]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/nspawn/nspawn-network.c
projects / thirdparty / systemd.git / blob
? search:


bb30ea6154d7420b114fb1a83a0272283e4c6173
[thirdparty/systemd.git] / src / nspawn / nspawn-network.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2015 Lennart Poettering
6 ***/
7
8 #include <linux/veth.h>
9 #include <net/if.h>
10 #include <sys/file.h>
11
12 #include "libudev.h"
13 #include "sd-id128.h"
14 #include "sd-netlink.h"
15
16 #include "alloc-util.h"
17 #include "ether-addr-util.h"
18 #include "lockfile-util.h"
19 #include "netlink-util.h"
20 #include "nspawn-network.h"
21 #include "siphash24.h"
22 #include "socket-util.h"
23 #include "stat-util.h"
24 #include "string-util.h"
25 #include "udev-util.h"
26 #include "util.h"
27
28 #define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
29 #define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
30 #define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
31 #define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
32 #define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
33
34 static int remove_one_link(sd_netlink *rtnl, const char *name) {
35 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
36 int r;
37
38 if (isempty(name))
39 return 0;
40
41 r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
42 if (r < 0)
43 return log_error_errno(r, "Failed to allocate netlink message: %m");
44
45 r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
46 if (r < 0)
47 return log_error_errno(r, "Failed to add netlink interface name: %m");
48
49 r = sd_netlink_call(rtnl, m, 0, NULL);
50 if (r == -ENODEV) /* Already gone */
51 return 0;
52 if (r < 0)
53 return log_error_errno(r, "Failed to remove interface %s: %m", name);
54
55 return 1;
56 }
57
58 static int generate_mac(
59 const char *machine_name,
60 struct ether_addr *mac,
61 sd_id128_t hash_key,
62 uint64_t idx) {
63
64 uint64_t result;
65 size_t l, sz;
66 uint8_t *v, *i;
67 int r;
68
69 l = strlen(machine_name);
70 sz = sizeof(sd_id128_t) + l;
71 if (idx > 0)
72 sz += sizeof(idx);
73
74 v = alloca(sz);
75
76 /* fetch some persistent data unique to the host */
77 r = sd_id128_get_machine((sd_id128_t*) v);
78 if (r < 0)
79 return r;
80
81 /* combine with some data unique (on this host) to this
82 * container instance */
83 i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
84 if (idx > 0) {
85 idx = htole64(idx);
86 memcpy(i, &idx, sizeof(idx));
87 }
88
89 /* Let's hash the host machine ID plus the container name. We
90 * use a fixed, but originally randomly created hash key here. */
91 result = htole64(siphash24(v, sz, hash_key.bytes));
92
93 assert_cc(ETH_ALEN <= sizeof(result));
94 memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
95
96 /* see eth_random_addr in the kernel */
97 mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
98 mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
99
100 return 0;
101 }
102
103 static int add_veth(
104 sd_netlink *rtnl,
105 pid_t pid,
106 const char *ifname_host,
107 const struct ether_addr *mac_host,
108 const char *ifname_container,
109 const struct ether_addr *mac_container) {
110
111 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
112 int r;
113
114 assert(rtnl);
115 assert(ifname_host);
116 assert(mac_host);
117 assert(ifname_container);
118 assert(mac_container);
119
120 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
121 if (r < 0)
122 return log_error_errno(r, "Failed to allocate netlink message: %m");
123
124 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
125 if (r < 0)
126 return log_error_errno(r, "Failed to add netlink interface name: %m");
127
128 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
129 if (r < 0)
130 return log_error_errno(r, "Failed to add netlink MAC address: %m");
131
132 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
133 if (r < 0)
134 return log_error_errno(r, "Failed to open netlink container: %m");
135
136 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
137 if (r < 0)
138 return log_error_errno(r, "Failed to open netlink container: %m");
139
140 r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
141 if (r < 0)
142 return log_error_errno(r, "Failed to open netlink container: %m");
143
144 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
145 if (r < 0)
146 return log_error_errno(r, "Failed to add netlink interface name: %m");
147
148 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
149 if (r < 0)
150 return log_error_errno(r, "Failed to add netlink MAC address: %m");
151
152 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
153 if (r < 0)
154 return log_error_errno(r, "Failed to add netlink namespace field: %m");
155
156 r = sd_netlink_message_close_container(m);
157 if (r < 0)
158 return log_error_errno(r, "Failed to close netlink container: %m");
159
