[NET]: netlink support for moving devices between network namespaces.
authorEric W. Biederman <ebiederm@xmission.com>
Wed, 12 Sep 2007 11:57:04 +0000 (13:57 +0200)
committerDavid S. Miller <davem@sunset.davemloft.net>
Wed, 10 Oct 2007 23:49:13 +0000 (16:49 -0700)
The simplest thing to implement is moving network devices between
namespaces.  However with the same attribute IFLA_NET_NS_PID we can
easily implement creating devices in the destination network
namespace as well.  However that is a little bit trickier so this
patch sticks to what is simple and easy.

A pid is used to identify a process that happens to be a member
of the network namespace we want to move the network device to.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/if_link.h
net/core/rtnetlink.c

index 422084d18ce1af9162d4c40ceead599f1094bcd4..84c3492ae5cb510604c50dc4ba09941ac95f7300 100644 (file)
@@ -78,6 +78,7 @@ enum
        IFLA_LINKMODE,
        IFLA_LINKINFO,
 #define IFLA_LINKINFO IFLA_LINKINFO
+       IFLA_NET_NS_PID,
        __IFLA_MAX
 };
 
index 44f91bb1ae8d41f7adfcc180c97565af7949a1f7..1b9c32d79917457aeec83669a96f5d667bae8930 100644 (file)
@@ -35,6 +35,7 @@
 #include <linux/security.h>
 #include <linux/mutex.h>
 #include <linux/if_addr.h>
+#include <linux/nsproxy.h>
 
 #include <asm/uaccess.h>
 #include <asm/system.h>
@@ -727,6 +728,7 @@ const struct nla_policy ifla_policy[IFLA_MAX+1] = {
        [IFLA_WEIGHT]           = { .type = NLA_U32 },
        [IFLA_OPERSTATE]        = { .type = NLA_U8 },
        [IFLA_LINKMODE]         = { .type = NLA_U8 },
+       [IFLA_NET_NS_PID]       = { .type = NLA_U32 },
 };
 
 static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = {
@@ -734,12 +736,45 @@ static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = {
        [IFLA_INFO_DATA]        = { .type = NLA_NESTED },
 };
 
+static struct net *get_net_ns_by_pid(pid_t pid)
+{
+       struct task_struct *tsk;
+       struct net *net;
+
+       /* Lookup the network namespace */
+       net = ERR_PTR(-ESRCH);
+       rcu_read_lock();
+       tsk = find_task_by_pid(pid);
+       if (tsk) {
+               task_lock(tsk);
+               if (tsk->nsproxy)
+                       net = get_net(tsk->nsproxy->net_ns);
+               task_unlock(tsk);
+       }
+       rcu_read_unlock();
+       return net;
+}
+
 static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
                      struct nlattr **tb, char *ifname, int modified)
 {
        int send_addr_notify = 0;
        int err;
 
+       if (tb[IFLA_NET_NS_PID]) {
+               struct net *net;
+               net = get_net_ns_by_pid(nla_get_u32(tb[IFLA_NET_NS_PID]));
+               if (IS_ERR(net)) {
+                       err = PTR_ERR(net);
+                       goto errout;
+               }
+               err = dev_change_net_namespace(dev, net, ifname);
+               put_net(net);
+               if (err)
+                       goto errout;
+               modified = 1;
+       }
+
        if (tb[IFLA_MAP]) {
                struct rtnl_link_ifmap *u_map;
                struct ifmap k_map;