--- linux-2.6.18.2/net/core/dev.c 2006-11-04 19:43:24 +0100 +++ linux-2.6.18.2-vs2.1.1/net/core/dev.c 2006-10-18 01:14:31 +0200 @@ -2049,6 +2050,9 @@ static int dev_ifconf(char __user *arg) total = 0; for (dev = dev_base; dev; dev = dev->next) { + if (vx_flags(VXF_HIDE_NETIF, 0) && + !dev_in_nx_info(dev, current->nx_info)) + continue; for (i = 0; i < NPROTO; i++) { if (gifconf_list[i]) { int done; --- linux-2.6.18.2/net/core/dev.c 2006-11-04 19:43:24 +0100 +++ linux-2.6.18.2-vs2.1.1/net/core/dev.c 2006-10-18 01:14:31 +0200 @@ -2109,6 +2113,10 @@ void dev_seq_stop(struct seq_file *seq, static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev) { + struct nx_info *nxi = current->nx_info; + + if (vx_flags(VXF_HIDE_NETIF, 0) && !dev_in_nx_info(dev, nxi)) + return; if (dev->get_stats) { struct net_device_stats *stats = dev->get_stats(dev); --- linux-2.6.18.2/net/core/rtnetlink.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/core/rtnetlink.c 2006-09-20 17:01:45 +0200 @@ -322,6 +322,9 @@ static int rtnetlink_dump_ifinfo(struct for (dev=dev_base, idx=0; dev; dev = dev->next, idx++) { if (idx < s_idx) continue; + if (vx_info_flags(skb->sk->sk_vx_info, VXF_HIDE_NETIF, 0) && + !dev_in_nx_info(dev, skb->sk->sk_nx_info)) + continue; if (rtnetlink_fill_ifinfo(skb, dev, RTM_NEWLINK, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, 0, --- linux-2.6.18.2/net/core/rtnetlink.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/core/rtnetlink.c 2006-09-20 17:01:45 +0200 @@ -612,6 +615,9 @@ void rtmsg_ifinfo(int type, struct net_d sizeof(struct rtnl_link_ifmap) + sizeof(struct rtnl_link_stats) + 128); + if (vx_flags(VXF_HIDE_NETIF, 0) && + !dev_in_nx_info(dev, current->nx_info)) + return; skb = alloc_skb(size, GFP_KERNEL); if (!skb) return; --- linux-2.6.18.2/net/ipv4/devinet.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/devinet.c 2006-09-20 17:01:45 +0200 @@ -606,6 +606,9 @@ int devinet_ioctl(unsigned int cmd, void *colon = ':'; if ((in_dev = __in_dev_get_rtnl(dev)) != NULL) { + struct nx_info *nxi = current->nx_info; + int hide_netif = vx_flags(VXF_HIDE_NETIF, 0); + if (tryaddrmatch) { /* Matthias Andree */ /* compare label and address (4.4BSD style) */ --- linux-2.6.18.2/net/ipv4/devinet.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/devinet.c 2006-09-20 17:01:45 +0200 @@ -614,6 +617,8 @@ int devinet_ioctl(unsigned int cmd, void This is checked above. */ for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL; ifap = &ifa->ifa_next) { + if (hide_netif && !ifa_in_nx_info(ifa, nxi)) + continue; if (!strcmp(ifr.ifr_name, ifa->ifa_label) && sin_orig.sin_addr.s_addr == ifa->ifa_address) { --- linux-2.6.18.2/net/ipv4/devinet.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/devinet.c 2006-09-20 17:01:45 +0200 @@ -626,9 +631,12 @@ int devinet_ioctl(unsigned int cmd, void comparing just the label */ if (!ifa) { for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL; - ifap = &ifa->ifa_next) + ifap = &ifa->ifa_next) { + if (hide_netif && !ifa_in_nx_info(ifa, nxi)) + continue; if (!strcmp(ifr.ifr_name, ifa->ifa_label)) break; + } } } --- linux-2.6.18.2/net/ipv4/devinet.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/devinet.c 2006-09-20 17:01:45 +0200 @@ -779,6 +787,9 @@ static int inet_gifconf(struct net_devic goto out; for (; ifa; ifa = ifa->ifa_next) { + if (vx_flags(VXF_HIDE_NETIF, 0) && + !ifa_in_nx_info(ifa, current->nx_info)) + continue; if (!buf) { done += sizeof(ifr); continue; --- linux-2.6.18.2/net/ipv4/devinet.