--- linux-2.6.12.2/include/linux/net.h	2005-06-22 02:38:49 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/include/linux/net.h	2005-07-02 22:38:30 +0200
@@ -62,6 +62,7 @@ typedef enum {
 #define SOCK_ASYNC_WAITDATA	1
 #define SOCK_NOSPACE		2
 #define SOCK_PASSCRED		3
+#define SOCK_USER_SOCKET	4
 
 #ifndef ARCH_HAS_SOCKET_TYPES
 /**
--- linux-2.6.12.2/include/net/af_unix.h	2004-10-23 05:06:24 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/include/net/af_unix.h	2005-07-02 22:38:30 +0200
@@ -11,9 +11,9 @@ extern rwlock_t unix_table_lock;
 
 extern atomic_t unix_tot_inflight;
 
-static inline struct sock *first_unix_socket(int *i)
+static inline struct sock *next_unix_socket_table(int *i)
 {
-	for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
+	for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
 		if (!hlist_empty(&unix_socket_table[*i]))
 			return __sk_head(&unix_socket_table[*i]);
 	}
--- linux-2.6.12.2/include/net/af_unix.h	2004-10-23 05:06:24 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/include/net/af_unix.h	2005-07-02 22:38:30 +0200
@@ -22,16 +22,19 @@ static inline struct sock *first_unix_so
 
 static inline struct sock *next_unix_socket(int *i, struct sock *s)
 {
-	struct sock *next = sk_next(s);
-	/* More in this chain? */
-	if (next)
-		return next;
-	/* Look for next non-empty chain. */
-	for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
-		if (!hlist_empty(&unix_socket_table[*i]))
-			return __sk_head(&unix_socket_table[*i]);
-	}
-	return NULL;
+	do {
+		if (s)
+			s = sk_next(s);
+		if (!s)
+			s = next_unix_socket_table(i);
+	} while (s && !vx_check(s->sk_xid, VX_IDENT|VX_WATCH));
+	return s;
+}
+
+static inline struct sock *first_unix_socket(int *i)
+{
+	*i = 0;
+	return next_unix_socket(i, NULL);
 }
 
 #define forall_unix_sockets(i, s) \
--- linux-2.6.12.2/include/net/sock.h	2005-06-22 02:38:52 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/include/net/sock.h	2005-07-02 22:38:30 +0200
@@ -110,6 +110,10 @@ struct sock_common {
 	struct hlist_node	skc_node;
 	struct hlist_node	skc_bind_node;
 	atomic_t		skc_refcnt;
+	xid_t			skc_xid;
+	struct vx_info		*skc_vx_info;
+	nid_t			skc_nid;
+	struct nx_info		*skc_nx_info;
 };
 
 /**
--- linux-2.6.12.2/include/net/sock.h	2005-06-22 02:38:52 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/include/net/sock.h	2005-07-02 22:38:30 +0200
@@ -184,6 +188,10 @@ struct sock {
 #define sk_node			__sk_common.skc_node
 #define sk_bind_node		__sk_common.skc_bind_node
 #define sk_refcnt		__sk_common.skc_refcnt
+#define sk_xid			__sk_common.skc_xid
+#define sk_vx_info		__sk_common.skc_vx_info
+#define sk_nid			__sk_common.skc_nid
+#define sk_nx_info		__sk_common.skc_nx_info
 	unsigned char		sk_shutdown : 2,
 				sk_no_check : 2,
 				sk_userlocks : 4;
--- linux-2.6.12.2/net/core/sock.c	2005-06-22 02:38:56 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/core/sock.c	2005-07-02 22:38:30 +0200
@@ -642,6 +645,8 @@ struct sock *sk_alloc(int family, int pr
 			sk->sk_prot = sk->sk_prot_creator = prot;
 			sock_lock_init(sk);
 		}
+		sock_vx_init(sk);
+		sock_nx_init(sk);
 		
 		if (security_sk_alloc(sk, family, priority)) {
 			if (slab != NULL)
--- linux-2.6.12.2/net/core/sock.c	2005-06-22 02:38:56 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/core/sock.c	2005-07-02 22:38:30 +0200
@@ -676,6 +681,11 @@ void sk_free(struct sock *sk)
 		       __FUNCTION__, atomic_read(&sk->sk_omem_alloc));
 
 	security_sk_free(sk);
+	vx_sock_dec(sk);
+	clr_vx_info(&sk->sk_vx_info);
+	sk->sk_xid = -1;
+	clr_nx_info(&sk->sk_nx_info);
+	sk->sk_nid = -1;
 	if (sk->sk_prot_creator->slab != NULL)
 		kmem_cache_free(sk->sk_prot_creator->slab, sk);
 	else
--- linux-2.6.12.2/net/core/sock.c	2005-06-22 02:38:56 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/core/sock.c	2005-07-02 22:38:30 +0200
@@ -1222,6 +1232,11 @@ void sock_init_data(struct socket *sock,
 	sk->sk_stamp.tv_sec     = -1L;
 	sk->sk_stamp.tv_usec    = -1L;
 
+	set_vx_info(&sk->sk_vx_info, current->vx_info);
+	sk->sk_xid = vx_current_xid();
+	vx_sock_inc(sk);
+	set_nx_info(&sk->sk_nx_info, current->nx_info);
+	sk->sk_nid = nx_current_nid();
 	atomic_set(&sk->sk_refcnt, 1);
 }
 
--- linux-2.6.12.2/net/ipv4/af_inet.c	2005-06-22 02:38:56 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/ipv4/af_inet.c	2005-07-02 22:38:30 +0200
@@ -265,8 +266,11 @@ static int inet_create(struct socket *so
 	if (!answer)
 		goto out_rcu_unlock;
 	err = -EPERM;
+	if ((protocol == IPPROTO_ICMP) && vx_ccaps(VXC_RAW_ICMP))
+		goto override;
 	if (answer->capability > 0 && !capable(answer->capability))
 		goto out_rcu_unlock;
+override:
 	err = -EPROTONOSUPPORT;
 	if (!protocol)
 		goto out_rcu_unlock;
--- linux-2.6.12.2/net/ipv4/tcp_minisocks.c	2005-06-22 02:38:57 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/ipv4/tcp_minisocks.c	2005-07-02 22:38:30 +0200
@@ -364,6 +368,11 @@ void tcp_time_wait(struct sock *sk, int 
 		tw->tw_ts_recent_stamp	= tp->rx_opt.ts_recent_stamp;
 		tw_dead_node_init(tw);
 
+		tw->tw_xid		= sk->sk_xid;
+		tw->tw_vx_info		= NULL;
+		tw->tw_nid		= sk->sk_nid;
+		tw->tw_nx_info		= NULL;
+
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 		if (tw->tw_family == PF_INET6) {
 			struct ipv6_pinfo *np = inet6_sk(sk);
--- linux-2.6.12.2/net/ipv4/tcp_minisocks.c	2005-06-22 02:38:57 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/ipv4/tcp_minisocks.c	2005-07-02 22:38:30 +0200
@@ -699,6 +708,8 @@ struct sock *tcp_create_openreq_child(st
 		newsk->sk_state = TCP_SYN_RECV;
 
 		/* SANITY */
+		sock_vx_init(newsk);
+		sock_nx_init(newsk);
 		sk_node_init(&newsk->sk_node);
 		tcp_sk(newsk)->bind_hash = NULL;
 
--- linux-2.6.12.2/net/ipv4/tcp_minisocks.c	2005-06-22 02:38:57 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/ipv4/tcp_minisocks.c	2005-07-02 22:38:30 +0200
@@ -797,6 +808,12 @@ struct sock *tcp_create_openreq_child(st
 		newsk->sk_err = 0;
 		newsk->sk_priority = 0;
 		atomic_set(&newsk->sk_refcnt, 2);
+
+		set_vx_info(&newsk->sk_vx_info, sk->sk_vx_info);
+		newsk->sk_xid = sk->sk_xid;
+		vx_sock_inc(newsk);
+		set_nx_info(&newsk->sk_nx_info, sk->sk_nx_info);
+		newsk->sk_nid = sk->sk_nid;
 #ifdef INET_REFCNT_DEBUG
 		atomic_inc(&inet_sock_nr);
 #endif
--- linux-2.6.12.2/net/socket.c	2005-06-22 02:39:00 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/socket.c	2005-07-02 22:38:30 +0200
@@ -530,7 +531,7 @@ static inline int __sock_sendmsg(struct 
 				 struct msghdr *msg, size_t size)
 {
 	struct sock_iocb *si = kiocb_to_siocb(iocb);
-	int err;
+	int err, len;
 
 	si->sock = sock;
 	si->scm = NULL;
--- linux-2.6.12.2/net/socket.c	2005-06-22 02:39:00 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/socket.c	2005-07-02 22:38:30 +0200
@@ -541,7 +542,21 @@ static inline int __sock_sendmsg(struct 
 	if (err)
 		return err;
 
-	return sock->ops->sendmsg(iocb, sock, msg, size);
+	len = sock->ops->sendmsg(iocb, sock, msg, size);
+	if (sock->sk) {
+		if (len == size)
+			vx_sock_send(sock->sk, size);
+		else
+			vx_sock_fail(sock->sk, size);
+	}
+	vxdprintk(VXD_CBIT(net, 7),
+		"__sock_sendmsg: %p[%p,%p,%p;%d]:%d/%d",
+		sock, sock->sk,
+		(sock->sk)?sock->sk->sk_nx_info:0,
+		(sock->sk)?sock->sk->sk_vx_info:0,
+		(sock->sk)?sock->sk->sk_xid:0,
+		(unsigned int)size, len);
+	return len;
 }
 
 int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
--- linux-2.6.12.2/net/socket.c	2005-06-22 02:39:00 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/socket.c	2005-07-02 22:38:30 +0200
@@ -579,7 +594,7 @@ int kernel_sendmsg(struct socket *sock, 
 static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock, 
 				 struct msghdr *msg, size_t size, int flags)
 {
-	int err;
+	int err, len;
 	struct sock_iocb *si = kiocb_to_siocb(iocb);
 
 	si->sock = sock;
--- linux-2.6.12.2/net/socket.c	2005-06-22 02:39:00 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/socket.c	2005-07-02 22:38:30 +0200
@@ -592,7 +607,17 @@ static inline int __sock_recvmsg(struct 
 	if (err)
 		return err;
 
-	return sock->ops->recvmsg(iocb, sock, msg, size, flags);
+	len = sock->ops->recvmsg(iocb, sock, msg, size, flags);
+	if ((len >= 0) && sock->sk)
+		vx_sock_recv(sock->sk, len);
+	vxdprintk(VXD_CBIT(net, 7),
+		"__sock_recvmsg: %p[%p,%p,%p;%d]:%d/%d",
+		sock, sock->sk,
+		(sock->sk)?sock->sk->sk_nx_info:0,
+		(sock->sk)?sock->sk->sk_vx_info:0,
+		(sock->sk)?sock->sk->sk_xid:0,
+		(unsigned int)size, len);
+	return len;
 }
 
 int sock_recvmsg(struct socket *sock, struct msghdr *msg, 
--- linux-2.6.12.2/net/socket.c	2005-06-22 02:39:00 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/socket.c	2005-07-02 22:38:30 +0200
@@ -1079,6 +1104,10 @@ static int __sock_create(int family, int
 	if (type < 0 || type >= SOCK_MAX)
 		return -EINVAL;
 
+	/* disable IPv6 inside vservers for now */
+	if (family == PF_INET6 && !vx_check(0, VX_ADMIN))
+		return -EAFNOSUPPORT;
+
 	/* Compatibility.
 
 	   This uglymoron is moved from INET layer to here to avoid
--- linux-2.6.12.2/net/socket.c	2005-06-22 02:39:00 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/socket.c	2005-07-02 22:38:30 +0200
@@ -1186,6 +1215,7 @@ asmlinkage long sys_socket(int family, i
 	if (retval < 0)
 		goto out;
 
+	set_bit(SOCK_USER_SOCKET, &sock->flags);
 	retval = sock_map_fd(sock);
 	if (retval < 0)
 		goto out_release;
--- linux-2.6.12.2/net/socket.c	2005-06-22 02:39:00 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/socket.c	2005-07-02 22:38:30 +0200
@@ -1216,10 +1246,12 @@ asmlinkage long sys_socketpair(int famil
 	err = sock_create(family, type, protocol, &sock1);
 	if (err < 0)
 		goto out;
+	set_bit(SOCK_USER_SOCKET, &sock1->flags);
 
 	err = sock_create(family, type, protocol, &sock2);
 	if (err < 0)
 		goto out_release_1;
+	set_bit(SOCK_USER_SOCKET, &sock2->flags);
 
 	err = sock1->ops->socketpair(sock1, sock2);
 	if (err < 0) 
--- linux-2.6.12.2/net/x25/af_x25.c	2005-06-22 02:39:00 +0200
+++ linux-2.6.12.2-vs2.0-rc6.1/net/x25/af_x25.c	2005-07-02 22:38:30 +0200
@@ -484,7 +484,10 @@ static int x25_create(struct socket *soc
 
 	x25 = x25_sk(sk);
 
-	sock_init_data(sock, sk);
+	sk->sk_socket = sock;
+	sk->sk_type = sock->type;
+	sk->sk_sleep = &sock->wait;
+	sock->sk = sk;
 
 	x25_init_timers(sk);