Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3448352imm; Tue, 17 Jul 2018 05:09:13 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfm8e0A10EcTBMSWlgBnzF5ZXzO9rzj3hpCi+BDIcBv3Zq09i73gGIptOpAZgw7698REprF X-Received: by 2002:a62:1489:: with SMTP id 131-v6mr401255pfu.159.1531829353840; Tue, 17 Jul 2018 05:09:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531829353; cv=none; d=google.com; s=arc-20160816; b=a3vlc+eDkv7VGiPAYL+xFSE/lnwohXWdmPFjdnv8jkPyyKtaIbjhm7PJuELAYQ7nw4 Fe8EEqzkkhtv+2C2PUw+oxMyN877WqgyJM8b5KY5Sykkb3TtH0bwpl6WcdkWRQXGdi1N scE/kq/HgQW7lo9gbMSWkvyIXXwz7oOJaAp3OjFIrcHcZoKyAlwBp/E+UXI/wSZOB2T1 sJuJuwiN7NjLf9aY5xy6DX9N3NJxfFRkOHjbqIQNI4n6mtDjnkgPkDo9vyUBDmcxL6Su mhkwM9U9KmwB0WN2KVCB41iE1rySMi+EGhUr4wmzHh1msaJmK1CD3n97omi3fY1K1YWp fDOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=66RSLK6MEf4vg4iHz0FUgPTnDjMhcvzdzZgBC5Yqtws=; b=eTUZ223r9RG1krjUNwTP9nlYPMcdu65ImFBOEY2048RnmI3g1MobuMT2IQohuQF7Ix P0PJCHDlNN2kBqQiRK2MKWNqwLSJ/gt4KoOzwmwIc6a18jwM2g7KnaHkyrH3y030jTm1 LW9lBZ7o215v0o0L2c9HKxYW9iE9tLSGTHvzUDl+yloC6Am29PpAckBpyXywIA1JmAKr vRuHKOP0TxLajEFPr2RnDbJb5ry40dNKjp1ImBmMnJhPZV0s3ISlvvlGTUHcShtupoho g8ekWy2WU6aaRnT5y4aHZjFaKJgFtZplwzcZ9ZNGK23Se1RPRsQYVmWiaBIXJFoFecqF 5XYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="0ErrLV//"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e9-v6si697240pgu.636.2018.07.17.05.08.58; Tue, 17 Jul 2018 05:09:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="0ErrLV//"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731808AbeGQMjm (ORCPT + 99 others); Tue, 17 Jul 2018 08:39:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:60710 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731644AbeGQMjL (ORCPT ); Tue, 17 Jul 2018 08:39:11 -0400 Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com [216.129.126.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 77CE021475; Tue, 17 Jul 2018 12:06:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1531829210; bh=p+RlCezrepezYfCdSJpJ34XqbZ7qMYW4bXsBnEONajQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0ErrLV//0XNZsb2QS7f8OQQTJU30gAw7hNFo3NaTaSbRFxFiF0s/UUzHe1jnvflca hFddnPIt/VPedeuXZz6N3ZiG0Co1RRJOMQm7JG9hkeHbQgas4sip9IQXWvqN5P+wnI GvNJOstQFQVkE0R9d8AhA/KCNXRbt00yH8/IMguA= From: dsahern@kernel.org To: netdev@vger.kernel.org Cc: nikita.leshchenko@oracle.com, roopa@cumulusnetworks.com, stephen@networkplumber.org, idosch@mellanox.com, jiri@mellanox.com, saeedm@mellanox.com, alex.aring@gmail.com, linux-wpan@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-kernel@vger.kernel.org, David Ahern Subject: [PATCH RFC/RFT net-next 14/17] net/ipv4: Convert arp table to per namespace Date: Tue, 17 Jul 2018 05:06:48 -0700 Message-Id: <20180717120651.15748-15-dsahern@kernel.