diff options
| author | Jamie Gritton <jamie@FreeBSD.org> | 2009-06-15 18:59:29 +0000 |
|---|---|---|
| committer | Jamie Gritton <jamie@FreeBSD.org> | 2009-06-15 18:59:29 +0000 |
| commit | 679e13901cd9ae2a491e6ac63c29c7d60e581deb (patch) | |
| tree | da42c35580b92c97206bed1ad724ceb513e4c024 /sys/sys | |
| parent | 31b6da64c7838e4dcd63c6c8c9beebf2d2ca13cf (diff) | |
| download | src-679e13901cd9ae2a491e6ac63c29c7d60e581deb.tar.gz src-679e13901cd9ae2a491e6ac63c29c7d60e581deb.zip | |
Manage vnets via the jail system. If a jail is given the boolean
parameter "vnet" when it is created, a new vnet instance will be created
along with the jail. Networks interfaces can be moved between prisons
with an ioctl similar to the one that moves them between vimages.
For now vnets will co-exist under both jails and vimages, but soon
struct vimage will be going away.
Reviewed by: zec, julian
Approved by: bz (mentor)
Notes
Notes:
svn path=/head/; revision=194251
Diffstat (limited to 'sys/sys')
| -rw-r--r-- | sys/sys/jail.h | 2 | ||||
| -rw-r--r-- | sys/sys/priv.h | 1 | ||||
| -rw-r--r-- | sys/sys/sockio.h | 3 | ||||
| -rw-r--r-- | sys/sys/vimage.h | 23 |
4 files changed, 23 insertions, 6 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 494a677a4369..667ca9cfb4b6 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -171,6 +171,7 @@ struct prison { char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ unsigned long pr_hostid; /* (p) jail hostid */ + struct vnet *pr_vnet; /* (c) network stack */ }; #endif /* _KERNEL || _WANT_PRISON */ @@ -180,6 +181,7 @@ struct prison { #define PR_HOST 0x00000002 /* Virtualize hostname et al */ #define PR_IP4_USER 0x00000004 /* Virtualize IPv4 addresses */ #define PR_IP6_USER 0x00000008 /* Virtualize IPv6 addresses */ +#define PR_VNET 0x00000010 /* Virtual network stack */ /* Internal flag bits */ #define PR_REMOVE 0x01000000 /* In process of being removed */ diff --git a/sys/sys/priv.h b/sys/sys/priv.h index 7936de068077..d82341f5c41e 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -325,6 +325,7 @@ #define PRIV_NET_DELIFADDR 414 /* Delete protocol addr on interface. */ #define PRIV_NET_LAGG 415 /* Administer lagg interface. */ #define PRIV_NET_GIF 416 /* Administer gif interface. */ +#define PRIV_NET_SETIFVNET 417 /* Move interface to vnet. */ /* * 802.11-related privileges. diff --git a/sys/sys/sockio.h b/sys/sys/sockio.h index 5d92ec2c27fe..efaab91a3e16 100644 --- a/sys/sys/sockio.h +++ b/sys/sys/sockio.h @@ -108,6 +108,9 @@ #define SIOCGPRIVATE_0 _IOWR('i', 80, struct ifreq) /* device private 0 */ #define SIOCGPRIVATE_1 _IOWR('i', 81, struct ifreq) /* device private 1 */ +#define SIOCSIFVNET _IOWR('i', 90, struct ifreq) /* move IF jail/vnet */ +#define SIOCSIFRVNET _IOWR('i', 91, struct ifreq) /* reclaim vnet IF */ + #define SIOCSPVIMAGE _IOW('i', 101, struct vi_req) /* set proc vimage */ #define SIOCGPVIMAGE _IOWR('i', 102, struct vi_req) /* get proc vimage */ #define