]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/nspawn/nspawn-network.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #14532 from poettering/namespace-dynamic-user-fix
[thirdparty/systemd.git] / src / nspawn / nspawn-network.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <net/if.h>
4 #include <linux/if.h>
5 #include <linux/veth.h>
6 #include <sys/file.h>
7
8 #include "sd-device.h"
9 #include "sd-id128.h"
10 #include "sd-netlink.h"
11
12 #include "alloc-util.h"
13 #include "ether-addr-util.h"
14 #include "lockfile-util.h"
15 #include "missing_network.h"
16 #include "netif-naming-scheme.h"
17 #include "netlink-util.h"
18 #include "nspawn-network.h"
19 #include "parse-util.h"
20 #include "siphash24.h"
21 #include "socket-util.h"
22 #include "stat-util.h"
23 #include "string-util.h"
24 #include "strv.h"
25 #include "udev-util.h"
26 #include "util.h"
27
28 #define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
29 #define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
30 #define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
31 #define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
32 #define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
33 #define SHORTEN_IFNAME_HASH_KEY SD_ID128_MAKE(e1,90,a4,04,a8,ef,4b,51,8c,cc,c3,3a,9f,11,fc,a2)
34
35 static int remove_one_link(sd_netlink *rtnl, const char *name) {
36 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
37 int r;
38
39 if (isempty(name))
40 return 0;
41
42 r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
43 if (r < 0)
44 return log_error_errno(r, "Failed to allocate netlink message: %m");
45
46 r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
47 if (r < 0)
48 return log_error_errno(r, "Failed to add netlink interface name: %m");
49
50 r = sd_netlink_call(rtnl, m, 0, NULL);
51 if (r == -ENODEV) /* Already gone */
52 return 0;
53 if (r < 0)
54 return log_error_errno(r, "Failed to remove interface %s: %m", name);
55
56 return 1;
57 }
58
59 static int generate_mac(
60 const char *machine_name,
61 struct ether_addr *mac,
62 sd_id128_t hash_key,
63 uint64_t idx) {
64
65 uint64_t result;
66 size_t l, sz;
67 uint8_t *v, *i;
68 int r;
69
70 l = strlen(machine_name);
71 sz = sizeof(sd_id128_t) + l;
72 if (idx > 0)
73 sz += sizeof(idx);
74
75 v = newa(uint8_t, sz);
76
77 /* fetch some persistent data unique to the host */
78 r = sd_id128_get_machine((sd_id128_t*) v);
79 if (r < 0)
80 return r;
81
82 /* combine with some data unique (on this host) to this
83 * container instance */
84 i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
85 if (idx > 0) {
86 idx = htole64(idx);
87 memcpy(i, &idx, sizeof(idx));
88 }
89
90 /* Let's hash the host machine ID plus the container name. We
91 * use a fixed, but originally randomly created hash key here. */
92 result = htole64(siphash24(v, sz, hash_key.bytes));
93
94 assert_cc(ETH_ALEN <= sizeof(result));
95 memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
96
97 /* see eth_random_addr in the kernel */
98 mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
99 mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
100
101 return 0;
102 }
103
104 static int set_alternative_ifname(sd_netlink *rtnl, const char *ifname, const char *altifname) {
105 int r;
106
107 assert(rtnl);
108 assert(ifname);
109
110 if (!altifname)
111 return 0;
112
113 if (strlen(altifname) >= ALTIFNAMSIZ)
114 return log_warning_errno(SYNTHETIC_ERRNO(ERANGE),
115 "Alternative interface name '%s' for '%s' is too long, ignoring",
116 altifname, ifname);
117
118 r = rtnl_set_link_alternative_names_by_ifname(&rtnl, ifname, STRV_MAKE(altifname));
119 if (r < 0)
120 return log_warning_errno(r,
121 "Failed to set alternative interface name '%s' to '%s', ignoring: %m",
122 altifname, ifname);
123
124 return 0;
125 }
126
127 static int add_veth(
128 sd_netlink *rtnl,
129 pid_t pid,
130 const char *ifname_host,
131 const char *altifname_host,
132 const struct ether_addr *mac_host,
133 const char *ifname_container,
134 const struct ether_addr *mac_container) {
135
136 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
137 int r;
138
139 assert(rtnl);
140 assert(ifname_host);
141 assert(mac_host);
142 assert(ifname_container);
143 assert(mac_container);
144
145 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
146 if (r < 0)
147 return log_error_errno(r, "Failed to allocate netlink message: %m");
148
149 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
150 if (r < 0)
151 return log_error_errno(r, "Failed to add netlink interface name: %m");
152
153 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
154 if (r < 0)
155 return log_error_errno(r, "Failed to add netlink MAC address: %m");
156
157 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
158 if (r < 0)
159 return log_error_errno(r, "Failed to open netlink container: %m");
160
161 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
162 if (r < 0)
163 return log_error_errno(r, "Failed to open netlink container: %m");
164
165 r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
166 if (r < 0)
167 return log_error_errno(r, "Failed to open netlink container: %m");
168
169 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
170 if (r < 0)
171 return log_error_errno(r, "Failed to add netlink interface name: %m");
172
173 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
174 if (r < 0)
175 return log_error_errno(r, "Failed to add netlink MAC address: %m");
176
177 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
178 if (r < 0)
179 return log_error_errno(r, "Failed to add netlink namespace field: %m");
180
181 r = sd_netlink_message_close_container(m);
182 if (r < 0)
183 return log_error_errno(r, "Failed to close netlink container: %m");
184
185 r = sd_netlink_message_close_container(m);
186 if (r < 0)
187 return log_error_errno(r, "Failed to close netlink container: %m");
188
189 r = sd_netlink_message_close_container(m);
190 if (r < 0)
191 return log_error_errno(r, "Failed to close netlink container: %m");
192
193 r = sd_netlink_call(rtnl, m, 0, NULL);
194 if (r < 0)
195 return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
196
197 (void) set_alternative_ifname(rtnl, ifname_host, altifname_host);
198
199 return 0;
200 }
201
202 /* This is almost base64char(), but not entirely, as it uses the "url and filename safe" alphabet, since we
203 * don't want "/" appear in interface names (since interfaces appear in sysfs as filenames). See section #5
204 * of RFC 4648. */
205 static char urlsafe_base64char(int x) {
206 static const char table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
207 "abcdefghijklmnopqrstuvwxyz"
208 "0123456789-_";
209 return table[x & 63];
210 }
211
212 static int shorten_ifname(char *ifname) {
213 char new_ifname[IFNAMSIZ];
214
215 assert(ifname);
216
217 if (strlen(ifname) < IFNAMSIZ) /* Name is short enough */
218 return 0;
219
220 if (naming_scheme_has(NAMING_NSPAWN_LONG_HASH)) {
221 uint64_t h;
222
223 /* Calculate 64bit hash value */
224 h = siphash24(ifname, strlen(ifname), SHORTEN_IFNAME_HASH_KEY.bytes);
225
226 /* Set the final four bytes (i.e. 32bit) to the lower 24bit of the hash, encoded in url-safe base64 */
227 memcpy(new_ifname, ifname, IFNAMSIZ - 5);
228 new_ifname[IFNAMSIZ - 5] = urlsafe_base64char(h >> 18);
229 new_ifname[IFNAMSIZ - 4] = urlsafe_base64char(h >> 12);
230 new_ifname[IFNAMSIZ - 3] = urlsafe_base64char(h >> 6);
231 new_ifname[IFNAMSIZ - 2] = urlsafe_base64char(h);
232 } else
233 /* On old nspawn versions we just truncated the name, provide compatibility */
234 memcpy(new_ifname, ifname, IFNAMSIZ-1);
235
236 new_ifname[IFNAMSIZ - 1] = 0;
237
238 /* Log the incident to make it more discoverable */
239 log_warning("Network interface name '%s' has been changed to '%s' to fit length constraints.", ifname, new_ifname);
240
241 strcpy(ifname, new_ifname);
242 return 1;
243 }
244
245 int setup_veth(const char *machine_name,
246 pid_t pid,
247 char iface_name[IFNAMSIZ],
248 bool bridge) {
249
250 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
251 struct ether_addr mac_host, mac_container;
252 unsigned u;
253 char *n, *a = NULL;
254 int r;
255
256 assert(machine_name);
257 assert(pid > 0);
258 assert(iface_name);
259
260 /* Use two different interface name prefixes depending whether
261 * we are in bridge mode or not. */
262 n = strjoina(bridge ? "vb-" : "ve-", machine_name);
263 r = shorten_ifname(n);
264 if (r > 0)
265 a = strjoina(bridge ? "vb-" : "ve-", machine_name);
266
267 r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
268 if (r < 0)
269 return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
270
271 r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
272 if (r < 0)
273 return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
274
275 r = sd_netlink_open(&rtnl);
276 if (r < 0)
277 return log_error_errno(r, "Failed to connect to netlink: %m");
278
279 r = add_veth(rtnl, pid, n, a, &mac_host, "host0", &mac_container);
280 if (r < 0)
281 return r;
282
283 u = if_nametoindex(n);
284 if (u == 0)
285 return log_error_errno(errno, "Failed to resolve interface %s: %m", n);
286
287 strcpy(iface_name, n);
288 return (int) u;
289 }
290
291 int setup_veth_extra(
292 const char *machine_name,
293 pid_t pid,
294 char **pairs) {
295
296 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
297 uint64_t idx = 0;
298 char **a, **b;
299 int r;
300
301 assert(machine_name);
302 assert(pid > 0);
303
304 if (strv_isempty(pairs))
305 return 0;
306
307 r = sd_netlink_open(&rtnl);
308 if (r < 0)
309 return log_error_errno(r, "Failed to connect to netlink: %m");
310
311 STRV_FOREACH_PAIR(a, b, pairs) {
312 struct ether_addr mac_host, mac_container;
313
314 r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
315 if (r < 0)
316 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
317
318 r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
319 if (r < 0)
320 return log_error_errno(r, "Failed to generate predictable MAC address for host side of extra veth link: %m");
321
322 r = add_veth(rtnl, pid, *a, NULL, &mac_host, *b, &mac_container);
323 if (r < 0)
324 return r;
325
326 idx++;
327 }
328
329 return 0;
330 }
331
332 static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) {
333 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
334 int r, bridge_ifi;
335
336 assert(rtnl);
337 assert(veth_name);
338 assert(bridge_name);
339
340 r = parse_ifindex_or_ifname(bridge_name, &bridge_ifi);
341 if (r < 0)
342 return r;
343
344 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
345 if (r < 0)
346 return r;
347
348 r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
349 if (r < 0)
350 return r;
351
352 r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
353 if (r < 0)
354 return r;
355
356 r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
357 if (r < 0)
358 return r;
359
360 r = sd_netlink_call(rtnl, m, 0, NULL);
361 if (r < 0)
362 return r;
363
364 return bridge_ifi;
365 }
366
367 static int create_bridge(sd_netlink *rtnl, const char *bridge_name) {
368 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
369 int r;
370
371 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
372 if (r < 0)
373 return r;
374
375 r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name);
376 if (r < 0)
377 return r;
378
379 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
380 if (r < 0)
381 return r;
382
383 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge");
384 if (r < 0)
385 return r;
386
387 r = sd_netlink_message_close_container(m);
388 if (r < 0)
389 return r;
390
391 r = sd_netlink_message_close_container(m);
392 if (r < 0)
393 return r;
394
395 r = sd_netlink_call(rtnl, m, 0, NULL);
396 if (r < 0)
397 return r;
398
399 return 0;
400 }
401
402 int setup_bridge(const char *veth_name, const char *bridge_name, bool create) {
403 _cleanup_(release_lock_file) LockFile bridge_lock = LOCK_FILE_INIT;
404 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
405 int r, bridge_ifi;
406 unsigned n = 0;
407
408 assert(veth_name);
409 assert(bridge_name);
410
411 r = sd_netlink_open(&rtnl);
412 if (r < 0)
413 return log_error_errno(r, "Failed to connect to netlink: %m");
414
415 if (create) {
416 /* We take a system-wide lock here, so that we can safely check whether there's still a member in the
417 * bridge before removing it, without risking interference from other nspawn instances. */
418
419 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
420 if (r < 0)
421 return log_error_errno(r, "Failed to take network zone lock: %m");
422 }
423
424 for (;;) {
425 bridge_ifi = join_bridge(rtnl, veth_name, bridge_name);
426 if (bridge_ifi >= 0)
427 return bridge_ifi;
428 if (bridge_ifi != -ENODEV || !create || n > 10)
429 return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name);
430
431 /* Count attempts, so that we don't enter an endless loop here. */
432 n++;
433
434 /* The bridge doesn't exist yet. Let's create it */
435 r = create_bridge(rtnl, bridge_name);
436 if (r < 0)
437 return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name);
438
439 /* Try again, now that the bridge exists */
440 }
441 }
442
443 int remove_bridge(const char *bridge_name) {
444 _cleanup_(release_lock_file) LockFile bridge_lock = LOCK_FILE_INIT;
445 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
446 const char *path;
447 int r;
448
449 /* Removes the specified bridge, but only if it is currently empty */
450
451 if (isempty(bridge_name))
452 return 0;
453
454 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
