]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/nspawn/nspawn-network.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #14167 from cpaelzer/fix-MemoryDenyWriteExecute-x86-s390-bug-18538...
[thirdparty/systemd.git] / src / nspawn / nspawn-network.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <linux/veth.h>
4 #include <sys/file.h>
5
6 #include "sd-device.h"
7 #include "sd-id128.h"
8 #include "sd-netlink.h"
9
10 #include "alloc-util.h"
11 #include "ether-addr-util.h"
12 #include "lockfile-util.h"
13 #include "missing_network.h"
14 #include "netlink-util.h"
15 #include "nspawn-network.h"
16 #include "parse-util.h"
17 #include "siphash24.h"
18 #include "socket-util.h"
19 #include "stat-util.h"
20 #include "string-util.h"
21 #include "strv.h"
22 #include "udev-util.h"
23 #include "util.h"
24
25 #define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
26 #define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
27 #define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
28 #define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
29 #define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
30
31 static int remove_one_link(sd_netlink *rtnl, const char *name) {
32 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
33 int r;
34
35 if (isempty(name))
36 return 0;
37
38 r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
39 if (r < 0)
40 return log_error_errno(r, "Failed to allocate netlink message: %m");
41
42 r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
43 if (r < 0)
44 return log_error_errno(r, "Failed to add netlink interface name: %m");
45
46 r = sd_netlink_call(rtnl, m, 0, NULL);
47 if (r == -ENODEV) /* Already gone */
48 return 0;
49 if (r < 0)
50 return log_error_errno(r, "Failed to remove interface %s: %m", name);
51
52 return 1;
53 }
54
55 static int generate_mac(
56 const char *machine_name,
57 struct ether_addr *mac,
58 sd_id128_t hash_key,
59 uint64_t idx) {
60
61 uint64_t result;
62 size_t l, sz;
63 uint8_t *v, *i;
64 int r;
65
66 l = strlen(machine_name);
67 sz = sizeof(sd_id128_t) + l;
68 if (idx > 0)
69 sz += sizeof(idx);
70
71 v = newa(uint8_t, sz);
72
73 /* fetch some persistent data unique to the host */
74 r = sd_id128_get_machine((sd_id128_t*) v);
75 if (r < 0)
76 return r;
77
78 /* combine with some data unique (on this host) to this
79 * container instance */
80 i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
81 if (idx > 0) {
82 idx = htole64(idx);
83 memcpy(i, &idx, sizeof(idx));
84 }
85
86 /* Let's hash the host machine ID plus the container name. We
87 * use a fixed, but originally randomly created hash key here. */
88 result = htole64(siphash24(v, sz, hash_key.bytes));
89
90 assert_cc(ETH_ALEN <= sizeof(result));
91 memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
92
93 /* see eth_random_addr in the kernel */
94 mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
95 mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
96
97 return 0;
98 }
99
100 static int add_veth(
101 sd_netlink *rtnl,
102 pid_t pid,
103 const char *ifname_host,
104 const struct ether_addr *mac_host,
105 const char *ifname_container,
106 const struct ether_addr *mac_container) {
107
108 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
109 int r;
110
111 assert(rtnl);
112 assert(ifname_host);
113 assert(mac_host);
114 assert(ifname_container);
115 assert(mac_container);
116
117 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
118 if (r < 0)
119 return log_error_errno(r, "Failed to allocate netlink message: %m");
120
121 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
122 if (r < 0)
123 return log_error_errno(r, "Failed to add netlink interface name: %m");
124
125 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
126 if (r < 0)
127 return log_error_errno(r, "Failed to add netlink MAC address: %m");
128
129 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
130 if (r < 0)
131 return log_error_errno(r, "Failed to open netlink container: %m");
132
133 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
134 if (r < 0)
135 return log_error_errno(r, "Failed to open netlink container: %m");
136
137 r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
138 if (r < 0)
139 return log_error_errno(r, "Failed to open netlink container: %m");
140
141 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
142 if (r < 0)
143 return log_error_errno(r, "Failed to add netlink interface name: %m");
144
145 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
146 if (r < 0)
147 return log_error_errno(r, "Failed to add netlink MAC address: %m");
148
149 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
150 if (r < 0)
151 return log_error_errno(r, "Failed to add netlink namespace field: %m");
152
153 r = sd_netlink_message_close_container(m);
154 if (r < 0)
