]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/nspawn/nspawn-network.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core: open /proc/self/mountinfo early to allow mounts over /proc (#5985)
[thirdparty/systemd.git] / src / nspawn / nspawn-network.c
CommitLineData
9a2a5625
LP		 1/***
2 This file is part of systemd.
3
4 Copyright 2015 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18***/
19
20#include <linux/veth.h>
21#include <net/if.h>
22
b4bbcaa9 23#include "libudev.h"
9a2a5625
LP		 24#include "sd-id128.h"
25#include "sd-netlink.h"
9a2a5625 26
b5efdb8a 27#include "alloc-util.h"
9a2a5625 28#include "ether-addr-util.h"
22b28dfd 29#include "lockfile-util.h"
9a2a5625 30#include "netlink-util.h"
cf0fbc49 31#include "nspawn-network.h"
07630cea 32#include "siphash24.h"
ef76dff2
LP		 33#include "socket-util.h"
34#include "stat-util.h"
07630cea 35#include "string-util.h"
9a2a5625 36#include "udev-util.h"
07630cea 37#include "util.h"
9a2a5625
LP		 38
39#define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
40#define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
f6d6bad1
LP		 41#define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
42#define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
9a2a5625
LP		 43#define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
44
22b28dfd
LP		 45static int remove_one_link(sd_netlink *rtnl, const char *name) {
46 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
47 int r;
48
49 if (isempty(name))
50 return 0;
51
52 r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
53 if (r < 0)
54 return log_error_errno(r, "Failed to allocate netlink message: %m");
55
56 r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
57 if (r < 0)
58 return log_error_errno(r, "Failed to add netlink interface name: %m");
59
60 r = sd_netlink_call(rtnl, m, 0, NULL);
61 if (r == -ENODEV) /* Already gone */
62 return 0;
63 if (r < 0)
64 return log_error_errno(r, "Failed to remove interface %s: %m", name);
65
66 return 1;
67}
68
9a2a5625
LP		 69static int generate_mac(
70 const char *machine_name,
71 struct ether_addr *mac,
72 sd_id128_t hash_key,
73 uint64_t idx) {
74
dbe81cbd 75 uint64_t result;
9a2a5625
LP		 76 size_t l, sz;
77 uint8_t *v, *i;
78 int r;
79
80 l = strlen(machine_name);
81 sz = sizeof(sd_id128_t) + l;
82 if (idx > 0)
83 sz += sizeof(idx);
84
85 v = alloca(sz);
86
87 /* fetch some persistent data unique to the host */
88 r = sd_id128_get_machine((sd_id128_t*) v);
89 if (r < 0)
90 return r;
91
92 /* combine with some data unique (on this host) to this
93 * container instance */
94 i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
95 if (idx > 0) {
96 idx = htole64(idx);
97 memcpy(i, &idx, sizeof(idx));
98 }
99
100 /* Let's hash the host machine ID plus the container name. We
101 * use a fixed, but originally randomly created hash key here. */
933f9cae 102 result = htole64(siphash24(v, sz, hash_key.bytes));
9a2a5625
LP		 103
104 assert_cc(ETH_ALEN <= sizeof(result));
dbe81cbd 105 memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
9a2a5625
LP		 106
107 /* see eth_random_addr in the kernel */
108 mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
109 mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
110
111 return 0;
112}
113
f6d6bad1
LP		 114static int add_veth(
115 sd_netlink *rtnl,
116 pid_t pid,
117 const char *ifname_host,
118 const struct ether_addr *mac_host,
119 const char *ifname_container,
120 const struct ether_addr *mac_container) {
9a2a5625 121
4afd3348 122 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
f6d6bad1 123 int r;
9a2a5625 124
f6d6bad1
LP		 125 assert(rtnl);
126 assert(ifname_host);
127 assert(mac_host);
128 assert(ifname_container);
129 assert(mac_container);
9a2a5625
LP		 130
131 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
132 if (r < 0)
133 return log_error_errno(r, "Failed to allocate netlink message: %m");
134
f6d6bad1 135 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
9a2a5625
LP		 136 if (r < 0)
137 return log_error_errno(r, "Failed to add netlink interface name: %m");
138
f6d6bad1 139 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
9a2a5625
LP		 140 if (r < 0)
141 return log_error_errno(r, "Failed to add netlink MAC address: %m");
142
143 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
144 if (r < 0)
145 return log_error_errno(r, "Failed to open netlink container: %m");
146
147 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
148 if (r < 0)
149 return log_error_errno(r, "Failed to open netlink container: %m");
150
151 r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
