPP;
if (tb[IFLA_IFNAME]) if (tb[IFLA_IFNAME])
nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
else else
...@@ -2818,11 +2867,13 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -2818,11 +2867,13 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack) struct netlink_ext_ack *extack)
{ {
struct net *net = sock_net(skb->sk); struct net *net = sock_net(skb->sk);
struct net *tgt_net = net;
struct ifinfomsg *ifm; struct ifinfomsg *ifm;
char ifname[IFNAMSIZ]; char ifname[IFNAMSIZ];
struct nlattr *tb[IFLA_MAX+1]; struct nlattr *tb[IFLA_MAX+1];
struct net_device *dev = NULL; struct net_device *dev = NULL;
struct sk_buff *nskb; struct sk_buff *nskb;
int netnsid = -1;
int err; int err;
u32 ext_filter_mask = 0; u32 ext_filter_mask = 0;
...@@ -2830,35 +2881,50 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -2830,35 +2881,50 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh,
if (err < 0) if (err < 0)
return err; return err;
if (tb[IFLA_IF_NETNSID]) {
netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]);
tgt_net = get_target_net(skb, netnsid);
if (IS_ERR(tgt_net))
return PTR_ERR(tgt_net);
}
if (tb[IFLA_IFNAME]) if (tb[IFLA_IFNAME])
nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ);
if (tb[IFLA_EXT_MASK]) if (tb[IFLA_EXT_MASK])
ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
err = -EINVAL;
ifm = nlmsg_data(nlh); ifm = nlmsg_data(nlh);
if (ifm->ifi_index > 0) if (ifm->ifi_index > 0)
dev = __dev_get_by_index(net, ifm->ifi_index); dev = __dev_get_by_index(tgt_net, ifm->ifi_index);
else if (tb[IFLA_IFNAME]) else if (tb[IFLA_IFNAME])
dev = __dev_get_by_name(net, ifname); dev = __dev_get_by_name(tgt_net, ifname);
else else
return -EINVAL; goto out;
err = -ENODEV;
if (dev == NULL) if (dev == NULL)
return -ENODEV; goto out;
err = -ENOBUFS;
nskb = nlmsg_new(if_nlmsg_size(dev, ext_filter_mask), GFP_KERNEL); nskb = nlmsg_new(if_nlmsg_size(dev, ext_filter_mask), GFP_KERNEL);
if (nskb == NULL) if (nskb == NULL)
return -ENOBUFS; goto out;
err = rtnl_fill_ifinfo(nskb, dev, RTM_NEWLINK, NETLINK_CB(skb).portid, err = rtnl_fill_ifinfo(nskb, dev, net,
nlh->nlmsg_seq, 0, 0, ext_filter_mask, 0, NULL); RTM_NEWLINK, NETLINK_CB(skb).portid,
nlh->nlmsg_seq, 0, 0, ext_filter_mask,
0, NULL, netnsid);
if (err < 0) { if (err < 0) {
/* -EMSGSIZE implies BUG in if_nlmsg_size */ /* -EMSGSIZE implies BUG in if_nlmsg_size */
WARN_ON(err == -EMSGSIZE); WARN_ON(err == -EMSGSIZE);
kfree_skb(nskb); kfree_skb(nskb);
} else } else
err = rtnl_unicast(nskb, net, NETLINK_CB(skb).portid); err = rtnl_unicast(nskb, net, NETLINK_CB(skb).portid);
out:
if (netnsid >= 0)
put_net(tgt_net);
return err; return err;
} }
...@@ -2948,8 +3014,9 @@ struct sk_buff *rtmsg_ifinfo_build_skb(int type, struct net_device *dev, ...@@ -2948,8 +3014,9 @@ struct sk_buff *rtmsg_ifinfo_build_skb(int type, struct net_device *dev,
if (skb == NULL) if (skb == NULL)
goto errout; goto errout;
err = rtnl_fill_ifinfo(skb, dev, type, 0, 0, change, 0, 0, event, err = rtnl_fill_ifinfo(skb, dev, dev_net(dev),
new_nsid); type, 0, 0, change, 0, 0, event,
new_nsid, -1);
if (err < 0) { if (err < 0) {
/* -EMSGSIZE implies BUG in if_nlmsg_size() */ /* -EMSGSIZE implies BUG in if_nlmsg_size() */
WARN_ON(err == -EMSGSIZE); WARN_ON(err == -EMSGSIZE);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment