]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/nspawn/nspawn-network.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #14467 from poettering/nspawn-short-names-rework
[thirdparty/systemd.git] / src / nspawn / nspawn-network.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <linux/veth.h>
4 #include <sys/file.h>
5
6 #include "sd-device.h"
7 #include "sd-id128.h"
8 #include "sd-netlink.h"
9
10 #include "alloc-util.h"
11 #include "ether-addr-util.h"
12 #include "lockfile-util.h"
13 #include "missing_network.h"
14 #include "netif-naming-scheme.h"
15 #include "netlink-util.h"
16 #include "nspawn-network.h"
17 #include "parse-util.h"
18 #include "siphash24.h"
19 #include "socket-util.h"
20 #include "stat-util.h"
21 #include "string-util.h"
22 #include "strv.h"
23 #include "udev-util.h"
24 #include "util.h"
25
26 #define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
27 #define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
28 #define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
29 #define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
30 #define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
31 #define SHORTEN_IFNAME_HASH_KEY SD_ID128_MAKE(e1,90,a4,04,a8,ef,4b,51,8c,cc,c3,3a,9f,11,fc,a2)
32
33 static int remove_one_link(sd_netlink *rtnl, const char *name) {
34 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
35 int r;
36
37 if (isempty(name))
38 return 0;
39
40 r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
41 if (r < 0)
42 return log_error_errno(r, "Failed to allocate netlink message: %m");
43
44 r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
45 if (r < 0)
46 return log_error_errno(r, "Failed to add netlink interface name: %m");
47
48 r = sd_netlink_call(rtnl, m, 0, NULL);
49 if (r == -ENODEV) /* Already gone */
50 return 0;
51 if (r < 0)
52 return log_error_errno(r, "Failed to remove interface %s: %m", name);
53
54 return 1;
55 }
56
57 static int generate_mac(
58 const char *machine_name,
59 struct ether_addr *mac,
60 sd_id128_t hash_key,
61 uint64_t idx) {
62
63 uint64_t result;
64 size_t l, sz;
65 uint8_t *v, *i;
66 int r;
67
68 l = strlen(machine_name);
69 sz = sizeof(sd_id128_t) + l;
70 if (idx > 0)
71 sz += sizeof(idx);
72
73 v = newa(uint8_t, sz);
74
75 /* fetch some persistent data unique to the host */
76 r = sd_id128_get_machine((sd_id128_t*) v);
77 if (r < 0)
78 return r;
79
80 /* combine with some data unique (on this host) to this
81 * container instance */
82 i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
83 if (idx > 0) {
84 idx = htole64(idx);
85 memcpy(i, &idx, sizeof(idx));
86 }
87
88 /* Let's hash the host machine ID plus the container name. We
89 * use a fixed, but originally randomly created hash key here. */
90 result = htole64(siphash24(v, sz, hash_key.bytes));
91
92 assert_cc(ETH_ALEN <= sizeof(result));
93 memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
94
95 /* see eth_random_addr in the kernel */
96 mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
97 mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
98
99 return 0;
100 }
101
102 static int add_veth(
103 sd_netlink *rtnl,
104 pid_t pid,
105 const char *ifname_host,
106 const struct ether_addr *mac_host,
107 const char *ifname_container,
108 const struct ether_addr *mac_container) {
109
110 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
111 int r;
112
113 assert(rtnl);
114 assert(ifname_host);
115 assert(mac_host);
116 assert(ifname_container);
117 assert(mac_container);
118
119 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
120 if (r < 0)
121 return log_error_errno(r, "Failed to allocate netlink message: %m");
122
123 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
124 if (r < 0)
125 return log_error_errno(r, "Failed to add netlink interface name: %m");
126
127 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
128 if (r < 0)
129 return log_error_errno(r, "Failed to add netlink MAC address: %m");
130
131 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
132 if (r < 0)
133 return log_error_errno(r, "Failed to open netlink container: %m");
134
135 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
136 if (r < 0)