155 return log_error_errno(r, "Failed to close netlink container: %m");
156
157 r = sd_netlink_message_close_container(m);
158 if (r < 0)
159 return log_error_errno(r, "Failed to close netlink container: %m");
160
161 r = sd_netlink_message_close_container(m);
162 if (r < 0)
163 return log_error_errno(r, "Failed to close netlink container: %m");
164
165 r = sd_netlink_call(rtnl, m, 0, NULL);
166 if (r < 0)
167 return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
168
169 return 0;
170 }
171
172 int setup_veth(const char *machine_name,
173 pid_t pid,
174 char iface_name[IFNAMSIZ],
175 bool bridge) {
176
177 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
178 struct ether_addr mac_host, mac_container;
179 int r, i;
180
181 assert(machine_name);
182 assert(pid > 0);
183 assert(iface_name);
184
185 /* Use two different interface name prefixes depending whether
186 * we are in bridge mode or not. */
187 snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
188 bridge ? "vb" : "ve", machine_name);
189
190 r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
191 if (r < 0)
192 return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
193
194 r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
195 if (r < 0)
196 return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
197
198 r = sd_netlink_open(&rtnl);
199 if (r < 0)
200 return log_error_errno(r, "Failed to connect to netlink: %m");
201
202 r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container);
203 if (r < 0)
204 return r;
205
206 r = parse_ifindex_or_ifname(iface_name, &i);
207 if (r < 0)
208 return log_error_errno(r, "Failed to resolve interface %s: %m", iface_name);
209
210 return i;
211 }
212
213 int setup_veth_extra(
214 const char *machine_name,
215 pid_t pid,
216 char **pairs) {
217
218 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
219 uint64_t idx = 0;
220 char **a, **b;
221 int r;
222
223 assert(machine_name);
224 assert(pid > 0);
225
226 if (strv_isempty(pairs))
227 return 0;
228
229 r = sd_netlink_open(&rtnl);
230 if (r < 0)
231 return log_error_errno(r, "Failed to connect to netlink: %m");
232
233 STRV_FOREACH_PAIR(a, b, pairs) {
234 struct ether_addr mac_host, mac_container;
235
236 r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
237 if (r < 0)
238 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
239
240 r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
241 if (r < 0)
242 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
243
244 r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
245 if (r < 0)
246 return r;
247
248 idx++;
249 }
250
251 return 0;
252 }
253
254 static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) {
255 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
256 int r, bridge_ifi;
257
258 assert(rtnl);
259 assert(veth_name);
260 assert(bridge_name);
261
262 r = parse_ifindex_or_ifname(bridge_name, &bridge_ifi);
263 if (r < 0)
264 return r;
265
266 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
267 if (r < 0)
268 return r;
269
270 r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
271 if (r < 0)
272 return r;
273
274 r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
275 if (r < 0)
276 return r;
277
278 r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
279 if (r < 0)
280 return r;
281
282 r = sd_netlink_call(rtnl, m, 0, NULL);
283 if (r < 0)
284 return r;
285
286 return bridge_ifi;
287 }
288
289 static int create_bridge(sd_netlink *rtnl, const char *bridge_name) {
290 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
291 int r;
292
293 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
294 if (r < 0)
295 return r;
296
297 r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name);
298 if (r < 0)
299 return r;
300
301 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
302 if (r < 0)
303 return r;
304
305 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge");
306 if (r < 0)
307 return r;
308
309 r = sd_netlink_message_close_container(m);
310 if (r < 0)
311 return r;
312
313 r = sd_netlink_message_close_container(m);
314 if (r < 0)
315 return r;
316
317 r = sd_netlink_call(rtnl, m, 0, NULL);
318 if (r < 0)
319 return r;
320
321 return 0;
322 }
323
324 int setup_bridge(const char *veth_name, const char *bridge_name, bool create) {
325 _cleanup_(release_lock_file) LockFile bridge_lock = LOCK_FILE_INIT;
326 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
327 int r, bridge_ifi;
328 unsigned n = 0;
329
330 assert(veth_name);
331 assert(bridge_name);
332
333 r = sd_netlink_open(&rtnl);
334 if (r < 0)
335 return log_error_errno(r, "Failed to connect to netlink: %m");
336
337 if (create) {
338 /* We take a system-wide lock here, so that we can safely check whether there's still a member in the
339 * bridge before removing it, without risking interference from other nspawn instances. */
340