455 if (r < 0)
456 return log_error_errno(r, "Failed to take network zone lock: %m");
457
458 path = strjoina("/sys/class/net/", bridge_name, "/brif");
459
460 r = dir_is_empty(path);
461 if (r == -ENOENT) /* Already gone? */
462 return 0;
463 if (r < 0)
464 return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name);
465 if (r == 0) /* Still populated, leave it around */
466 return 0;
467
468 r = sd_netlink_open(&rtnl);
469 if (r < 0)
470 return log_error_errno(r, "Failed to connect to netlink: %m");
471
472 return remove_one_link(rtnl, bridge_name);
473 }
474
475 static int parse_interface(const char *name) {
476 int ifi, r;
477
478 r = parse_ifindex_or_ifname(name, &ifi);
479 if (r < 0)
480 return log_error_errno(r, "Failed to resolve interface %s: %m", name);
481
482 return ifi;
483 }
484
485 int test_network_interface_initialized(const char *name) {
486 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
487 int ifi, r;
488 char ifi_str[2 + DECIMAL_STR_MAX(int)];
489
490 if (path_is_read_only_fs("/sys"))
491 return 0;
492
493 /* udev should be around. */
494
495 ifi = parse_interface(name);
496 if (ifi < 0)
497 return ifi;
498
499 sprintf(ifi_str, "n%i", ifi);
500 r = sd_device_new_from_device_id(&d, ifi_str);
501 if (r < 0)
502 return log_error_errno(r, "Failed to get device %s: %m", name);
503
504 r = sd_device_get_is_initialized(d);
505 if (r < 0)
506 return log_error_errno(r, "Failed to determine whether interface %s is initialized: %m", name);
507 if (r == 0)
508 return log_error_errno(SYNTHETIC_ERRNO(EBUSY), "Network interface %s is not initialized yet.", name);
509
510 r = device_is_renaming(d);
511 if (r < 0)
512 return log_error_errno(r, "Failed to determine the interface %s is being renamed: %m", name);
513 if (r > 0)
514 return log_error_errno(SYNTHETIC_ERRNO(EBUSY), "Interface %s is being renamed.", name);
515
516 return 0;
517 }
518
519 int move_network_interfaces(int netns_fd, char **ifaces) {
520 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
521 char **i;
522 int r;
523
524 if (strv_isempty(ifaces))
525 return 0;
526
527 r = sd_netlink_open(&rtnl);
528 if (r < 0)
529 return log_error_errno(r, "Failed to connect to netlink: %m");
530
531 STRV_FOREACH(i, ifaces) {
532 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
533 int ifi;
534
535 ifi = parse_interface(*i);
536 if (ifi < 0)
537 return ifi;
538
539 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
540 if (r < 0)
541 return log_error_errno(r, "Failed to allocate netlink message: %m");
542
543 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_FD, netns_fd);
544 if (r < 0)
545 return log_error_errno(r, "Failed to append namespace fd to netlink message: %m");
546
547 r = sd_netlink_call(rtnl, m, 0, NULL);
548 if (r < 0)
549 return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
550 }
551
552 return 0;
553 }
554
555 int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
556 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
557 unsigned idx = 0;
558 char **i;
559 int r;
560
561 if (strv_isempty(ifaces))
562 return 0;
563
564 r = sd_netlink_open(&rtnl);
565 if (r < 0)
566 return log_error_errno(r, "Failed to connect to netlink: %m");
567
568 STRV_FOREACH(i, ifaces) {
569 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
570 _cleanup_free_ char *n = NULL, *a = NULL;
571 struct ether_addr mac;
572 int ifi;
573
574 ifi = parse_interface(*i);
575 if (ifi < 0)
576 return ifi;
577
578 r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
579 if (r < 0)
580 return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
581
582 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
583 if (r < 0)
584 return log_error_errno(r, "Failed to allocate netlink message: %m");
585
586 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
587 if (r < 0)
588 return log_error_errno(r, "Failed to add netlink interface index: %m");
589
590 n = strjoin("mv-", *i);
591 if (!n)
592 return log_oom();
593
594 r = shorten_ifname(n);
595 if (r > 0) {
596 a = strjoin("mv-", *i);
597 if (!a)
598 return log_oom();
599 }
600
601 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
602 if (r < 0)
603 return log_error_errno(r, "Failed to add netlink interface name: %m");
604
605 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
606 if (r < 0)
607 return log_error_errno(r, "Failed to add netlink MAC address: %m");
608
609 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
610 if (r < 0)
611 return log_error_errno(r, "Failed to add netlink namespace field: %m");
