From: Mark Huang Date: Tue, 1 Feb 2005 03:12:33 +0000 (+0000) Subject: - bound vnet mods by #ifdef X-Git-Tag: before-fedora-2_6_18-1_2239_FC5-vs2_0_2_2-rc6-merge~273 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=66de245a4652e0b96d4a72790ac197335aa26e86;p=linux-2.6.git - bound vnet mods by #ifdef --- diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index aaae27b76..bff3420cd 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h @@ -221,8 +221,10 @@ struct ip_conntrack } nat; #endif /* CONFIG_IP_NF_NAT_NEEDED */ +#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE) /* VServer context id */ xid_t xid[IP_CT_DIR_MAX]; +#endif /* Traversed often, so hopefully in different cacheline to top */ /* These are my tuples; original and reply */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 929165ba9..964101ef6 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -271,8 +271,9 @@ struct sk_buff { #endif #endif +#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE) xid_t xid; /* VServer context ID */ - +#endif /* These elements must be at the end, see alloc_skb() for details. */ unsigned int truesize; diff --git a/include/linux/socket.h b/include/linux/socket.h index f4db45e2f..6dca7117a 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h @@ -272,8 +272,10 @@ struct ucred { #define SOL_NETBEUI 267 #define SOL_LLC 268 +#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE) /* PlanetLab PL2525: reset the context ID of an existing socket */ #define SO_SETXID SO_PEERCRED +#endif /* IPX options */ #define IPX_TYPE 1 diff --git a/net/Kconfig b/net/Kconfig index 81d7a15dd..a53e06f88 100644 --- a/net/Kconfig +++ b/net/Kconfig @@ -217,6 +217,21 @@ source "net/ipv6/netfilter/Kconfig" source "net/decnet/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" +config VNET + tristate "PlanetLab Virtualized NETwork access" + depends on IP_NF_CONNTRACK + ---help--- + VNET associates IP connections with VServer virtual contexts + and ensures that unprivileged contexts can receive only packets + related to connections initiated by, or bound to, sockets + created in their contexts. + + For now, enabling or disabling this option does not compile + the driver or activate any non-default code paths. Compile + and load the VNET module separately. + + If unsure, say N. + endif source "net/xfrm/Kconfig" diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 29dba96cc..de87c0392 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -334,7 +334,9 @@ struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask) #endif #endif +#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE) C(xid); +#endif C(truesize); atomic_set(&n->users, 1); C(head); @@ -394,7 +396,9 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) #endif new->tc_index = old->tc_index; #endif +#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE) new->xid = old->xid; +#endif atomic_set(&new->users, 1); skb_shinfo(new)->tso_size = skb_shinfo(old)->tso_size; skb_shinfo(new)->tso_segs = skb_shinfo(old)->tso_segs; diff --git a/net/core/sock.c b/net/core/sock.c index 33b4b5942..91608bc52 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -340,6 +340,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, clear_bit(SOCK_PASS_CRED, &sock->flags); break; +#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE) case SO_SETXID: if (current->xid) { ret = -EPERM; @@ -351,6 +352,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, } sk->sk_xid = val; break; +#endif case SO_TIMESTAMP: sk->sk_rcvtstamp = valbool;