341 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
342 if (r < 0)
343 return log_error_errno(r, "Failed to take network zone lock: %m");
344 }
345
346 for (;;) {
347 bridge_ifi = join_bridge(rtnl, veth_name, bridge_name);
348 if (bridge_ifi >= 0)
349 return bridge_ifi;
350 if (bridge_ifi != -ENODEV || !create || n > 10)
351 return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name);
352
353 /* Count attempts, so that we don't enter an endless loop here. */
354 n++;
355
356 /* The bridge doesn't exist yet. Let's create it */
357 r = create_bridge(rtnl, bridge_name);
358 if (r < 0)
359 return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name);
360
361 /* Try again, now that the bridge exists */
362 }
363 }
364
365 int remove_bridge(const char *bridge_name) {
366 _cleanup_(release_lock_file) LockFile bridge_lock = LOCK_FILE_INIT;
367 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
368 const char *path;
369 int r;
370
371 /* Removes the specified bridge, but only if it is currently empty */
372
373 if (isempty(bridge_name))
374 return 0;
375
376 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
377 if (r < 0)
378 return log_error_errno(r, "Failed to take network zone lock: %m");
379
380 path = strjoina("/sys/class/net/", bridge_name, "/brif");
381
382 r = dir_is_empty(path);
383 if (r == -ENOENT) /* Already gone? */
384 return 0;
385 if (r < 0)
386 return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name);
387 if (r == 0) /* Still populated, leave it around */
388 return 0;
389
390 r = sd_netlink_open(&rtnl);
391 if (r < 0)
392 return log_error_errno(r, "Failed to connect to netlink: %m");
393
394 return remove_one_link(rtnl, bridge_name);
395 }
396
397 static int parse_interface(const char *name) {
398 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
399 int ifi, r;
400
401 r = parse_ifindex_or_ifname(name, &ifi);
402 if (r < 0)
403 return log_error_errno(r, "Failed to resolve interface %s: %m", name);
404
405 if (path_is_read_only_fs("/sys") <= 0) {
406 char ifi_str[2 + DECIMAL_STR_MAX(int)];
407
408 /* udev should be around. */
409
410 sprintf(ifi_str, "n%i", ifi);
411 r = sd_device_new_from_device_id(&d, ifi_str);
412 if (r < 0)
413 return log_error_errno(r, "Failed to get device %s: %m", name);
414
415 r = sd_device_get_is_initialized(d);
416 if (r < 0)
417 return log_error_errno(r, "Failed to determine whether interface %s is initialized: %m", name);
418 if (r == 0)
419 return log_error_errno(SYNTHETIC_ERRNO(EBUSY), "Network interface %s is not initialized yet.", name);
420
421 r = device_is_renaming(d);
422 if (r < 0)
423 return log_error_errno(r, "Failed to determine the interface %s is being renamed: %m", name);
424 if (r > 0)
425 return log_error_errno(SYNTHETIC_ERRNO(EBUSY), "Interface %s is being renamed.", name);
426 }
427
428 return ifi;
429 }
430
431 int move_network_interfaces(pid_t pid, char **ifaces) {
432 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
433 char **i;
434 int r;
435
436 if (strv_isempty(ifaces))
437 return 0;
438
439 r = sd_netlink_open(&rtnl);
440 if (r < 0)
441 return log_error_errno(r, "Failed to connect to netlink: %m");
442
443 STRV_FOREACH(i, ifaces) {
444 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
445 int ifi;
446
447 ifi = parse_interface(*i);
448 if (ifi < 0)
449 return ifi;
450
451 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
452 if (r < 0)
453 return log_error_errno(r, "Failed to allocate netlink message: %m");
454
455 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
456 if (r < 0)
457 return log_error_errno(r, "Failed to append namespace PID to netlink message: %m");
458
459 r = sd_netlink_call(rtnl, m, 0, NULL);
460 if (r < 0)
461 return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
462 }
463
464 return 0;
465 }
466
467 int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
468 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
469 unsigned idx = 0;
470 char **i;
471 int r;
472
473 if (strv_isempty(ifaces))
474 return 0;
475
476 r = sd_netlink_open(&rtnl);
477 if (r < 0)
478 return log_error_errno(r, "Failed to connect to netlink: %m");
479
480 STRV_FOREACH(i, ifaces) {
481 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
482 _cleanup_free_ char *n = NULL;
483 struct ether_addr mac;
484 int ifi;
485
486 ifi = parse_interface(*i);
487 if (ifi < 0)
488 return ifi;
489
490 r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
491 if (r < 0)
492 return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
493
494 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
495 if (r < 0)
496 return log_error_errno(r, "Failed to allocate netlink message: %m");
497
498 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
499 if (r < 0)
500 return log_error_errno(r, "Failed to add netlink interface index: %m");
501
502 n = strjoin("mv-", *i);