160 r = sd_netlink_message_close_container(m);
161 if (r < 0)
162 return log_error_errno(r, "Failed to close netlink container: %m");
163
164 r = sd_netlink_message_close_container(m);
165 if (r < 0)
166 return log_error_errno(r, "Failed to close netlink container: %m");
167
168 r = sd_netlink_call(rtnl, m, 0, NULL);
169 if (r < 0)
170 return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
171
172 return 0;
173 }
174
175 int setup_veth(const char *machine_name,
176 pid_t pid,
177 char iface_name[IFNAMSIZ],
178 bool bridge) {
179
180 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
181 struct ether_addr mac_host, mac_container;
182 int r, i;
183
184 assert(machine_name);
185 assert(pid > 0);
186 assert(iface_name);
187
188 /* Use two different interface name prefixes depending whether
189 * we are in bridge mode or not. */
190 snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
191 bridge ? "vb" : "ve", machine_name);
192
193 r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
194 if (r < 0)
195 return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
196
197 r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
198 if (r < 0)
199 return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
200
201 r = sd_netlink_open(&rtnl);
202 if (r < 0)
203 return log_error_errno(r, "Failed to connect to netlink: %m");
204
205 r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container);
206 if (r < 0)
207 return r;
208
209 i = (int) if_nametoindex(iface_name);
210 if (i <= 0)
211 return log_error_errno(errno, "Failed to resolve interface %s: %m", iface_name);
212
213 return i;
214 }
215
216 int setup_veth_extra(
217 const char *machine_name,
218 pid_t pid,
219 char **pairs) {
220
221 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
222 uint64_t idx = 0;
223 char **a, **b;
224 int r;
225
226 assert(machine_name);
227 assert(pid > 0);
228
229 if (strv_isempty(pairs))
230 return 0;
231
232 r = sd_netlink_open(&rtnl);
233 if (r < 0)
234 return log_error_errno(r, "Failed to connect to netlink: %m");
235
236 STRV_FOREACH_PAIR(a, b, pairs) {
237 struct ether_addr mac_host, mac_container;
238
239 r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
240 if (r < 0)
241 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
242
243 r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
244 if (r < 0)
245 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
246
247 r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
248 if (r < 0)
249 return r;
250
251 idx++;
252 }
253
254 return 0;
255 }
256
257 static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) {
258 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
259 int r, bridge_ifi;
260
261 assert(rtnl);
262 assert(veth_name);
263 assert(bridge_name);
264
265 bridge_ifi = (int) if_nametoindex(bridge_name);
266 if (bridge_ifi <= 0)
267 return -errno;
268
269 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
270 if (r < 0)
271 return r;
272
273 r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
274 if (r < 0)
275 return r;
276
277 r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
278 if (r < 0)
279 return r;
280
281 r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
282 if (r < 0)
283 return r;
284
285 r = sd_netlink_call(rtnl, m, 0, NULL);
286 if (r < 0)
287 return r;
288
289 return bridge_ifi;
290 }
291
292 static int create_bridge(sd_netlink *rtnl, const char *bridge_name) {
293 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
294 int r;
295
296 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
297 if (r < 0)
298 return r;
299
300 r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name);
301 if (r < 0)
302 return r;
303
304 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
305 if (r < 0)
306 return r;
307
308 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge");
309 if (r < 0)
310 return r;
311
312 r = sd_netlink_message_close_container(m);
313 if (r < 0)
314 return r;
315
316 r = sd_netlink_message_close_container(m);
317 if (r < 0)
318 return r;
319
320 r = sd_netlink_call(rtnl, m, 0, NULL);
321 if (r < 0)
322 return r;
323
324 return 0;
325 }
326
327 int setup_bridge(const char *veth_name, const char *bridge_name, bool create) {
328 _cleanup_(release_lock_file) LockFile bridge_lock = LOCK_FILE_INIT;
329 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
330 int r, bridge_ifi;
331 unsigned n = 0;
332
333 assert(veth_name);
334 assert(bridge_name);
335
336 r = sd_netlink_open(&rtnl);
337 if (r < 0)
338 return log_error_errno(r, "Failed to connect to netlink: %m");
339
340 if (create) {
341 /* We take a system-wide lock here, so that we can safely check whether there's still a member in the
342 * bridge before removing it, without risking interference from other nspawn instances. */
343
344 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
345 if (r < 0)