152 if (r < 0)
153 return log_error_errno(r, "Failed to open netlink container: %m");
154
f6d6bad1 155 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
9a2a5625
LP		 156 if (r < 0)
157 return log_error_errno(r, "Failed to add netlink interface name: %m");
158
f6d6bad1 159 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
9a2a5625
LP		 160 if (r < 0)
161 return log_error_errno(r, "Failed to add netlink MAC address: %m");
162
163 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
164 if (r < 0)
165 return log_error_errno(r, "Failed to add netlink namespace field: %m");
166
167 r = sd_netlink_message_close_container(m);
168 if (r < 0)
169 return log_error_errno(r, "Failed to close netlink container: %m");
170
171 r = sd_netlink_message_close_container(m);
172 if (r < 0)
173 return log_error_errno(r, "Failed to close netlink container: %m");
174
175 r = sd_netlink_message_close_container(m);
176 if (r < 0)
177 return log_error_errno(r, "Failed to close netlink container: %m");
178
179 r = sd_netlink_call(rtnl, m, 0, NULL);
180 if (r < 0)
f6d6bad1
LP		 181 return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
182
183 return 0;
184}
185
186int setup_veth(const char *machine_name,
187 pid_t pid,
188 char iface_name[IFNAMSIZ],
189 bool bridge) {
190
4afd3348 191 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
f6d6bad1
LP		 192 struct ether_addr mac_host, mac_container;
193 int r, i;
194
195 assert(machine_name);
196 assert(pid > 0);
197 assert(iface_name);
198
199 /* Use two different interface name prefixes depending whether
200 * we are in bridge mode or not. */
201 snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
202 bridge ? "vb" : "ve", machine_name);
203
204 r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
205 if (r < 0)
206 return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
207
208 r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
209 if (r < 0)
210 return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
211
212 r = sd_netlink_open(&rtnl);
213 if (r < 0)
214 return log_error_errno(r, "Failed to connect to netlink: %m");
215
216 r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container);
217 if (r < 0)
218 return r;
9a2a5625
LP		 219
220 i = (int) if_nametoindex(iface_name);
221 if (i <= 0)
222 return log_error_errno(errno, "Failed to resolve interface %s: %m", iface_name);
223
224 return i;
225}
226
f6d6bad1
LP		 227int setup_veth_extra(
228 const char *machine_name,
229 pid_t pid,
230 char **pairs) {
231
4afd3348 232 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
f6d6bad1
LP		 233 uint64_t idx = 0;
234 char **a, **b;
235 int r;
236
237 assert(machine_name);
238 assert(pid > 0);
239
240 if (strv_isempty(pairs))
241 return 0;
242
243 r = sd_netlink_open(&rtnl);
244 if (r < 0)
245 return log_error_errno(r, "Failed to connect to netlink: %m");
246
247 STRV_FOREACH_PAIR(a, b, pairs) {
248 struct ether_addr mac_host, mac_container;
249
250 r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
251 if (r < 0)
252 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
253
254 r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
255 if (r < 0)
256 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
257
258 r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
259 if (r < 0)
260 return r;
261
313cefa1 262 idx++;
f6d6bad1
LP		 263 }
264
265 return 0;
266}
267
22b28dfd 268static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) {
4afd3348 269 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
9a2a5625
LP		 270 int r, bridge_ifi;
271
22b28dfd 272 assert(rtnl);
9a2a5625
LP		 273 assert(veth_name);
274 assert(bridge_name);
275
276 bridge_ifi = (int) if_nametoindex(bridge_name);
277 if (bridge_ifi <= 0)
22b28dfd 278 return -errno;
9a2a5625
LP		 279
280 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
281 if (r < 0)
22b28dfd 282 return r;
9a2a5625
LP		 283
284 r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
285 if (r < 0)
22b28dfd 286 return r;
9a2a5625
LP		 287
288 r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
289 if (r < 0)
22b28dfd 290 return r;
9a2a5625
LP		 291
292 r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
293 if (r < 0)
22b28dfd 294 return r;
9a2a5625
LP		 295
296 r = sd_netlink_call(rtnl, m, 0, NULL);
297 if (r < 0)
22b28dfd 298 return r;
9a2a5625
LP		 299
300 return bridge_ifi;
301}
302
22b28dfd
LP		 303static int create_bridge(sd_netlink *rtnl, const char *bridge_name) {
304 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
305 int r;
306
307 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
308 if (r < 0)
309 return r;