137 return log_error_errno(r, "Failed to open netlink container: %m");
138
139 r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
140 if (r < 0)
141 return log_error_errno(r, "Failed to open netlink container: %m");
142
143 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
144 if (r < 0)
145 return log_error_errno(r, "Failed to add netlink interface name: %m");
146
147 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
148 if (r < 0)
149 return log_error_errno(r, "Failed to add netlink MAC address: %m");
150
151 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
152 if (r < 0)
153 return log_error_errno(r, "Failed to add netlink namespace field: %m");
154
155 r = sd_netlink_message_close_container(m);
156 if (r < 0)
157 return log_error_errno(r, "Failed to close netlink container: %m");
158
159 r = sd_netlink_message_close_container(m);
160 if (r < 0)
161 return log_error_errno(r, "Failed to close netlink container: %m");
162
163 r = sd_netlink_message_close_container(m);
164 if (r < 0)
165 return log_error_errno(r, "Failed to close netlink container: %m");
166
167 r = sd_netlink_call(rtnl, m, 0, NULL);
168 if (r < 0)
169 return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
170
171 return 0;
172 }
173
174 /* This is almost base64char(), but not entirely, as it uses the "url and filename safe" alphabet, since we
175 * don't want "/" appear in interface names (since interfaces appear in sysfs as filenames). See section #5
176 * of RFC 4648. */
177 static char urlsafe_base64char(int x) {
178 static const char table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
179 "abcdefghijklmnopqrstuvwxyz"
180 "0123456789-_";
181 return table[x & 63];
182 }
183
184 static void shorten_ifname(char *ifname) {
185 char new_ifname[IFNAMSIZ];
186
187 assert(ifname);
188
189 if (strlen(ifname) < IFNAMSIZ) /* Name is short enough */
190 return;
191
192 if (naming_scheme_has(NAMING_NSPAWN_LONG_HASH)) {
193 uint64_t h;
194
195 /* Calculate 64bit hash value */
196 h = siphash24(ifname, strlen(ifname), SHORTEN_IFNAME_HASH_KEY.bytes);
197
198 /* Set the final four bytes (i.e. 32bit) to the lower 24bit of the hash, encoded in url-safe base64 */
199 memcpy(new_ifname, ifname, IFNAMSIZ - 5);
200 new_ifname[IFNAMSIZ - 5] = urlsafe_base64char(h >> 18);
201 new_ifname[IFNAMSIZ - 4] = urlsafe_base64char(h >> 12);
202 new_ifname[IFNAMSIZ - 3] = urlsafe_base64char(h >> 6);
203 new_ifname[IFNAMSIZ - 2] = urlsafe_base64char(h);
204 } else
205 /* On old nspawn versions we just truncated the name, provide compatibility */
206 memcpy(new_ifname, ifname, IFNAMSIZ-1);
207
208 new_ifname[IFNAMSIZ - 1] = 0;
209
210 /* Log the incident to make it more discoverable */
211 log_warning("Network interface name '%s' has been changed to '%s' to fit length constraints.", ifname, new_ifname);
212
213 strcpy(ifname, new_ifname);
214 }
215
216 int setup_veth(const char *machine_name,
217 pid_t pid,
218 char iface_name[IFNAMSIZ],
219 bool bridge) {
220
221 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
222 struct ether_addr mac_host, mac_container;
223 unsigned u;
224 char *n;
225 int r;
226
227 assert(machine_name);
228 assert(pid > 0);
229 assert(iface_name);
230
231 /* Use two different interface name prefixes depending whether
232 * we are in bridge mode or not. */
233 n = strjoina(bridge ? "vb-" : "ve-", machine_name);
234 shorten_ifname(n);
235
236 r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
237 if (r < 0)
238 return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
239
240 r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
241 if (r < 0)
242 return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
243
244 r = sd_netlink_open(&rtnl);
245 if (r < 0)
246 return log_error_errno(r, "Failed to connect to netlink: %m");
247
248 r = add_veth(rtnl, pid, n, &mac_host, "host0", &mac_container);
249 if (r < 0)
250 return r;
251
252 u = if_nametoindex(n);
253 if (u == 0)
254 return log_error_errno(errno, "Failed to resolve interface %s: %m", n);
255
256 strcpy(iface_name, n);
257 return (int) u;
258 }
259
260 int setup_veth_extra(
261 const char *machine_name,
262 pid_t pid,
263 char **pairs) {
264
265 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
266 uint64_t idx = 0;