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180717120651.15748-1-dsahern@kernel.org> References: <20180717120651.15748-1-dsahern@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Ahern Convert IPv4 neighbor table to per-namespace. This patch is a transition patch for the core neighbor code, so update the init_net reference as needed for AF_INET. With the per-namespace table allow gc parameters to be changed per namespace. Signed-off-by: David Ahern --- include/net/arp.h | 2 +- include/net/netns/ipv4.h | 1 + net/core/neighbour.c | 22 +++++++----- net/ipv4/arp.c | 88 ++++++++++++++++++++++++++++-------------------- 4 files changed, 67 insertions(+), 46 deletions(-) diff --git a/include/net/arp.h b/include/net/arp.h index fae3561db10b..ec86b286f779 100644 --- a/include/net/arp.h +++ b/include/net/arp.h @@ -9,7 +9,7 @@ static inline struct neigh_table *ipv4_neigh_table(struct net *net) { - return neigh_find_table(net, AF_INET); + return net->ipv4.arp_tbl; } static inline struct neighbour *ipv4_neigh_create(struct net_device *dev, diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index 661348f23ea5..bc1fab231500 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h @@ -51,6 +51,7 @@ struct netns_ipv4 { struct ipv4_devconf *devconf_dflt; struct ip_ra_chain __rcu *ra_chain; struct mutex ra_mutex; + struct neigh_table *arp_tbl; #ifdef CONFIG_IP_MULTIPLE_TABLES struct fib_rules_ops *rules_ops; bool fib_has_custom_rules; diff --git a/net/core/neighbour.c b/net/core/neighbour.c index afb2ee985dd1..95b9269e3f35 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -1485,11 +1485,15 @@ EXPORT_SYMBOL(pneigh_enqueue); static inline struct neigh_parms *lookup_neigh_parms(struct neigh_table *tbl, struct net *net, int ifindex) { + struct net *def_net = &init_net; struct neigh_parms *p; + if (tbl->family == AF_INET) + def_net = neigh_parms_net(p); + list_for_each_entry(p, &tbl->parms_list, list) { if ((p->dev && p->dev->ifindex == ifindex && net_eq(neigh_parms_net(p), net)) || - (!p->dev && !ifindex && net_eq(net, &init_net))) + (!p->dev && !ifindex && net_eq(net, def_net))) return p; } @@ -1611,7 +1615,7 @@ void neigh_table_init(struct net *net, struct neigh_table *tbl) switch (family) { case AF_INET: - neigh_tables[NEIGH_ARP_TABLE] = tbl; + net->ipv4.arp_tbl = tbl; break; case AF_INET6: neigh_tables[NEIGH_ND_TABLE] = tbl; @@ -1629,7 +1633,7 @@ int neigh_table_clear(struct net *net, struct neigh_table *tbl) switch (family) { case AF_INET: - neigh_tables[NEIGH_ARP_TABLE] = NULL; + net->ipv4.arp_tbl = NULL; break; case AF_INET6: neigh_tables[NEIGH_ND_TABLE] = NULL; @@ -1669,7 +1673,7 @@ struct neigh_table *neigh_find_table(struct net *net, u8 family) switch (family) { case AF_INET: - tbl = neigh_tables[NEIGH_ARP_TABLE]; + tbl = net->ipv4.arp_tbl; break; case AF_INET6: tbl = neigh_tables[NEIGH_ND_TABLE]; @@ -2173,10 +2177,12 @@ static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, } err = -ENOENT; - if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || - tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && - !net_eq(net, &init_net)) - goto errout_tbl_lock; + if (tbl->family != AF_INET) { + if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] || + tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) && + !net_eq(net, &init_net)) + goto errout_tbl_lock; + } if (tb[NDTA_THRESH1]) tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]); diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c index 707b40f76852..61c1d02a8fad 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -152,38 +152,19 @@ static const struct neigh_ops arp_direct_ops = { .connected_output = neigh_direct_output, }; -struct neigh_table arp_tbl = { - .family = AF_INET, - .key_len = 4, - .protocol = cpu_to_be16(ETH_P_IP), - .hash = arp_hash, - .key_eq = arp_key_eq, - .constructor = arp_constructor, - .proxy_redo = parp_redo, - .id = "arp_cache", - .parms = { - .tbl = &arp_tbl, - .reachable_time = 30 * HZ, - .data = { - [NEIGH_VAR_MCAST_PROBES] = 3, - [NEIGH_VAR_UCAST_PROBES] = 3, - [NEIGH_VAR_RETRANS_TIME] = 1 * HZ, - [NEIGH_VAR_BASE_REACHABLE_TIME] = 30 * HZ, - [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ, - [NEIGH_VAR_GC_STALETIME] = 60 * HZ, - [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX, - [NEIGH_VAR_PROXY_QLEN] = 64, - [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ, - [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10, - [NEIGH_VAR_LOCKTIME] = 1 * HZ, - }, - }, - .gc_interval = 30 * HZ, - .gc_thresh1 = 128, - .gc_thresh2 = 512, - .gc_thresh3 = 1024, +static int parms_data[NEIGH_VAR_DATA_MAX] = { + [NEIGH_VAR_MCAST_PROBES] = 3, + [NEIGH_VAR_UCAST_PROBES] = 3, + [NEIGH_VAR_RETRANS_TIME] = 1 * HZ, + [NEIGH_VAR_BASE_REACHABLE_TIME] = 30 * HZ, + [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ, + [NEIGH_VAR_GC_STALETIME] = 60 * HZ, + [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX, + [NEIGH_VAR_PROXY_QLEN] = 64, + [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ, + [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10, + [NEIGH_VAR_LOCKTIME] = 1 * HZ, }; -EXPORT_SYMBOL(arp_tbl); int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir) { @@ -1291,13 +1272,8 @@ static int arp_proc_init(void); void __init arp_init(void) { - neigh_table_init(&init_net, &arp_tbl); - dev_add_pack(&arp_packet_type); arp_proc_init(); -#ifdef CONFIG_SYSCTL - neigh_sysctl_register(NULL, &arp_tbl.parms, NULL); -#endif register_netdevice_notifier(&arp_netdev_notifier); } @@ -1426,15 +1402,53 @@ static const struct seq_operations arp_seq_ops = { static int __net_init arp_net_init(struct net *net) { + struct neigh_table *arp_tbl; + + arp_tbl = kzalloc(sizeof(*arp_tbl), GFP_KERNEL); + if (!arp_tbl) + return -ENOMEM; + if (!proc_create_net("arp", 0444, net->proc_net, &arp_seq_ops, - sizeof(struct neigh_seq_state))) + sizeof(struct neigh_seq_state))) { + kfree(arp_tbl); return -ENOMEM; + } + + arp_tbl->family = AF_INET; + arp_tbl->key_len = 4; + arp_tbl->protocol = cpu_to_be16(ETH_P_IP); + arp_tbl->hash = arp_hash; + arp_tbl->key_eq = arp_key_eq; + arp_tbl->constructor = arp_constructor; + arp_tbl->proxy_redo = parp_redo; + arp_tbl->id = "arp_cache"; + arp_tbl->gc_interval = 30 * HZ; + arp_tbl->gc_thresh1 = 128; + arp_tbl->gc_thresh2 = 512; + arp_tbl->gc_thresh3 = 1024; + + arp_tbl->parms.tbl = arp_tbl; + arp_tbl->parms.reachable_time = 30 * HZ; + memcpy(arp_tbl->parms.data, parms_data, sizeof(parms_data)); + + neigh_table_init(net, arp_tbl); + +#ifdef CONFIG_SYSCTL + neigh_sysctl_register(NULL, &arp_tbl->parms, NULL); +#endif return 0; } static void __net_exit arp_net_exit(struct net *net) { + struct neigh_table *arp_tbl = ipv4_neigh_table(net); + remove_proc_entry("arp", net->proc_net); +#ifdef CONFIG_SYSCTL + neigh_sysctl_unregister(&arp_tbl->parms); +#endif + neigh_table_clear(net, arp_tbl); + kfree(arp_tbl); } static struct pernet_operations arp_net_ops = { -- 2.11.0