--- linux-2.6.11.11/net/core/dev.c 2005-03-02 12:39:09 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/core/dev.c 2005-06-01 14:34:17 +0200 @@ -1894,6 +1895,9 @@ static int dev_ifconf(char __user *arg) total = 0; for (dev = dev_base; dev; dev = dev->next) { + if (vx_flags(VXF_HIDE_NETIF, 0) && + !dev_in_nx_info(dev, current->nx_info)) + continue; for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; --- linux-2.6.11.11/net/core/dev.c 2005-03-02 12:39:09 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/core/dev.c 2005-06-01 14:34:17 +0200 @@ -1954,6 +1958,10 @@ void dev_seq_stop(struct seq_file *seq, static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev) { + struct nx_info *nxi = current->nx_info; + + if (vx_flags(VXF_HIDE_NETIF, 0) && !dev_in_nx_info(dev, nxi)) + return; if (dev->get_stats) { struct net_device_stats *stats = dev->get_stats(dev); --- linux-2.6.11.11/net/core/rtnetlink.c 2005-03-02 12:39:09 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/core/rtnetlink.c 2005-06-01 14:34:17 +0200 @@ -271,6 +271,9 @@ static int rtnetlink_dump_ifinfo(struct for (dev=dev_base, idx=0; dev; dev = dev->next, idx++) { if (idx < s_idx) continue; + if (vx_info_flags(skb->sk->sk_vx_info, VXF_HIDE_NETIF, 0) && + !dev_in_nx_info(dev, skb->sk->sk_nx_info)) + continue; if (rtnetlink_fill_ifinfo(skb, dev, RTM_NEWLINK, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, 0) <= 0) break; } --- linux-2.6.11.11/net/core/rtnetlink.c 2005-03-02 12:39:09 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/core/rtnetlink.c 2005-06-01 14:34:17 +0200 @@ -441,6 +444,9 @@ void rtmsg_ifinfo(int type, struct net_d sizeof(struct rtnl_link_ifmap) + sizeof(struct rtnl_link_stats) + 128); + if (vx_flags(VXF_HIDE_NETIF, 0) && + !dev_in_nx_info(dev, current->nx_info)) + return; skb = alloc_skb(size, GFP_KERNEL); if (!skb) return; --- linux-2.6.11.11/net/ipv4/devinet.c 2005-03-02 12:39:09 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/devinet.c 2005-06-01 14:34:17 +0200 @@ -596,6 +623,9 @@ int devinet_ioctl(unsigned int cmd, void ret = -EADDRNOTAVAIL; if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) goto done; + if (vx_flags(VXF_HIDE_NETIF, 0) && + !ifa_in_nx_info(ifa, current->nx_info)) + goto done; switch(cmd) { case SIOCGIFADDR: /* Get interface address */ --- linux-2.6.11.11/net/ipv4/devinet.c 2005-03-02 12:39:09 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/devinet.c 2005-06-01 14:34:17 +0200 @@ -739,6 +769,9 @@ static int inet_gifconf(struct net_devic goto out; for (; ifa; ifa = ifa->ifa_next) { + if (vx_flags(VXF_HIDE_NETIF, 0) && + !ifa_in_nx_info(ifa, current->nx_info)) + continue; if (!buf) { done += sizeof(ifr); continue; --- linux-2.6.11.11/net/ipv4/devinet.c 2005-03-02 12:39:09 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/devinet.c 2005-06-01 14:34:17 +0200 @@ -1045,6 +1078,7 @@ static int inet_dump_ifaddr(struct sk_bu struct net_device *dev; struct in_device *in_dev; struct in_ifaddr *ifa; + struct sock *sk = skb->sk; int s_ip_idx, s_idx = cb->args[0]; s_ip_idx = ip_idx = cb->args[1]; --- linux-2.6.11.11/net/ipv4/devinet.c 2005-03-02 12:39:09 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/devinet.c 2005-06-01 14:34:17 +0200 @@ -1062,6 +1096,9 @@ static int inet_dump_ifaddr(struct sk_bu for (ifa = in_dev->ifa_list, ip_idx = 0; ifa; ifa = ifa->ifa_next, ip_idx++) { + if (sk && vx_info_flags(sk->sk_vx_info, VXF_HIDE_NETIF, 0) && + !ifa_in_nx_info(ifa, sk->sk_nx_info)) + continue; if (ip_idx < s_ip_idx) continue; if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid, --- linux-2.6.11.11/net/ipv4/fib_hash.c 2005-06-01 14:30:24 +0200 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/fib_hash.c 2005-06-01 14:34:17 +0200 @@ -965,6 +965,8 @@ static unsigned fib_flag_trans(int type, return flags; } +extern int dev_in_nx_info(struct net_device *, struct nx_info *); + /* * This outputs /proc/net/route. * --- linux-2.6.11.11/net/ipv4/fib_hash.c 2005-06-01 14:30:24 +0200 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/fib_hash.c 2005-06-01 14:34:17 +0200 @@ -995,7 +997,8 @@ static int fib_seq_show(struct seq_file prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi && (!vx_flags(VXF_HIDE_NETIF, 0) || + dev_in_nx_info(fi->fib_dev, current->nx_info))) snprintf(bf, sizeof(bf), "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u", fi->fib_dev ? fi->fib_dev->name : "*", prefix, --- linux-2.6.11.11/net/ipv4/raw.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/raw.c 2005-06-01 14:34:17 +0200 @@ -743,7 +775,8 @@ static struct sock *raw_get_first(struct struct hlist_node *node; sk_for_each(sk, node, &raw_v4_htable[state->bucket]) - if (sk->sk_family == PF_INET) + if (sk->sk_family == PF_INET && + vx_check(sk->sk_xid, VX_IDENT|VX_WATCH)) goto found; } sk = NULL; --- linux-2.6.11.11/net/ipv4/raw.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/raw.c 2005-06-01 14:34:17 +0200 @@ -759,7 +792,8 @@ static struct sock *raw_get_next(struct sk = sk_next(sk); try_again: ; - } while (sk && sk->sk_family != PF_INET); + } while (sk && (sk->sk_family != PF_INET || + !vx_check(sk->sk_xid, VX_IDENT|VX_WATCH))); if (!sk && ++state->bucket < RAWV4_HTABLE_SIZE) { sk = sk_head(&raw_v4_htable[state->bucket]); --- linux-2.6.11.11/net/ipv4/tcp_diag.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_diag.c 2005-06-01 14:34:17 +0200 @@ -611,6 +611,9 @@ static int tcpdiag_dump(struct sk_buff * sk_for_each(sk, node, &tcp_listening_hash[i]) { struct inet_sock *inet = inet_sk(sk); + if (!vx_check(sk->sk_xid, VX_IDENT|VX_WATCH)) + continue; + if (num < s_num) { num++; continue; --- linux-2.6.11.11/net/ipv4/tcp_diag.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_diag.c 2005-06-01 14:34:17 +0200 @@ -672,6 +675,8 @@ skip_listen_ht: sk_for_each(sk, node, &head->chain) { struct inet_sock *inet = inet_sk(sk); + if (!vx_check(sk->sk_xid, VX_IDENT|VX_WATCH)) + continue; if (num < s_num) goto next_normal; if (!(r->tcpdiag_states & (1 << sk->sk_state))) --- linux-2.6.11.11/net/ipv4/tcp_diag.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_diag.c 2005-06-01 14:34:17 +0200 @@ -694,6 +699,8 @@ next_normal: &tcp_ehash[i + tcp_ehash_size].chain) { struct inet_sock *inet = inet_sk(sk); + if (!vx_check(sk->sk_xid, VX_IDENT|VX_WATCH)) + continue; if (num < s_num) goto next_dying; if (r->id.tcpdiag_sport != inet->sport && --- linux-2.6.11.11/net/ipv4/tcp_ipv4.