]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/nspawn/nspawn-network.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5624 from glaubitz/x32
[thirdparty/systemd.git] / src / nspawn / nspawn-network.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2015 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <linux/veth.h>
21 #include <net/if.h>
22 #include <sys/file.h>
23
24 #include "libudev.h"
25 #include "sd-id128.h"
26 #include "sd-netlink.h"
27
28 #include "alloc-util.h"
29 #include "ether-addr-util.h"
30 #include "lockfile-util.h"
31 #include "netlink-util.h"
32 #include "nspawn-network.h"
33 #include "siphash24.h"
34 #include "socket-util.h"
35 #include "stat-util.h"
36 #include "string-util.h"
37 #include "udev-util.h"
38 #include "util.h"
39
40 #define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
41 #define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
42 #define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
43 #define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
44 #define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
45
46 static int remove_one_link(sd_netlink *rtnl, const char *name) {
47 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
48 int r;
49
50 if (isempty(name))
51 return 0;
52
53 r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
54 if (r < 0)
55 return log_error_errno(r, "Failed to allocate netlink message: %m");
56
57 r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
58 if (r < 0)
59 return log_error_errno(r, "Failed to add netlink interface name: %m");
60
61 r = sd_netlink_call(rtnl, m, 0, NULL);
62 if (r == -ENODEV) /* Already gone */
63 return 0;
64 if (r < 0)
65 return log_error_errno(r, "Failed to remove interface %s: %m", name);
66
67 return 1;
68 }
69
70 static int generate_mac(
71 const char *machine_name,
72 struct ether_addr *mac,
73 sd_id128_t hash_key,
74 uint64_t idx) {
75
76 uint64_t result;
77 size_t l, sz;
78 uint8_t *v, *i;
79 int r;
80
81 l = strlen(machine_name);
82 sz = sizeof(sd_id128_t) + l;
83 if (idx > 0)
84 sz += sizeof(idx);
85
86 v = alloca(sz);
87
88 /* fetch some persistent data unique to the host */
89 r = sd_id128_get_machine((sd_id128_t*) v);
90 if (r < 0)
91 return r;
92
93 /* combine with some data unique (on this host) to this
94 * container instance */
95 i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
96 if (idx > 0) {
97 idx = htole64(idx);
98 memcpy(i, &idx, sizeof(idx));
99 }
100
101 /* Let's hash the host machine ID plus the container name. We
102 * use a fixed, but originally randomly created hash key here. */
103 result = htole64(siphash24(v, sz, hash_key.bytes));
104
105 assert_cc(ETH_ALEN <= sizeof(result));
106 memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
107
108 /* see eth_random_addr in the kernel */
109 mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
110 mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
111
112 return 0;
113 }
114
115 static int add_veth(
116 sd_netlink *rtnl,
117 pid_t pid,
118 const char *ifname_host,
119 const struct ether_addr *mac_host,
120 const char *ifname_container,
121 const struct ether_addr *mac_container) {
122
123 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
124 int r;
125
126 assert(rtnl);
127 assert(ifname_host);
128 assert(mac_host);
129 assert(ifname_container);
130 assert(mac_container);
131
132 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
133 if (r < 0)
134 return log_error_errno(r, "Failed to allocate netlink message: %m");
135
136 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
137 if (r < 0)
138 return log_error_errno(r, "Failed to add netlink interface name: %m");
139
140 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
141 if (r < 0)
142 return log_error_errno(r, "Failed to add netlink MAC address: %m");
143
144 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
145 if (r < 0)
146 return log_error_errno(r, "Failed to open netlink container: %m");
147
148 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
149 if (r < 0)
150 return log_error_errno(r, "Failed to open netlink container: %m");
151
152 r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
153 if (r < 0)
154 return log_error_errno(r, "Failed to open netlink container: %m");
155
156 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
157 if (r < 0)
158 return log_error_errno(r, "Failed to add netlink interface name: %m");
159
160 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
161 if (r < 0)
162 return log_error_errno(r, "Failed to add netlink MAC address: %m");
163
164 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
165 if (r < 0)
166 return log_error_errno(r, "Failed to add netlink namespace field: %m");
167
168 r = sd_netlink_message_close_container(m);
169 if (r < 0)
170 return log_error_errno(r, "Failed to close netlink container: %m");