267 char **a, **b;
268 int r;
269
270 assert(machine_name);
271 assert(pid > 0);
272
273 if (strv_isempty(pairs))
274 return 0;
275
276 r = sd_netlink_open(&rtnl);
277 if (r < 0)
278 return log_error_errno(r, "Failed to connect to netlink: %m");
279
280 STRV_FOREACH_PAIR(a, b, pairs) {
281 struct ether_addr mac_host, mac_container;
282
283 r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
284 if (r < 0)
285 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
286
287 r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
288 if (r < 0)
289 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
290
291 r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
292 if (r < 0)
293 return r;
294
295 idx++;
296 }
297
298 return 0;
299 }
300
301 static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) {
302 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
303 int r, bridge_ifi;
304
305 assert(rtnl);
306 assert(veth_name);
307 assert(bridge_name);
308
309 r = parse_ifindex_or_ifname(bridge_name, &bridge_ifi);
310 if (r < 0)
311 return r;
312
313 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
314 if (r < 0)
315 return r;
316
317 r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
318 if (r < 0)
319 return r;
320
321 r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
322 if (r < 0)
323 return r;
324
325 r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
326 if (r < 0)
327 return r;
328
329 r = sd_netlink_call(rtnl, m, 0, NULL);
330 if (r < 0)
331 return r;
332
333 return bridge_ifi;
334 }
335
336 static int create_bridge(sd_netlink *rtnl, const char *bridge_name) {
337 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
338 int r;
339
340 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
341 if (r < 0)
342 return r;
343
344 r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name);
345 if (r < 0)
346 return r;
347
348 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
349 if (r < 0)
350 return r;
351
352 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge");
353 if (r < 0)
354 return r;
355
356 r = sd_netlink_message_close_container(m);
357 if (r < 0)
358 return r;
359
360 r = sd_netlink_message_close_container(m);
361 if (r < 0)
362 return r;
363
364 r = sd_netlink_call(rtnl, m, 0, NULL);
365 if (r < 0)
366 return r;
367
368 return 0;
369 }
370
371 int setup_bridge(const char *veth_name, const char *bridge_name, bool create) {
372 _cleanup_(release_lock_file) LockFile bridge_lock = LOCK_FILE_INIT;
373 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
374 int r, bridge_ifi;
375 unsigned n = 0;
376
377 assert(veth_name);
378 assert(bridge_name);
379
380 r = sd_netlink_open(&rtnl);
381 if (r < 0)
382 return log_error_errno(r, "Failed to connect to netlink: %m");
383
384 if (create) {
385 /* We take a system-wide lock here, so that we can safely check whether there's still a member in the
386 * bridge before removing it, without risking interference from other nspawn instances. */
387
388 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
389 if (r < 0)
390 return log_error_errno(r, "Failed to take network zone lock: %m");
391 }
392
393 for (;;) {
394 bridge_ifi = join_bridge(rtnl, veth_name, bridge_name);
395 if (bridge_ifi >= 0)
396 return bridge_ifi;
397 if (bridge_ifi != -ENODEV || !create || n > 10)
398 return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name);
399
400 /* Count attempts, so that we don't enter an endless loop here. */
401 n++;
402
403 /* The bridge doesn't exist yet. Let's create it */
404 r = create_bridge(rtnl, bridge_name);
405 if (r < 0)
406 return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name);
407
408 /* Try again, now that the bridge exists */
409 }
410 }
411
412 int remove_bridge(const char *bridge_name) {
413 _cleanup_(release_lock_file) LockFile bridge_lock = LOCK_FILE_INIT;
414 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
415 const char *path;
416 int r;
417
418 /* Removes the specified bridge, but only if it is currently empty */
419
420 if (isempty(bridge_name))
421 return 0;
422
423 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
424 if (r < 0)
425 return log_error_errno(r, "Failed to take network zone lock: %m");
426
