2020-05-08 11:36:57 +00:00
|
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
|
|
2016-07-01 21:49:54 +02:00
|
|
|
syntax = "proto2";
|
|
|
|
|
|
net: add support for macvlan link types
While this is in principle similar to how veths are handled, we have to do
things in two different ways depending on whether or not there is a user
namespace involved, because there is no way to ask the kernel to attach a
macvlan NIC to a device in a net ns that we don't have CAP_NET_ADMIN in.
So we do it in two ways:
a. If we are in a user namespace, we create the device in usernsd and use
IFLA_NET_NS_FD to set the netns which it should be created in (saving
us a "move into this netns" step).
b. If we aren't in a user namespace, we could still be in a net namespace,
so we use IFLA_LINK_NETNSID to set namespace that the i/o device will be
in. Then we open a netlink socket from criu's netns and use
IFLA_NET_NS_FD to tell the kernel to create the macvlan device in the
target's namespace.
v2: * s/CLONE_NEWNET/CLONE_NEWUSER
* Don't bother to dump IFLA_LINK and IFLA_LINK_NETNSID. Although we
need to provide these on restore, there's no kernel interface that
persists these. To populate IFLA_LINK, we require users pass
--macvlan-pair, and we create a NETNSID relation as needed and pass
that in for macvlan links (although this infrastructure could be used
elsewhere for links that need it in the future, since is in the
hoisted populate_newlink_req()).
* use new external command instead of creating a --macvlan-pair option
v3: add a feature check for linux/net_namespace.h, since not every arch in
travis has this (new-ish) header
v4: * include sys/types.h instead of linux/if.h to get IFF_UP flag
* remove old doc addition about --macvlan-pair option
v5: define IFLA_LINK_NETNSID and RTM_NEWNSID if they don't exist
v6: define IFLA_MACVLAN_FLAGS and bump the size of IFLA_MACVLAN_MAX when
necessary
v7: * remove unused struct macvlan_pair
* split feature test for linux/net_namespace.h into separate patch
* move IFLA_INFO_MAX testing in dump_one_netdev to the right patch
* add documents for netwlink_extras fields
* split changeflags into separate patch
* use existing netnsid if we get EEXIST
* move macvlan code to a helper function
* use netnsid to restore in userns case, and not pid
v8: * define RTM_GETNSID since we use that too now :)
* don't bother with IFLA_MACVLAN_MAX; we only understand things up to
IFLA_MACVLAN_FLAGS, so let's just use that as our max instead. The
problem with using macros here, is that IFLA_MACLAN_MAX is defined as
a macro with an enum expansion in it, so we get bitten by the enum
not being available at preprocessing time, and implicit zero coercion
when testing against its value for stuff. Yeesh.
v10: * add some comments about when we set up NET_NS_FD and why we use
IFLA_LINK and IFLA_NET_NS_ID
* use the socket opened in restore_links() instead of opening one in
restore_one_macvlan()
* split the new argument to restore_one_link into its own patch
travis-ci: success for series starting with [v10,01/11] net: pass the struct nlattrs to dump() functions
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
2016-10-20 10:25:28 -06:00
|
|
|
import "macvlan.proto";
|
2015-01-22 18:46:00 +03:00
|
|
|
import "opts.proto";
|
2013-08-23 18:57:40 +04:00
|
|
|
import "tun.proto";
|
2016-04-28 19:38:50 +03:00
|
|
|
import "sysctl.proto";
|
2017-07-05 16:59:43 +03:00
|
|
|
import "sit.proto";
|
2013-08-23 18:57:40 +04:00
|
|
|
|
2012-08-02 08:17:27 +04:00
|
|
|
enum nd_type {
|
|
|
|
|
LOOPBACK = 1;
|
2012-08-10 17:24:11 +04:00
|
|
|
VETH = 2;
|
2013-08-23 18:57:40 +04:00
|
|
|
TUN = 3;
|
2013-10-10 14:31:32 +04:00
|
|
|
/*
|
|
|
|
|
* External link -- for those CRIU only dumps and restores
|
|
|
|
|
* link parameters such as flags, address, MTU, etc. The
|
|
|
|
|
* existence of the link on restore should be provided
|
|
|
|
|
* by the setup-namespaces script.
|
|
|
|
|
*/
|
|
|
|
|
EXTLINK = 4;
|
2017-03-17 18:41:01 +03:00
|
|
|
VENET = 5; /* OpenVZ device */
|
2015-11-11 12:10:01 -07:00
|
|
|
BRIDGE = 6;
|
net: add support for macvlan link types
While this is in principle similar to how veths are handled, we have to do
things in two different ways depending on whether or not there is a user
namespace involved, because there is no way to ask the kernel to attach a
macvlan NIC to a device in a net ns that we don't have CAP_NET_ADMIN in.
So we do it in two ways:
a. If we are in a user namespace, we create the device in usernsd and use
IFLA_NET_NS_FD to set the netns which it should be created in (saving
us a "move into this netns" step).
b. If we aren't in a user namespace, we could still be in a net namespace,
so we use IFLA_LINK_NETNSID to set namespace that the i/o device will be
in. Then we open a netlink socket from criu's netns and use
IFLA_NET_NS_FD to tell the kernel to create the macvlan device in the
target's namespace.
v2: * s/CLONE_NEWNET/CLONE_NEWUSER
* Don't bother to dump IFLA_LINK and IFLA_LINK_NETNSID. Although we
need to provide these on restore, there's no kernel interface that
persists these. To populate IFLA_LINK, we require users pass
--macvlan-pair, and we create a NETNSID relation as needed and pass
that in for macvlan links (although this infrastructure could be used
elsewhere for links that need it in the future, since is in the
hoisted populate_newlink_req()).
* use new external command instead of creating a --macvlan-pair option
v3: add a feature check for linux/net_namespace.h, since not every arch in
travis has this (new-ish) header
v4: * include sys/types.h instead of linux/if.h to get IFF_UP flag
* remove old doc addition about --macvlan-pair option
v5: define IFLA_LINK_NETNSID and RTM_NEWNSID if they don't exist
v6: define IFLA_MACVLAN_FLAGS and bump the size of IFLA_MACVLAN_MAX when
necessary
v7: * remove unused struct macvlan_pair
* split feature test for linux/net_namespace.h into separate patch
* move IFLA_INFO_MAX testing in dump_one_netdev to the right patch
* add documents for netwlink_extras fields
* split changeflags into separate patch
* use existing netnsid if we get EEXIST
* move macvlan code to a helper function
* use netnsid to restore in userns case, and not pid
v8: * define RTM_GETNSID since we use that too now :)
* don't bother with IFLA_MACVLAN_MAX; we only understand things up to
IFLA_MACVLAN_FLAGS, so let's just use that as our max instead. The
problem with using macros here, is that IFLA_MACLAN_MAX is defined as
a macro with an enum expansion in it, so we get bitten by the enum
not being available at preprocessing time, and implicit zero coercion
when testing against its value for stuff. Yeesh.
v10: * add some comments about when we set up NET_NS_FD and why we use
IFLA_LINK and IFLA_NET_NS_ID
* use the socket opened in restore_links() instead of opening one in
restore_one_macvlan()
* split the new argument to restore_one_link into its own patch
travis-ci: success for series starting with [v10,01/11] net: pass the struct nlattrs to dump() functions
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
2016-10-20 10:25:28 -06:00
|
|
|
MACVLAN = 7;
|
2017-07-05 16:59:43 +03:00
|
|
|
SIT = 8;
|
2012-08-02 08:17:27 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message net_device_entry {
|
|
|
|
|
required nd_type type = 1;
|
|
|
|
|
required uint32 ifindex = 2;
|
|
|
|
|
required uint32 mtu = 3;
|
2015-01-22 18:46:00 +03:00
|
|
|
required uint32 flags = 4 [(criu).hex = true];
|
2012-08-02 08:17:27 +04:00
|
|
|
required string name = 5;
|
2013-08-23 18:57:40 +04:00
|
|
|
|
|
|
|
|
optional tun_link_entry tun = 6;
|
2013-08-24 01:07:33 +04:00
|
|
|
|
|
|
|
|
optional bytes address = 7;
|
2015-03-31 10:51:08 +03:00
|
|
|
|
|
|
|
|
repeated int32 conf = 8;
|
2016-04-28 19:38:50 +03:00
|
|
|
|
|
|
|
|
repeated sysctl_entry conf4 = 9;
|
2016-04-28 19:38:52 +03:00
|
|
|
|
|
|
|
|
repeated sysctl_entry conf6 = 10;
|
net: add support for macvlan link types
While this is in principle similar to how veths are handled, we have to do
things in two different ways depending on whether or not there is a user
namespace involved, because there is no way to ask the kernel to attach a
macvlan NIC to a device in a net ns that we don't have CAP_NET_ADMIN in.