171
172 r = sd_netlink_message_close_container(m);
173 if (r < 0)
174 return log_error_errno(r, "Failed to close netlink container: %m");
175
176 r = sd_netlink_message_close_container(m);
177 if (r < 0)
178 return log_error_errno(r, "Failed to close netlink container: %m");
179
180 r = sd_netlink_call(rtnl, m, 0, NULL);
181 if (r < 0)
182 return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
183
184 return 0;
185 }
186
187 int setup_veth(const char *machine_name,
188 pid_t pid,
189 char iface_name[IFNAMSIZ],
190 bool bridge) {
191
192 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
193 struct ether_addr mac_host, mac_container;
194 int r, i;
195
196 assert(machine_name);
197 assert(pid > 0);
198 assert(iface_name);
199
200 /* Use two different interface name prefixes depending whether
201 * we are in bridge mode or not. */
202 snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
203 bridge ? "vb" : "ve", machine_name);
204
205 r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
206 if (r < 0)
207 return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
208
209 r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
210 if (r < 0)
211 return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
212
213 r = sd_netlink_open(&rtnl);
214 if (r < 0)
215 return log_error_errno(r, "Failed to connect to netlink: %m");
216
217 r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container);
218 if (r < 0)
219 return r;
220
221 i = (int) if_nametoindex(iface_name);
222 if (i <= 0)
223 return log_error_errno(errno, "Failed to resolve interface %s: %m", iface_name);
224
225 return i;
226 }
227
228 int setup_veth_extra(
229 const char *machine_name,
230 pid_t pid,
231 char **pairs) {
232
233 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
234 uint64_t idx = 0;
235 char **a, **b;
236 int r;
237
238 assert(machine_name);
239 assert(pid > 0);
240
241 if (strv_isempty(pairs))
242 return 0;
243
244 r = sd_netlink_open(&rtnl);
245 if (r < 0)
246 return log_error_errno(r, "Failed to connect to netlink: %m");
247
248 STRV_FOREACH_PAIR(a, b, pairs) {
249 struct ether_addr mac_host, mac_container;
250
251 r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
252 if (r < 0)
253 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
254
255 r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
256 if (r < 0)
257 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
258
259 r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
260 if (r < 0)
261 return r;
262
263 idx++;
264 }
265
266 return 0;
267 }
268
269 static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) {
270 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
271 int r, bridge_ifi;
272
273 assert(rtnl);
274 assert(veth_name);
275 assert(bridge_name);
276
277 bridge_ifi = (int) if_nametoindex(bridge_name);
278 if (bridge_ifi <= 0)
279 return -errno;
280
281 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
282 if (r < 0)
283 return r;
284
285 r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
286 if (r < 0)
287 return r;
288
289 r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
290 if (r < 0)
291 return r;
292
293 r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
294 if (r < 0)
295 return r;
296
297 r = sd_netlink_call(rtnl, m, 0, NULL);
298 if (r < 0)
299 return r;
300
301 return bridge_ifi;
302 }
303
304 static int create_bridge(sd_netlink *rtnl, const char *bridge_name) {
305 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
306 int r;
307
308 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
309 if (r < 0)
310 return r;
311
312 r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name);
313 if (r < 0)
314 return r;
315
316 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
317 if (r < 0)
318 return r;
319
320 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge");
321 if (r < 0)
322 return r;
323
324 r = sd_netlink_message_close_container(m);
325 if (r < 0)
326 return r;
327
328 r = sd_netlink_message_close_container(m);
329 if (r < 0)
330 return r;
331
332 r = sd_netlink_call(rtnl, m, 0, NULL);
333 if (r < 0)
334 return r;
335
336 return 0;
337 }
338
339 int setup_bridge(const char *veth_name, const char *bridge_name, bool create) {
340 _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT;
341 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
342 int r, bridge_ifi;
343 unsigned n = 0;
344
345 assert(veth_name);
346 assert(bridge_name);
347
348 r = sd_netlink_open(&rtnl);
349 if (r < 0)
350 return log_error_errno(r, "Failed to connect to netlink: %m");
351
352 if (create) {
353 /* We take a system-wide lock here, so that we can safely check whether there's still a member in the
354 * bridge before removing it, without risking interference from other nspawn instances. */
355
356 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
357 if (r < 0)