427 path = strjoina("/sys/class/net/", bridge_name, "/brif");
428
429 r = dir_is_empty(path);
430 if (r == -ENOENT) /* Already gone? */
431 return 0;
432 if (r < 0)
433 return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name);
434 if (r == 0) /* Still populated, leave it around */
435 return 0;
436
437 r = sd_netlink_open(&rtnl);
438 if (r < 0)
439 return log_error_errno(r, "Failed to connect to netlink: %m");
440
441 return remove_one_link(rtnl, bridge_name);
442 }
443
444 static int parse_interface(const char *name) {
445 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
446 int ifi, r;
447
448 r = parse_ifindex_or_ifname(name, &ifi);
449 if (r < 0)
450 return log_error_errno(r, "Failed to resolve interface %s: %m", name);
451
452 if (path_is_read_only_fs("/sys") <= 0) {
453 char ifi_str[2 + DECIMAL_STR_MAX(int)];
454
455 /* udev should be around. */
456
457 sprintf(ifi_str, "n%i", ifi);
458 r = sd_device_new_from_device_id(&d, ifi_str);
459 if (r < 0)
460 return log_error_errno(r, "Failed to get device %s: %m", name);
461
462 r = sd_device_get_is_initialized(d);
463 if (r < 0)
464 return log_error_errno(r, "Failed to determine whether interface %s is initialized: %m", name);
465 if (r == 0)
466 return log_error_errno(SYNTHETIC_ERRNO(EBUSY), "Network interface %s is not initialized yet.", name);
467
468 r = device_is_renaming(d);
469 if (r < 0)
470 return log_error_errno(r, "Failed to determine the interface %s is being renamed: %m", name);
471 if (r > 0)
472 return log_error_errno(SYNTHETIC_ERRNO(EBUSY), "Interface %s is being renamed.", name);
473 }
474
475 return ifi;
476 }
477
478 int move_network_interfaces(pid_t pid, char **ifaces) {
479 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
480 char **i;
481 int r;
482
483 if (strv_isempty(ifaces))
484 return 0;
485
486 r = sd_netlink_open(&rtnl);
487 if (r < 0)
488 return log_error_errno(r, "Failed to connect to netlink: %m");
489
490 STRV_FOREACH(i, ifaces) {
491 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
492 int ifi;
493
494 ifi = parse_interface(*i);
495 if (ifi < 0)
496 return ifi;
497
498 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
499 if (r < 0)
500 return log_error_errno(r, "Failed to allocate netlink message: %m");
501
502 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
503 if (r < 0)
504 return log_error_errno(r, "Failed to append namespace PID to netlink message: %m");
505
506 r = sd_netlink_call(rtnl, m, 0, NULL);
507 if (r < 0)
508 return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
509 }
510
511 return 0;
512 }
513
514 int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
515 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
516 unsigned idx = 0;
517 char **i;
518 int r;
519
520 if (strv_isempty(ifaces))
521 return 0;
522
523 r = sd_netlink_open(&rtnl);
524 if (r < 0)
525 return log_error_errno(r, "Failed to connect to netlink: %m");
526
527 STRV_FOREACH(i, ifaces) {
528 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
529 _cleanup_free_ char *n = NULL;
530 struct ether_addr mac;
531 int ifi;
532
533 ifi = parse_interface(*i);
534 if (ifi < 0)
535 return ifi;
536
537 r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
538 if (r < 0)
539 return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
540
541 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
542 if (r < 0)
543 return log_error_errno(r, "Failed to allocate netlink message: %m");
544
545 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
546 if (r < 0)
547 return log_error_errno(r, "Failed to add netlink interface index: %m");
548
549 n = strjoin("mv-", *i);
550 if (!n)
551 return log_oom();
552
553 shorten_ifname(n);
554
555 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
556 if (r < 0)
557 return log_error_errno(r, "Failed to add netlink interface name: %m");
558
559 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
560 if (r < 0)
561 return log_error_errno(r, "Failed to add netlink MAC address: %m");
562
563 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
564 if (r < 0)
565 return log_error_errno(r, "Failed to add netlink namespace field: %m");
566
567 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
568 if (r < 0)