612
613 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
614 if (r < 0)
615 return log_error_errno(r, "Failed to open netlink container: %m");
616
617 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
618 if (r < 0)
619 return log_error_errno(r, "Failed to open netlink container: %m");
620
621 r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
622 if (r < 0)
623 return log_error_errno(r, "Failed to append macvlan mode: %m");
624
625 r = sd_netlink_message_close_container(m);
626 if (r < 0)
627 return log_error_errno(r, "Failed to close netlink container: %m");
628
629 r = sd_netlink_message_close_container(m);
630 if (r < 0)
631 return log_error_errno(r, "Failed to close netlink container: %m");
632
633 r = sd_netlink_call(rtnl, m, 0, NULL);
634 if (r < 0)
635 return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
636
637 (void) set_alternative_ifname(rtnl, n, a);
638 }
639
640 return 0;
641 }
642
643 int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
644 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
645 char **i;
646 int r;
647
648 if (strv_isempty(ifaces))
649 return 0;
650
651 r = sd_netlink_open(&rtnl);
652 if (r < 0)
653 return log_error_errno(r, "Failed to connect to netlink: %m");
654
655 STRV_FOREACH(i, ifaces) {
656 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
657 _cleanup_free_ char *n = NULL, *a = NULL;
658 int ifi;
659
660 ifi = parse_interface(*i);
661 if (ifi < 0)
662 return ifi;
663
664 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
665 if (r < 0)
666 return log_error_errno(r, "Failed to allocate netlink message: %m");
667
668 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
669 if (r < 0)
670 return log_error_errno(r, "Failed to add netlink interface index: %m");
671
672 n = strjoin("iv-", *i);
673 if (!n)
674 return log_oom();
675
676 r = shorten_ifname(n);
677 if (r > 0) {
678 a = strjoin("iv-", *i);
679 if (!a)
680 return log_oom();
681 }
682
683 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
684 if (r < 0)
685 return log_error_errno(r, "Failed to add netlink interface name: %m");
686
687 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
688 if (r < 0)
689 return log_error_errno(r, "Failed to add netlink namespace field: %m");
690
691 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
692 if (r < 0)
693 return log_error_errno(r, "Failed to open netlink container: %m");
694
695 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
696 if (r < 0)
697 return log_error_errno(r, "Failed to open netlink container: %m");
698
699 r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
700 if (r < 0)
701 return log_error_errno(r, "Failed to add ipvlan mode: %m");
702
703 r = sd_netlink_message_close_container(m);
704 if (r < 0)
705 return log_error_errno(r, "Failed to close netlink container: %m");
706
707 r = sd_netlink_message_close_container(m);
708 if (r < 0)
709 return log_error_errno(r, "Failed to close netlink container: %m");
710
711 r = sd_netlink_call(rtnl, m, 0, NULL);
712 if (r < 0)
713 return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
714
715 (void) set_alternative_ifname(rtnl, n, a);
716 }
717
718 return 0;
719 }
720
721 int veth_extra_parse(char ***l, const char *p) {
722 _cleanup_free_ char *a = NULL, *b = NULL;
723 int r;
724
725 r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
726 if (r < 0)
727 return r;
728 if (r == 0 || !ifname_valid(a))
729 return -EINVAL;
730
731 r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
732 if (r < 0)
733 return r;
734 if (r == 0 || !ifname_valid(b)) {
735 free(b);
736 b = strdup(a);
737 if (!b)
738 return -ENOMEM;
739 }
740
741 if (p)
742 return -EINVAL;
743
744 r = strv_push_pair(l, a, b);
745 if (r < 0)
746 return -ENOMEM;
747
748 a = b = NULL;
749 return 0;
750 }
751
752 int remove_veth_links(const char *primary, char **pairs) {
753 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
754 char **a, **b;
755 int r;
756
757 /* In some cases the kernel might pin the veth links between host and container even after the namespace
758 * died. Hence, let's better remove them explicitly too. */
759
760 if (isempty(primary) && strv_isempty(pairs))
761 return 0;
762
763 r = sd_netlink_open(&rtnl);
764 if (r < 0)
765 return log_error_errno(r, "Failed to connect to netlink: %m");
766
767 remove_one_link(rtnl, primary);
768
769 STRV_FOREACH_PAIR(a, b, pairs)
770 remove_one_link(rtnl, *a);
771
772 return 0;
773 }
Unnamed repository; edit this file 'description' to name the repository.