So we do it in two ways:
a. If we are in a user namespace, we create the device in usernsd and use
IFLA_NET_NS_FD to set the netns which it should be created in (saving
us a "move into this netns" step).
b. If we aren't in a user namespace, we could still be in a net namespace,
so we use IFLA_LINK_NETNSID to set namespace that the i/o device will be
in. Then we open a netlink socket from criu's netns and use
IFLA_NET_NS_FD to tell the kernel to create the macvlan device in the
target's namespace.
v2: * s/CLONE_NEWNET/CLONE_NEWUSER
* Don't bother to dump IFLA_LINK and IFLA_LINK_NETNSID. Although we
need to provide these on restore, there's no kernel interface that
persists these. To populate IFLA_LINK, we require users pass
--macvlan-pair, and we create a NETNSID relation as needed and pass
that in for macvlan links (although this infrastructure could be used
elsewhere for links that need it in the future, since is in the
hoisted populate_newlink_req()).
* use new external command instead of creating a --macvlan-pair option
v3: add a feature check for linux/net_namespace.h, since not every arch in
travis has this (new-ish) header
v4: * include sys/types.h instead of linux/if.h to get IFF_UP flag
* remove old doc addition about --macvlan-pair option
v5: define IFLA_LINK_NETNSID and RTM_NEWNSID if they don't exist
v6: define IFLA_MACVLAN_FLAGS and bump the size of IFLA_MACVLAN_MAX when
necessary
v7: * remove unused struct macvlan_pair
* split feature test for linux/net_namespace.h into separate patch
* move IFLA_INFO_MAX testing in dump_one_netdev to the right patch
* add documents for netwlink_extras fields
* split changeflags into separate patch
* use existing netnsid if we get EEXIST
* move macvlan code to a helper function
* use netnsid to restore in userns case, and not pid
v8: * define RTM_GETNSID since we use that too now :)
* don't bother with IFLA_MACVLAN_MAX; we only understand things up to
IFLA_MACVLAN_FLAGS, so let's just use that as our max instead. The
problem with using macros here, is that IFLA_MACLAN_MAX is defined as
a macro with an enum expansion in it, so we get bitten by the enum
not being available at preprocessing time, and implicit zero coercion
when testing against its value for stuff. Yeesh.
v10: * add some comments about when we set up NET_NS_FD and why we use
IFLA_LINK and IFLA_NET_NS_ID
* use the socket opened in restore_links() instead of opening one in
restore_one_macvlan()
* split the new argument to restore_one_link into its own patch
travis-ci: success for series starting with [v10,01/11] net: pass the struct nlattrs to dump() functions
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
2016-10-20 10:25:28 -06:00
|
|
|
|
|
|
|
|
optional macvlan_link_entry macvlan = 11;
|
2017-07-05 16:59:43 +03:00
|
|
|
|
2016-12-17 06:22:26 +03:00
|
|
|
optional uint32 peer_ifindex = 12;
|
|
|
|
|
optional uint32 peer_nsid = 13;
|
2016-12-21 05:05:18 +03:00
|
|
|
optional uint32 master = 14;
|
2017-07-05 16:59:43 +03:00
|
|
|
optional sit_entry sit = 15;
|
2015-03-31 10:51:08 +03:00
|
|
|
}
|
|
|
|
|
|
2016-12-17 06:22:26 +03:00
|
|
|
message netns_id {
|
|
|
|
|
/* This is CRIU's id which is allocated for each namespace */
|
|
|
|
|
required uint32 target_ns_id = 1;
|
|
|
|
|
/*
|
|
|
|
|
* This is an id which can be used to address this namespace
|
|
|
|
|
* from another network namespace. Each network namespace has
|
|
|
|
|
* one set of id-s for other namespaces.
|
|
|
|
|
*/
|
|
|
|
|
required int32 netnsid_value = 2;
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-31 10:51:08 +03:00
|
|
|
message netns_entry {
|
|
|
|
|
repeated int32 def_conf = 1;
|
|
|
|
|
repeated int32 all_conf = 2;
|
2016-04-28 19:38:50 +03:00
|
|
|
|
|
|
|
|
repeated sysctl_entry def_conf4 = 3;
|
|
|
|
|
repeated sysctl_entry all_conf4 = 4;
|
2016-04-28 19:38:52 +03:00
|
|
|
|
|
|
|
|
repeated sysctl_entry def_conf6 = 5;
|
|
|
|
|
repeated sysctl_entry all_conf6 = 6;
|
2016-12-17 06:22:26 +03:00
|
|
|
|
|
|
|
|
repeated netns_id nsids = 7;
|
2018-07-24 06:14:02 +03:00
|
|
|
optional string ext_key = 8;
|
2019-11-14 14:41:04 +03:00
|
|
|
repeated sysctl_entry unix_conf = 9;
|
2025-01-16 11:00:28 +08:00
|
|
|
repeated sysctl_entry ipv4_sysctl = 10;
|
2012-08-02 08:17:27 +04:00
|
|
|
}
|