569 return log_error_errno(r, "Failed to open netlink container: %m");
570
571 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
572 if (r < 0)
573 return log_error_errno(r, "Failed to open netlink container: %m");
574
575 r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
576 if (r < 0)
577 return log_error_errno(r, "Failed to append macvlan mode: %m");
578
579 r = sd_netlink_message_close_container(m);
580 if (r < 0)
581 return log_error_errno(r, "Failed to close netlink container: %m");
582
583 r = sd_netlink_message_close_container(m);
584 if (r < 0)
585 return log_error_errno(r, "Failed to close netlink container: %m");
586
587 r = sd_netlink_call(rtnl, m, 0, NULL);
588 if (r < 0)
589 return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
590 }
591
592 return 0;
593 }
594
595 int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
596 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
597 char **i;
598 int r;
599
600 if (strv_isempty(ifaces))
601 return 0;
602
603 r = sd_netlink_open(&rtnl);
604 if (r < 0)
605 return log_error_errno(r, "Failed to connect to netlink: %m");
606
607 STRV_FOREACH(i, ifaces) {
608 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
609 _cleanup_free_ char *n = NULL;
610 int ifi;
611
612 ifi = parse_interface(*i);
613 if (ifi < 0)
614 return ifi;
615
616 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
617 if (r < 0)
618 return log_error_errno(r, "Failed to allocate netlink message: %m");
619
620 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
621 if (r < 0)
622 return log_error_errno(r, "Failed to add netlink interface index: %m");
623
624 n = strjoin("iv-", *i);
625 if (!n)
626 return log_oom();
627
628 shorten_ifname(n);
629
630 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
631 if (r < 0)
632 return log_error_errno(r, "Failed to add netlink interface name: %m");
633
634 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
635 if (r < 0)
636 return log_error_errno(r, "Failed to add netlink namespace field: %m");
637
638 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
639 if (r < 0)
640 return log_error_errno(r, "Failed to open netlink container: %m");
641
642 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
643 if (r < 0)
644 return log_error_errno(r, "Failed to open netlink container: %m");
645
646 r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
647 if (r < 0)
648 return log_error_errno(r, "Failed to add ipvlan mode: %m");
649
650 r = sd_netlink_message_close_container(m);
651 if (r < 0)
652 return log_error_errno(r, "Failed to close netlink container: %m");
653
654 r = sd_netlink_message_close_container(m);
655 if (r < 0)
656 return log_error_errno(r, "Failed to close netlink container: %m");
657
658 r = sd_netlink_call(rtnl, m, 0, NULL);
659 if (r < 0)
660 return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
661 }
662
663 return 0;
664 }
665
666 int veth_extra_parse(char ***l, const char *p) {
667 _cleanup_free_ char *a = NULL, *b = NULL;
668 int r;
669
670 r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
671 if (r < 0)
672 return r;
673 if (r == 0 || !ifname_valid(a))
674 return -EINVAL;
675
676 r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
677 if (r < 0)
678 return r;
679 if (r == 0 || !ifname_valid(b)) {
680 free(b);
681 b = strdup(a);
682 if (!b)
683 return -ENOMEM;
684 }
685
686 if (p)
687 return -EINVAL;
688
689 r = strv_push_pair(l, a, b);
690 if (r < 0)
691 return -ENOMEM;
692
693 a = b = NULL;
694 return 0;
695 }
696
697 int remove_veth_links(const char *primary, char **pairs) {
698 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
699 char **a, **b;
700 int r;
701
702 /* In some cases the kernel might pin the veth links between host and container even after the namespace
703 * died. Hence, let's better remove them explicitly too. */
704
705 if (isempty(primary) && strv_isempty(pairs))
706 return 0;
707
708 r = sd_netlink_open(&rtnl);
709 if (r < 0)
710 return log_error_errno(r, "Failed to connect to netlink: %m");
711
712 remove_one_link(rtnl, primary);
713
714 STRV_FOREACH_PAIR(a, b, pairs)
715 remove_one_link(rtnl, *a);
716
717 return 0;
718 }
Unnamed repository; edit this file 'description' to name the repository.