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/devinet.c 2006-09-20 17:01:45 +0200 @@ -1090,6 +1101,7 @@ static int inet_dump_ifaddr(struct sk_bu struct net_device *dev; struct in_device *in_dev; struct in_ifaddr *ifa; + struct sock *sk = skb->sk; int s_ip_idx, s_idx = cb->args[0]; s_ip_idx = ip_idx = cb->args[1]; --- linux-2.6.18.2/net/ipv4/devinet.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/devinet.c 2006-09-20 17:01:45 +0200 @@ -1107,6 +1119,9 @@ static int inet_dump_ifaddr(struct sk_bu for (ifa = in_dev->ifa_list, ip_idx = 0; ifa; ifa = ifa->ifa_next, ip_idx++) { + if (sk && vx_info_flags(sk->sk_vx_info, VXF_HIDE_NETIF, 0) && + !ifa_in_nx_info(ifa, sk->sk_nx_info)) + continue; if (ip_idx < s_ip_idx) continue; if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid, --- linux-2.6.18.2/net/ipv4/fib_hash.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/fib_hash.c 2006-09-20 17:01:45 +0200 @@ -987,6 +987,8 @@ static unsigned fib_flag_trans(int type, return flags; } +extern int dev_in_nx_info(struct net_device *, struct nx_info *); + /* * This outputs /proc/net/route. * --- linux-2.6.18.2/net/ipv4/fib_hash.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/fib_hash.c 2006-09-20 17:01:45 +0200 @@ -1017,7 +1019,8 @@ static int fib_seq_show(struct seq_file prefix = f->fn_key; mask = FZ_MASK(iter->zone); flags = fib_flag_trans(fa->fa_type, mask, fi); - if (fi) + if (fi && (!vx_flags(VXF_HIDE_NETIF, 0) || + dev_in_nx_info(fi->fib_dev, current->nx_info))) snprintf(bf, sizeof(bf), "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u", fi->fib_dev ? fi->fib_dev->name : "*", prefix, --- linux-2.6.18.2/net/ipv4/inet_diag.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/inet_diag.c 2006-09-25 15:40:02 +0200 @@ -693,6 +693,8 @@ static int inet_diag_dump(struct sk_buff sk_for_each(sk, node, &hashinfo->listening_hash[i]) { struct inet_sock *inet = inet_sk(sk); + if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)) + continue; if (num < s_num) { num++; continue; --- linux-2.6.18.2/net/ipv4/inet_diag.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/inet_diag.c 2006-09-25 15:40:02 +0200 @@ -753,6 +755,8 @@ skip_listen_ht: sk_for_each(sk, node, &head->chain) { struct inet_sock *inet = inet_sk(sk); + if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)) + continue; if (num < s_num) goto next_normal; if (!(r->idiag_states & (1 << sk->sk_state))) --- linux-2.6.18.2/net/ipv4/inet_diag.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/inet_diag.c 2006-09-25 15:40:02 +0200 @@ -777,6 +781,8 @@ next_normal: inet_twsk_for_each(tw, node, &hashinfo->ehash[i + hashinfo->ehash_size].chain) { + if (!vx_check(tw->tw_xid, VX_WATCH_P|VX_IDENT)) + continue; if (num < s_num) goto next_dying; if (r->id.idiag_sport != tw->tw_sport && --- linux-2.6.18.2/net/ipv4/raw.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/raw.c 2006-09-25 15:40:02 +0200 @@ -788,7 +822,8 @@ static struct sock *raw_get_first(struct struct hlist_node *node; sk_for_each(sk, node, &raw_v4_htable[state->bucket]) - if (sk->sk_family == PF_INET) + if (sk->sk_family == PF_INET && + vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)) goto found; } sk = NULL; --- linux-2.6.18.2/net/ipv4/raw.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/raw.c 2006-09-25 15:40:02 +0200 @@ -804,7 +839,8 @@ static struct sock *raw_get_next(struct sk = sk_next(sk); try_again: ; - } while (sk && sk->sk_family != PF_INET); + } while (sk && (sk->sk_family != PF_INET || + !vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))); if (!sk && ++state->bucket < RAWV4_HTABLE_SIZE) { sk = sk_head(&raw_v4_htable[state->bucket]); --- linux-2.6.18.2/net/ipv4/tcp_ipv4.