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_ipv4.c 2005-06-01 14:34:17 +0200 @@ -2151,6 +2169,12 @@ static void *listening_get_next(struct s req = req->dl_next; while (1) { while (req) { + vxdprintk(VXD_CBIT(net, 6), + "sk,req: %p [#%d] (from %d)", req->sk, + (req->sk)?req->sk->sk_xid:0, vx_current_xid()); + if (req->sk && + !vx_check(req->sk->sk_xid, VX_IDENT|VX_WATCH)) + continue; if (req->class->family == st->family) { cur = req; goto out; --- linux-2.6.11.11/net/ipv4/tcp_ipv4.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_ipv4.c 2005-06-01 14:34:17 +0200 @@ -2175,6 +2199,10 @@ get_req: } get_sk: sk_for_each_from(sk, node) { + vxdprintk(VXD_CBIT(net, 6), "sk: %p [#%d] (from %d)", + sk, sk->sk_xid, vx_current_xid()); + if (!vx_check(sk->sk_xid, VX_IDENT|VX_WATCH)) + continue; if (sk->sk_family == st->family) { cur = sk; goto out; --- linux-2.6.11.11/net/ipv4/tcp_ipv4.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_ipv4.c 2005-06-01 14:34:17 +0200 @@ -2226,18 +2254,26 @@ static void *established_get_first(struc read_lock(&tcp_ehash[st->bucket].lock); sk_for_each(sk, node, &tcp_ehash[st->bucket].chain) { - if (sk->sk_family != st->family) { + vxdprintk(VXD_CBIT(net, 6), + "sk,egf: %p [#%d] (from %d)", + sk, sk->sk_xid, vx_current_xid()); + if (!vx_check(sk->sk_xid, VX_IDENT|VX_WATCH)) + continue; + if (sk->sk_family != st->family) continue; - } rc = sk; goto out; } st->state = TCP_SEQ_STATE_TIME_WAIT; tw_for_each(tw, node, &tcp_ehash[st->bucket + tcp_ehash_size].chain) { - if (tw->tw_family != st->family) { + vxdprintk(VXD_CBIT(net, 6), + "tw: %p [#%d] (from %d)", + tw, tw->tw_xid, vx_current_xid()); + if (!vx_check(tw->tw_xid, VX_IDENT|VX_WATCH)) + continue; + if (tw->tw_family != st->family) continue; - } rc = tw; goto out; } --- linux-2.6.11.11/net/ipv4/tcp_ipv4.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_ipv4.c 2005-06-01 14:34:17 +0200 @@ -2261,7 +2297,8 @@ static void *established_get_next(struct tw = cur; tw = tw_next(tw); get_tw: - while (tw && tw->tw_family != st->family) { + while (tw && (tw->tw_family != st->family || + !vx_check(tw->tw_xid, VX_IDENT|VX_WATCH))) { tw = tw_next(tw); } if (tw) { --- linux-2.6.11.11/net/ipv4/tcp_ipv4.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/tcp_ipv4.c 2005-06-01 14:34:17 +0200 @@ -2285,6 +2322,11 @@ get_tw: sk = sk_next(sk); sk_for_each_from(sk, node) { + vxdprintk(VXD_CBIT(net, 6), + "sk,egn: %p [#%d] (from %d)", + sk, sk->sk_xid, vx_current_xid()); + if (!vx_check(sk->sk_xid, VX_IDENT|VX_WATCH)) + continue; if (sk->sk_family == st->family) goto found; } --- linux-2.6.11.11/net/ipv4/udp.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/udp.c 2005-06-01 14:34:17 +0200 @@ -1383,8 +1407,10 @@ static struct sock *udp_get_first(struct for (state->bucket = 0; state->bucket < UDP_HTABLE_SIZE; ++state->bucket) { struct hlist_node *node; + sk_for_each(sk, node, &udp_hash[state->bucket]) { - if (sk->sk_family == state->family) + if (sk->sk_family == state->family && + vx_check(sk->sk_xid, VX_IDENT|VX_WATCH)) goto found; } } --- linux-2.6.11.11/net/ipv4/udp.c 2005-03-02 12:39:10 +0100 +++ linux-2.6.11.11-vs2.0-rc3/net/ipv4/udp.c 2005-06-01 14:34:17 +0200 @@ -1401,7 +1427,8 @@ static struct sock *udp_get_next(struct sk = sk_next(sk); try_again: ; - } while (sk && sk->sk_family != state->family); + } while (sk && (sk->sk_family != state->family || + !vx_check(sk->sk_xid, VX_IDENT|VX_WATCH))); if (!sk && ++state->bucket < UDP_HTABLE_SIZE) { sk = sk_head(&udp_hash[state->bucket]);