358 return log_error_errno(r, "Failed to take network zone lock: %m");
359 }
360
361 for (;;) {
362 bridge_ifi = join_bridge(rtnl, veth_name, bridge_name);
363 if (bridge_ifi >= 0)
364 return bridge_ifi;
365 if (bridge_ifi != -ENODEV || !create || n > 10)
366 return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name);
367
368 /* Count attempts, so that we don't enter an endless loop here. */
369 n++;
370
371 /* The bridge doesn't exist yet. Let's create it */
372 r = create_bridge(rtnl, bridge_name);
373 if (r < 0)
374 return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name);
375
376 /* Try again, now that the bridge exists */
377 }
378 }
379
380 int remove_bridge(const char *bridge_name) {
381 _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT;
382 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
383 const char *path;
384 int r;
385
386 /* Removes the specified bridge, but only if it is currently empty */
387
388 if (isempty(bridge_name))
389 return 0;
390
391 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
392 if (r < 0)
393 return log_error_errno(r, "Failed to take network zone lock: %m");
394
395 path = strjoina("/sys/class/net/", bridge_name, "/brif");
396
397 r = dir_is_empty(path);
398 if (r == -ENOENT) /* Already gone? */
399 return 0;
400 if (r < 0)
401 return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name);
402 if (r == 0) /* Still populated, leave it around */
403 return 0;
404
405 r = sd_netlink_open(&rtnl);
406 if (r < 0)
407 return log_error_errno(r, "Failed to connect to netlink: %m");
408
409 return remove_one_link(rtnl, bridge_name);
410 }
411
412 static int parse_interface(struct udev *udev, const char *name) {
413 _cleanup_udev_device_unref_ struct udev_device *d = NULL;
414 char ifi_str[2 + DECIMAL_STR_MAX(int)];
415 int ifi;
416
417 ifi = (int) if_nametoindex(name);
418 if (ifi <= 0)
419 return log_error_errno(errno, "Failed to resolve interface %s: %m", name);
420
421 sprintf(ifi_str, "n%i", ifi);
422 d = udev_device_new_from_device_id(udev, ifi_str);
423 if (!d)
424 return log_error_errno(errno, "Failed to get udev device for interface %s: %m", name);
425
426 if (udev_device_get_is_initialized(d) <= 0) {
427 log_error("Network interface %s is not initialized yet.", name);
428 return -EBUSY;
429 }
430
431 return ifi;
432 }
433
434 int move_network_interfaces(pid_t pid, char **ifaces) {
435 _cleanup_udev_unref_ struct udev *udev = NULL;
436 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
437 char **i;
438 int r;
439
440 if (strv_isempty(ifaces))
441 return 0;
442
443 r = sd_netlink_open(&rtnl);
444 if (r < 0)
445 return log_error_errno(r, "Failed to connect to netlink: %m");
446
447 udev = udev_new();
448 if (!udev) {
449 log_error("Failed to connect to udev.");
450 return -ENOMEM;
451 }
452
453 STRV_FOREACH(i, ifaces) {
454 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
455 int ifi;
456
457 ifi = parse_interface(udev, *i);
458 if (ifi < 0)
459 return ifi;
460
461 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
462 if (r < 0)
463 return log_error_errno(r, "Failed to allocate netlink message: %m");
464
465 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
466 if (r < 0)
467 return log_error_errno(r, "Failed to append namespace PID to netlink message: %m");
468
469 r = sd_netlink_call(rtnl, m, 0, NULL);
470 if (r < 0)
471 return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
472 }
473
474 return 0;
475 }
476
477 int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
478 _cleanup_udev_unref_ struct udev *udev = NULL;
479 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
480 unsigned idx = 0;
481 char **i;
482 int r;
483
484 if (strv_isempty(ifaces))
485 return 0;
486
487 r = sd_netlink_open(&rtnl);
488 if (r < 0)
489 return log_error_errno(r, "Failed to connect to netlink: %m");
490
491 udev = udev_new();
492 if (!udev) {
493 log_error("Failed to connect to udev.");
494 return -ENOMEM;
495 }
496
497 STRV_FOREACH(i, ifaces) {
498 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
499 _cleanup_free_ char *n = NULL;
500 struct ether_addr mac;
501 int ifi;
502
503 ifi = parse_interface(udev, *i);
504 if (ifi < 0)
505 return ifi;
506
507 r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
508 if (r < 0)
509 return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
510
511 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
512 if (r < 0)
513 return log_error_errno(r, "Failed to allocate netlink message: %m");
514
515 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
516 if (r < 0)
517 return log_error_errno(r, "Failed to add netlink interface index: %m");
518
519 n = strappend("mv-", *i);
520 if (!n)
521 return log_oom();
522
523 strshorten(n, IFNAMSIZ-1);
524
525 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
526 if (r < 0)