SIOCSIFVIMAGE _IOWR('i', 103, struct vi_req) /* set ifc vi/net */ diff --git a/sys/sys/vimage.h b/sys/sys/vimage.h index 28a244e87500..a2027aee513d 100644 --- a/sys/sys/vimage.h +++ b/sys/sys/vimage.h @@ -35,6 +35,9 @@ #include <sys/proc.h> #include <sys/queue.h> +#ifdef VIMAGE +#include <sys/jail.h> +#endif /* Interim userspace API. */ struct vi_req { @@ -69,11 +72,13 @@ struct vi_req { #define VNET_DEBUG #endif +struct vimage; struct vprocg; struct vnet; struct vi_req; struct ifnet; struct kld_sym_lookup; +struct thread; typedef int vnet_attach_fn(const void *); typedef int vnet_detach_fn(const void *); @@ -157,13 +162,16 @@ struct vnet_modlink { int vi_symlookup(struct kld_sym_lookup *, char *); int vi_td_ioctl(u_long, struct vi_req *, struct thread *); -int vi_if_move(struct vi_req *, struct ifnet *, struct vimage *); +int vi_if_move(struct thread *, struct ifnet *, char *, int, + struct vi_req *); int vi_child_of(struct vimage *, struct vimage *); struct vimage *vimage_by_name(struct vimage *, char *); void vnet_mod_register(const struct vnet_modinfo *); void vnet_mod_register_multi(const struct vnet_modinfo *, void *, char *); void vnet_mod_deregister(const struct vnet_modinfo *); void vnet_mod_deregister_multi(const struct vnet_modinfo *, void *, char *); +struct vnet *vnet_alloc(void); +void vnet_destroy(struct vnet *); #endif /* !VIMAGE_GLOBALS */ @@ -199,7 +207,7 @@ struct vimage { LIST_HEAD(, vimage) vi_child_head; /* direct offspring list */ struct vimage *vi_parent; /* ptr to parent vimage */ u_int vi_id; /* ID num */ - u_int vi_ucredrefc; /* # of ucreds pointing to us */ + volatile u_int vi_ucredrefc; /* # of ucreds pointing to us */ char vi_name[MAXHOSTNAMELEN]; struct vnet *v_net; struct vprocg *v_procg; @@ -209,7 +217,6 @@ struct vnet { void *mod_data[VNET_MOD_MAX]; LIST_ENTRY(vnet) vnet_le; /* all vnets list */ u_int vnet_magic_n; - u_int vnet_id; /* ID num */ u_int ifcnt; u_int sockcnt; }; @@ -319,20 +326,24 @@ extern struct vprocg_list_head vprocg_head; #ifdef VIMAGE #define IS_DEFAULT_VIMAGE(arg) ((arg)->vi_id == 0) -#define IS_DEFAULT_VNET(arg) ((arg)->vnet_id == 0) +#define IS_DEFAULT_VNET(arg) ((arg) == vnet0) #else #define IS_DEFAULT_VIMAGE(arg) 1 #define IS_DEFAULT_VNET(arg) 1 #endif #ifdef VIMAGE +#define CRED_TO_VNET(cr) \ + (IS_DEFAULT_VIMAGE((cr)->cr_vimage) ? (cr)->cr_prison->pr_vnet \ + : (cr)->cr_vimage->v_net) #define TD_TO_VIMAGE(td) (td)->td_ucred->cr_vimage -#define TD_TO_VNET(td) (td)->td_ucred->cr_vimage->v_net +#define TD_TO_VNET(td) CRED_TO_VNET((td)->td_ucred) #define TD_TO_VPROCG(td) (td)->td_ucred->cr_vimage->v_procg #define P_TO_VIMAGE(p) (p)->p_ucred->cr_vimage -#define P_TO_VNET(p) (p)->p_ucred->cr_vimage->v_net +#define P_TO_VNET(p) CRED_TO_VNET((p)->p_ucred) #define P_TO_VPROCG(p) (p)->p_ucred->cr_vimage->v_procg #else /* !VIMAGE */ +#define CRED_TO_VNET(cr) NULL #define TD_TO_VIMAGE(td) NULL #define TD_TO_VNET(td) NULL #define P_TO_VIMAGE(p) NULL |