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/tcp_ipv4.c 2006-10-18 04:06:32 +0200 @@ -1388,6 +1389,12 @@ static void *listening_get_next(struct s req = req->dl_next; while (1) { while (req) { + vxdprintk(VXD_CBIT(net, 6), + "sk,req: %p [#%d] (from %d)", req->sk, + (req->sk)?req->sk->sk_xid:0, vx_current_xid()); + if (req->sk && + !vx_check(req->sk->sk_xid, VX_WATCH_P|VX_IDENT)) + continue; if (req->rsk_ops->family == st->family) { cur = req; goto out; --- linux-2.6.18.2/net/ipv4/tcp_ipv4.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/tcp_ipv4.c 2006-10-18 04:06:32 +0200 @@ -1412,6 +1419,10 @@ get_req: } get_sk: sk_for_each_from(sk, node) { + vxdprintk(VXD_CBIT(net, 6), "sk: %p [#%d] (from %d)", + sk, sk->sk_xid, vx_current_xid()); + if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)) + continue; if (sk->sk_family == st->family) { cur = sk; goto out; --- linux-2.6.18.2/net/ipv4/tcp_ipv4.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/tcp_ipv4.c 2006-10-18 04:06:32 +0200 @@ -1463,9 +1474,13 @@ static void *established_get_first(struc read_lock(&tcp_hashinfo.ehash[st->bucket].lock); sk_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) { - if (sk->sk_family != st->family) { + vxdprintk(VXD_CBIT(net, 6), + "sk,egf: %p [#%d] (from %d)", + sk, sk->sk_xid, vx_current_xid()); + if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)) + continue; + if (sk->sk_family != st->family) continue; - } rc = sk; goto out; } --- linux-2.6.18.2/net/ipv4/tcp_ipv4.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/tcp_ipv4.c 2006-10-18 04:06:32 +0200 @@ -1472,9 +1487,13 @@ ***** st->state = TCP_SEQ_STATE_TIME_WAIT; inet_twsk_for_each(tw, node, &tcp_hashinfo.ehash[st->bucket + tcp_hashinfo.ehash_size].chain) { - if (tw->tw_family != st->family) { + vxdprintk(VXD_CBIT(net, 6), + "tw: %p [#%d] (from %d)", + tw, tw->tw_xid, vx_current_xid()); + if (!vx_check(tw->tw_xid, VX_WATCH_P|VX_IDENT)) + continue; + if (tw->tw_family != st->family) continue; - } rc = tw; goto out; } --- linux-2.6.18.2/net/ipv4/tcp_ipv4.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/tcp_ipv4.c 2006-10-18 04:06:32 +0200 @@ -1498,7 +1517,8 @@ static void *established_get_next(struct tw = cur; tw = tw_next(tw); get_tw: - while (tw && tw->tw_family != st->family) { + while (tw && (tw->tw_family != st->family || + !vx_check(tw->tw_xid, VX_WATCH_P|VX_IDENT))) { tw = tw_next(tw); } if (tw) { --- linux-2.6.18.2/net/ipv4/tcp_ipv4.c 2006-09-20 16:58:50 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/tcp_ipv4.c 2006-10-18 04:06:32 +0200 @@ -1522,6 +1542,11 @@ get_tw: sk = sk_next(sk); sk_for_each_from(sk, node) { + vxdprintk(VXD_CBIT(net, 6), + "sk,egn: %p [#%d] (from %d)", + sk, sk->sk_xid, vx_current_xid()); + if (!vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)) + continue; if (sk->sk_family == st->family) goto found; } --- linux-2.6.18.2/net/ipv4/udp.c 2006-09-20 16:58:51 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/udp.c 2006-10-18 04:06:32 +0200 @@ -1402,8 +1419,10 @@ static struct sock *udp_get_first(struct for (state->bucket = 0; state->bucket < UDP_HTABLE_SIZE; ++state->bucket) { struct hlist_node *node; + sk_for_each(sk, node, &udp_hash[state->bucket]) { - if (sk->sk_family == state->family) + if (sk->sk_family == state->family && + vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT)) goto found; } } --- linux-2.6.18.2/net/ipv4/udp.c 2006-09-20 16:58:51 +0200 +++ linux-2.6.18.2-vs2.1.1/net/ipv4/udp.c 2006-10-18 04:06:32 +0200 @@ -1420,7 +1439,8 @@ static struct sock *udp_get_next(struct sk = sk_next(sk); try_again: ; - } while (sk && sk->sk_family != state->family); + } while (sk && (sk->sk_family != state->family || + !vx_check(sk->sk_xid, VX_WATCH_P|VX_IDENT))); if (!sk && ++state->bucket < UDP_HTABLE_SIZE) { sk = sk_head(&udp_hash[state->bucket]);