527 return log_error_errno(r, "Failed to add netlink interface name: %m");
528
529 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
530 if (r < 0)
531 return log_error_errno(r, "Failed to add netlink MAC address: %m");
532
533 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
534 if (r < 0)
535 return log_error_errno(r, "Failed to add netlink namespace field: %m");
536
537 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
538 if (r < 0)
539 return log_error_errno(r, "Failed to open netlink container: %m");
540
541 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
542 if (r < 0)
543 return log_error_errno(r, "Failed to open netlink container: %m");
544
545 r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
546 if (r < 0)
547 return log_error_errno(r, "Failed to append macvlan mode: %m");
548
549 r = sd_netlink_message_close_container(m);
550 if (r < 0)
551 return log_error_errno(r, "Failed to close netlink container: %m");
552
553 r = sd_netlink_message_close_container(m);
554 if (r < 0)
555 return log_error_errno(r, "Failed to close netlink container: %m");
556
557 r = sd_netlink_call(rtnl, m, 0, NULL);
558 if (r < 0)
559 return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
560 }
561
562 return 0;
563 }
564
565 int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
566 _cleanup_udev_unref_ struct udev *udev = NULL;
567 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
568 char **i;
569 int r;
570
571 if (strv_isempty(ifaces))
572 return 0;
573
574 r = sd_netlink_open(&rtnl);
575 if (r < 0)
576 return log_error_errno(r, "Failed to connect to netlink: %m");
577
578 udev = udev_new();
579 if (!udev) {
580 log_error("Failed to connect to udev.");
581 return -ENOMEM;
582 }
583
584 STRV_FOREACH(i, ifaces) {
585 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
586 _cleanup_free_ char *n = NULL;
587 int ifi;
588
589 ifi = parse_interface(udev, *i);
590 if (ifi < 0)
591 return ifi;
592
593 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
594 if (r < 0)
595 return log_error_errno(r, "Failed to allocate netlink message: %m");
596
597 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
598 if (r < 0)
599 return log_error_errno(r, "Failed to add netlink interface index: %m");
600
601 n = strappend("iv-", *i);
602 if (!n)
603 return log_oom();
604
605 strshorten(n, IFNAMSIZ-1);
606
607 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
608 if (r < 0)
609 return log_error_errno(r, "Failed to add netlink interface name: %m");
610
611 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
612 if (r < 0)
613 return log_error_errno(r, "Failed to add netlink namespace field: %m");
614
615 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
616 if (r < 0)
617 return log_error_errno(r, "Failed to open netlink container: %m");
618
619 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
620 if (r < 0)
621 return log_error_errno(r, "Failed to open netlink container: %m");
622
623 r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
624 if (r < 0)
625 return log_error_errno(r, "Failed to add ipvlan mode: %m");
626
627 r = sd_netlink_message_close_container(m);
628 if (r < 0)
629 return log_error_errno(r, "Failed to close netlink container: %m");
630
631 r = sd_netlink_message_close_container(m);
632 if (r < 0)
633 return log_error_errno(r, "Failed to close netlink container: %m");
634
635 r = sd_netlink_call(rtnl, m, 0, NULL);
636 if (r < 0)
637 return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
638 }
639
640 return 0;
641 }
642
643 int veth_extra_parse(char ***l, const char *p) {
644 _cleanup_free_ char *a = NULL, *b = NULL;
645 int r;
646
647 r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
648 if (r < 0)
649 return r;
650 if (r == 0 || !ifname_valid(a))
651 return -EINVAL;
652
653 r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
654 if (r < 0)
655 return r;
656 if (r == 0 || !ifname_valid(b)) {
657 free(b);
658 b = strdup(a);
659 if (!b)
660 return -ENOMEM;
661 }
662
663 if (p)
664 return -EINVAL;
665
666 r = strv_push_pair(l, a, b);
667 if (r < 0)
668 return -ENOMEM;
669
670 a = b = NULL;
671 return 0;
672 }
673
674 int remove_veth_links(const char *primary, char **pairs) {
675 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
676 char **a, **b;
677 int r;
678
679 /* In some cases the kernel might pin the veth links between host and container even after the namespace
680 * died. Hence, let's better remove them explicitly too. */
681
682 if (isempty(primary) && strv_isempty(pairs))
683 return 0;
684
685 r = sd_netlink_open(&rtnl);
686 if (r < 0)
687 return log_error_errno(r, "Failed to connect to netlink: %m");
688
689 remove_one_link(rtnl, primary);
690
691 STRV_FOREACH_PAIR(a, b, pairs)
692 remove_one_link(rtnl, *a);
693
694 return 0;
695 }
Unnamed repository; edit this file 'description' to name the repository.