346 return log_error_errno(r, "Failed to take network zone lock: %m");
347 }
348
349 for (;;) {
350 bridge_ifi = join_bridge(rtnl, veth_name, bridge_name);
351 if (bridge_ifi >= 0)
352 return bridge_ifi;
353 if (bridge_ifi != -ENODEV || !create || n > 10)
354 return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name);
355
356 /* Count attempts, so that we don't enter an endless loop here. */
357 n++;
358
359 /* The bridge doesn't exist yet. Let's create it */
360 r = create_bridge(rtnl, bridge_name);
361 if (r < 0)
362 return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name);
363
364 /* Try again, now that the bridge exists */
365 }
366 }
367
368 int remove_bridge(const char *bridge_name) {
369 _cleanup_(release_lock_file) LockFile bridge_lock = LOCK_FILE_INIT;
370 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
371 const char *path;
372 int r;
373
374 /* Removes the specified bridge, but only if it is currently empty */
375
376 if (isempty(bridge_name))
377 return 0;
378
379 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
380 if (r < 0)
381 return log_error_errno(r, "Failed to take network zone lock: %m");
382
383 path = strjoina("/sys/class/net/", bridge_name, "/brif");
384
385 r = dir_is_empty(path);
386 if (r == -ENOENT) /* Already gone? */
387 return 0;
388 if (r < 0)
389 return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name);
390 if (r == 0) /* Still populated, leave it around */
391 return 0;
392
393 r = sd_netlink_open(&rtnl);
394 if (r < 0)
395 return log_error_errno(r, "Failed to connect to netlink: %m");
396
397 return remove_one_link(rtnl, bridge_name);
398 }
399
400 static int parse_interface(struct udev *udev, const char *name) {
401 _cleanup_(udev_device_unrefp) struct udev_device *d = NULL;
402 char ifi_str[2 + DECIMAL_STR_MAX(int)];
403 int ifi;
404
405 ifi = (int) if_nametoindex(name);
406 if (ifi <= 0)
407 return log_error_errno(errno, "Failed to resolve interface %s: %m", name);
408
409 sprintf(ifi_str, "n%i", ifi);
410 d = udev_device_new_from_device_id(udev, ifi_str);
411 if (!d)
412 return log_error_errno(errno, "Failed to get udev device for interface %s: %m", name);
413
414 if (udev_device_get_is_initialized(d) <= 0) {
415 log_error("Network interface %s is not initialized yet.", name);
416 return -EBUSY;
417 }
418
419 return ifi;
420 }
421
422 int move_network_interfaces(pid_t pid, char **ifaces) {
423 _cleanup_(udev_unrefp) struct udev *udev = NULL;
424 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
425 char **i;
426 int r;
427
428 if (strv_isempty(ifaces))
429 return 0;
430
431 r = sd_netlink_open(&rtnl);
432 if (r < 0)
433 return log_error_errno(r, "Failed to connect to netlink: %m");
434
435 udev = udev_new();
436 if (!udev) {
437 log_error("Failed to connect to udev.");
438 return -ENOMEM;
439 }
440
441 STRV_FOREACH(i, ifaces) {
442 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
443 int ifi;
444
445 ifi = parse_interface(udev, *i);
446 if (ifi < 0)
447 return ifi;
448
449 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
450 if (r < 0)
451 return log_error_errno(r, "Failed to allocate netlink message: %m");
452
453 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
454 if (r < 0)
455 return log_error_errno(r, "Failed to append namespace PID to netlink message: %m");
456
457 r = sd_netlink_call(rtnl, m, 0, NULL);
458 if (r < 0)
459 return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
460 }
461
462 return 0;
463 }
464
465 int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
466 _cleanup_(udev_unrefp) struct udev *udev = NULL;
467 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
468 unsigned idx = 0;
469 char **i;
470 int r;
471
472 if (strv_isempty(ifaces))
473 return 0;
474
475 r = sd_netlink_open(&rtnl);
476 if (r < 0)
477 return log_error_errno(r, "Failed to connect to netlink: %m");
478
479 udev = udev_new();
480 if (!udev) {
481 log_error("Failed to connect to udev.");
482 return -ENOMEM;
483 }
484
485 STRV_FOREACH(i, ifaces) {
486 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
487 _cleanup_free_ char *n = NULL;
488 struct ether_addr mac;
489 int ifi;
490
491 ifi = parse_interface(udev, *i);
492 if (ifi < 0)
493 return ifi;
494
495 r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
496 if (r < 0)
497 return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
498
499 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
500 if (r < 0)
501 return log_error_errno(r, "Failed to allocate netlink message: %m");
502
503 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
504 if (r < 0)
505 return log_error_errno(r, "Failed to add netlink interface index: %m");
506
507 n = strappend("mv-", *i);
508 if (!n)
509 return log_oom();
510
511 strshorten(n, IFNAMSIZ-1);
512
513 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
514 if (r < 0)
