- bound vnet mods by #ifdef

diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index aaae27b..bff3420 100644 (file)
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -221,8 +221,10 @@ struct ip_conntrack
        } nat;
 #endif /* CONFIG_IP_NF_NAT_NEEDED */
 
+#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE)
        /* VServer context id */
        xid_t xid[IP_CT_DIR_MAX];
+#endif
 
        /* Traversed often, so hopefully in different cacheline to top */
        /* These are my tuples; original and reply */

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 929165b..964101e 100644 (file)
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -271,8 +271,9 @@ struct sk_buff {
 #endif
 
 #endif
+#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE)
        xid_t                   xid;                    /* VServer context ID */
-
+#endif
 
        /* These elements must be at the end, see alloc_skb() for details.  */
        unsigned int            truesize;

diff --git a/include/linux/socket.h b/include/linux/socket.h
index f4db45e..6dca711 100644 (file)
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -272,8 +272,10 @@ struct ucred {
 #define SOL_NETBEUI    267
 #define SOL_LLC                268
 
+#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE)
 /* PlanetLab PL2525: reset the context ID of an existing socket */
 #define SO_SETXID      SO_PEERCRED
+#endif
 
 /* IPX options */
 #define IPX_TYPE       1

diff --git a/net/Kconfig b/net/Kconfig
index 81d7a15..a53e06f 100644 (file)
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -217,6 +217,21 @@ source "net/ipv6/netfilter/Kconfig"
 source "net/decnet/netfilter/Kconfig"
 source "net/bridge/netfilter/Kconfig"
 
+config VNET
+       tristate "PlanetLab Virtualized NETwork access"
+       depends on IP_NF_CONNTRACK
+       ---help---
+         VNET associates IP connections with VServer virtual contexts
+         and ensures that unprivileged contexts can receive only packets
+         related to connections initiated by, or bound to, sockets
+         created in their contexts.
+
+         For now, enabling or disabling this option does not compile
+         the driver or activate any non-default code paths. Compile
+         and load the VNET module separately.
+
+         If unsure, say N.
+
 endif
 
 source "net/xfrm/Kconfig"

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 29dba96..de87c03 100644 (file)
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -334,7 +334,9 @@ struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask)
 #endif
 
 #endif
+#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE)
        C(xid);
+#endif
        C(truesize);
        atomic_set(&n->users, 1);
        C(head);
@@ -394,7 +396,9 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
 #endif
        new->tc_index   = old->tc_index;
 #endif
+#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE)
        new->xid        = old->xid;
+#endif
        atomic_set(&new->users, 1);
        skb_shinfo(new)->tso_size = skb_shinfo(old)->tso_size;
        skb_shinfo(new)->tso_segs = skb_shinfo(old)->tso_segs;

diff --git a/net/core/sock.c b/net/core/sock.c
index 33b4b59..91608bc 100644 (file)
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -340,6 +340,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
                                clear_bit(SOCK_PASS_CRED, &sock->flags);
                        break;
 
+#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE)
                case SO_SETXID:
                        if (current->xid) {
                                ret = -EPERM;
@@ -351,6 +352,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
                        }
                        sk->sk_xid = val;
                        break;
+#endif
 
                case SO_TIMESTAMP:
                        sk->sk_rcvtstamp = valbool;