503 if (!n)
504 return log_oom();
505
506 strshorten(n, IFNAMSIZ-1);
507
508 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
509 if (r < 0)
510 return log_error_errno(r, "Failed to add netlink interface name: %m");
511
512 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
513 if (r < 0)
514 return log_error_errno(r, "Failed to add netlink MAC address: %m");
515
516 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
517 if (r < 0)
518 return log_error_errno(r, "Failed to add netlink namespace field: %m");
519
520 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
521 if (r < 0)
522 return log_error_errno(r, "Failed to open netlink container: %m");
523
524 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
525 if (r < 0)
526 return log_error_errno(r, "Failed to open netlink container: %m");
527
528 r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
529 if (r < 0)
530 return log_error_errno(r, "Failed to append macvlan mode: %m");
531
532 r = sd_netlink_message_close_container(m);
533 if (r < 0)
534 return log_error_errno(r, "Failed to close netlink container: %m");
535
536 r = sd_netlink_message_close_container(m);
537 if (r < 0)
538 return log_error_errno(r, "Failed to close netlink container: %m");
539
540 r = sd_netlink_call(rtnl, m, 0, NULL);
541 if (r < 0)
542 return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
543 }
544
545 return 0;
546 }
547
548 int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
549 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
550 char **i;
551 int r;
552
553 if (strv_isempty(ifaces))
554 return 0;
555
556 r = sd_netlink_open(&rtnl);
557 if (r < 0)
558 return log_error_errno(r, "Failed to connect to netlink: %m");
559
560 STRV_FOREACH(i, ifaces) {
561 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
562 _cleanup_free_ char *n = NULL;
563 int ifi;
564
565 ifi = parse_interface(*i);
566 if (ifi < 0)
567 return ifi;
568
569 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
570 if (r < 0)
571 return log_error_errno(r, "Failed to allocate netlink message: %m");
572
573 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
574 if (r < 0)
575 return log_error_errno(r, "Failed to add netlink interface index: %m");
576
577 n = strjoin("iv-", *i);
578 if (!n)
579 return log_oom();
580
581 strshorten(n, IFNAMSIZ-1);
582
583 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
584 if (r < 0)
585 return log_error_errno(r, "Failed to add netlink interface name: %m");
586
587 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
588 if (r < 0)
589 return log_error_errno(r, "Failed to add netlink namespace field: %m");
590
591 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
592 if (r < 0)
593 return log_error_errno(r, "Failed to open netlink container: %m");
594
595 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
596 if (r < 0)
597 return log_error_errno(r, "Failed to open netlink container: %m");
598
599 r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
600 if (r < 0)
601 return log_error_errno(r, "Failed to add ipvlan mode: %m");
602
603 r = sd_netlink_message_close_container(m);
604 if (r < 0)
605 return log_error_errno(r, "Failed to close netlink container: %m");
606
607 r = sd_netlink_message_close_container(m);
608 if (r < 0)
609 return log_error_errno(r, "Failed to close netlink container: %m");
610
611 r = sd_netlink_call(rtnl, m, 0, NULL);
612 if (r < 0)
613 return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
614 }
615
616 return 0;
617 }
618
619 int veth_extra_parse(char ***l, const char *p) {
620 _cleanup_free_ char *a = NULL, *b = NULL;
621 int r;
622
623 r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
624 if (r < 0)
625 return r;
626 if (r == 0 || !ifname_valid(a))
627 return -EINVAL;
628
629 r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
630 if (r < 0)
631 return r;
632 if (r == 0 || !ifname_valid(b)) {
633 free(b);
634 b = strdup(a);
635 if (!b)
636 return -ENOMEM;
637 }
638
639 if (p)
640 return -EINVAL;
641
642 r = strv_push_pair(l, a, b);
643 if (r < 0)
644 return -ENOMEM;
645
646 a = b = NULL;
647 return 0;
648 }
649
650 int remove_veth_links(const char *primary, char **pairs) {
651 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
652 char **a, **b;
653 int r;
654
655 /* In some cases the kernel might pin the veth links between host and container even after the namespace
656 * died. Hence, let's better remove them explicitly too. */
657
658 if (isempty(primary) && strv_isempty(pairs))
659 return 0;
660
661 r = sd_netlink_open(&rtnl);
662 if (r < 0)
663 return log_error_errno(r, "Failed to connect to netlink: %m");
664
665 remove_one_link(rtnl, primary);
666
667 STRV_FOREACH_PAIR(a, b, pairs)
668 remove_one_link(rtnl, *a);
669
670 return 0;
671 }
Unnamed repository; edit this file 'description' to name the repository.