515 return log_error_errno(r, "Failed to add netlink interface name: %m");
516
517 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
518 if (r < 0)
519 return log_error_errno(r, "Failed to add netlink MAC address: %m");
520
521 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
522 if (r < 0)
523 return log_error_errno(r, "Failed to add netlink namespace field: %m");
524
525 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
526 if (r < 0)
527 return log_error_errno(r, "Failed to open netlink container: %m");
528
529 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
530 if (r < 0)
531 return log_error_errno(r, "Failed to open netlink container: %m");
532
533 r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
534 if (r < 0)
535 return log_error_errno(r, "Failed to append macvlan mode: %m");
536
537 r = sd_netlink_message_close_container(m);
538 if (r < 0)
539 return log_error_errno(r, "Failed to close netlink container: %m");
540
541 r = sd_netlink_message_close_container(m);
542 if (r < 0)
543 return log_error_errno(r, "Failed to close netlink container: %m");
544
545 r = sd_netlink_call(rtnl, m, 0, NULL);
546 if (r < 0)
547 return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
548 }
549
550 return 0;
551 }
552
553 int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
554 _cleanup_(udev_unrefp) struct udev *udev = NULL;
555 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
556 char **i;
557 int r;
558
559 if (strv_isempty(ifaces))
560 return 0;
561
562 r = sd_netlink_open(&rtnl);
563 if (r < 0)
564 return log_error_errno(r, "Failed to connect to netlink: %m");
565
566 udev = udev_new();
567 if (!udev) {
568 log_error("Failed to connect to udev.");
569 return -ENOMEM;
570 }
571
572 STRV_FOREACH(i, ifaces) {
573 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
574 _cleanup_free_ char *n = NULL;
575 int ifi;
576
577 ifi = parse_interface(udev, *i);
578 if (ifi < 0)
579 return ifi;
580
581 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
582 if (r < 0)
583 return log_error_errno(r, "Failed to allocate netlink message: %m");
584
585 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
586 if (r < 0)
587 return log_error_errno(r, "Failed to add netlink interface index: %m");
588
589 n = strappend("iv-", *i);
590 if (!n)
591 return log_oom();
592
593 strshorten(n, IFNAMSIZ-1);
594
595 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
596 if (r < 0)
597 return log_error_errno(r, "Failed to add netlink interface name: %m");
598
599 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
600 if (r < 0)
601 return log_error_errno(r, "Failed to add netlink namespace field: %m");
602
603 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
604 if (r < 0)
605 return log_error_errno(r, "Failed to open netlink container: %m");
606
607 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
608 if (r < 0)
609 return log_error_errno(r, "Failed to open netlink container: %m");
610
611 r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
612 if (r < 0)
613 return log_error_errno(r, "Failed to add ipvlan mode: %m");
614
615 r = sd_netlink_message_close_container(m);
616 if (r < 0)
617 return log_error_errno(r, "Failed to close netlink container: %m");
618
619 r = sd_netlink_message_close_container(m);
620 if (r < 0)
621 return log_error_errno(r, "Failed to close netlink container: %m");
622
623 r = sd_netlink_call(rtnl, m, 0, NULL);
624 if (r < 0)
625 return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
626 }
627
628 return 0;
629 }
630
631 int veth_extra_parse(char ***l, const char *p) {
632 _cleanup_free_ char *a = NULL, *b = NULL;
633 int r;
634
635 r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
636 if (r < 0)
637 return r;
638 if (r == 0 || !ifname_valid(a))
639 return -EINVAL;
640
641 r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
642 if (r < 0)
643 return r;
644 if (r == 0 || !ifname_valid(b)) {
645 free(b);
646 b = strdup(a);
647 if (!b)
648 return -ENOMEM;
649 }
650
651 if (p)
652 return -EINVAL;
653
654 r = strv_push_pair(l, a, b);
655 if (r < 0)
656 return -ENOMEM;
657
658 a = b = NULL;
659 return 0;
660 }
661
662 int remove_veth_links(const char *primary, char **pairs) {
663 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
664 char **a, **b;
665 int r;
666
667 /* In some cases the kernel might pin the veth links between host and container even after the namespace
668 * died. Hence, let's better remove them explicitly too. */
669
670 if (isempty(primary) && strv_isempty(pairs))
671 return 0;
672
673 r = sd_netlink_open(&rtnl);
674 if (r < 0)
675 return log_error_errno(r, "Failed to connect to netlink: %m");
676
677 remove_one_link(rtnl, primary);
678
679 STRV_FOREACH_PAIR(a, b, pairs)
680 remove_one_link(rtnl, *a);
681
682 return 0;
683 }
Unnamed repository; edit this file 'description' to name the repository.