310
311 r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name);
312 if (r < 0)
313 return r;
314
315 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
316 if (r < 0)
317 return r;
318
319 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge");
320 if (r < 0)
321 return r;
322
323 r = sd_netlink_message_close_container(m);
324 if (r < 0)
325 return r;
326
327 r = sd_netlink_message_close_container(m);
328 if (r < 0)
329 return r;
330
331 r = sd_netlink_call(rtnl, m, 0, NULL);
332 if (r < 0)
333 return r;
334
335 return 0;
336}
337
338int setup_bridge(const char *veth_name, const char *bridge_name, bool create) {
339 _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT;
340 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
341 int r, bridge_ifi;
342 unsigned n = 0;
343
344 assert(veth_name);
345 assert(bridge_name);
346
347 r = sd_netlink_open(&rtnl);
348 if (r < 0)
349 return log_error_errno(r, "Failed to connect to netlink: %m");
350
351 if (create) {
352 /* We take a system-wide lock here, so that we can safely check whether there's still a member in the
6dd6a9c4 353 * bridge before removing it, without risking interference from other nspawn instances. */
22b28dfd
LP		 354
355 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
356 if (r < 0)
357 return log_error_errno(r, "Failed to take network zone lock: %m");
358 }
359
360 for (;;) {
361 bridge_ifi = join_bridge(rtnl, veth_name, bridge_name);
362 if (bridge_ifi >= 0)
363 return bridge_ifi;
364 if (bridge_ifi != -ENODEV || !create || n > 10)
365 return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name);
366
367 /* Count attempts, so that we don't enter an endless loop here. */
368 n++;
369
370 /* The bridge doesn't exist yet. Let's create it */
371 r = create_bridge(rtnl, bridge_name);
372 if (r < 0)
373 return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name);
374
375 /* Try again, now that the bridge exists */
376 }
377}
378
379int remove_bridge(const char *bridge_name) {
380 _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT;
381 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
382 const char *path;
383 int r;
384
385 /* Removes the specified bridge, but only if it is currently empty */
386
387 if (isempty(bridge_name))
388 return 0;
389
390 r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock);
391 if (r < 0)
392 return log_error_errno(r, "Failed to take network zone lock: %m");
393
394 path = strjoina("/sys/class/net/", bridge_name, "/brif");
395
396 r = dir_is_empty(path);
397 if (r == -ENOENT) /* Already gone? */
398 return 0;
399 if (r < 0)
400 return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name);
401 if (r == 0) /* Still populated, leave it around */
402 return 0;
403
404 r = sd_netlink_open(&rtnl);
405 if (r < 0)
406 return log_error_errno(r, "Failed to connect to netlink: %m");
407
408 return remove_one_link(rtnl, bridge_name);
409}
410
9a2a5625
LP		 411static int parse_interface(struct udev *udev, const char *name) {
412 _cleanup_udev_device_unref_ struct udev_device *d = NULL;
413 char ifi_str[2 + DECIMAL_STR_MAX(int)];
414 int ifi;
415
416 ifi = (int) if_nametoindex(name);
417 if (ifi <= 0)
418 return log_error_errno(errno, "Failed to resolve interface %s: %m", name);
419
420 sprintf(ifi_str, "n%i", ifi);
421 d = udev_device_new_from_device_id(udev, ifi_str);
422 if (!d)
423 return log_error_errno(errno, "Failed to get udev device for interface %s: %m", name);
424
425 if (udev_device_get_is_initialized(d) <= 0) {
426 log_error("Network interface %s is not initialized yet.", name);
427 return -EBUSY;
428 }
429
430 return ifi;
431}
432
433int move_network_interfaces(pid_t pid, char **ifaces) {
434 _cleanup_udev_unref_ struct udev *udev = NULL;
4afd3348 435 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
9a2a5625
LP		 436 char **i;
437 int r;
438
439 if (strv_isempty(ifaces))
440 return 0;
441
442 r = sd_netlink_open(&rtnl);
443 if (r < 0)
444 return log_error_errno(r, "Failed to connect to netlink: %m");
445
446 udev = udev_new();
447 if (!udev) {
448 log_error("Failed to connect to udev.");
449 return -ENOMEM;
450 }
451
452 STRV_FOREACH(i, ifaces) {
4afd3348 453 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
9a2a5625
LP		 454 int ifi;
455
456 ifi = parse_interface(udev, *i);
457 if (ifi < 0)
458 return ifi;
459
460 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
461 if (r < 0)
462 return log_error_errno(r, "Failed to allocate netlink message: %m");
463
464 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
465 if (r < 0)
466 return log_error_errno(r, "Failed to append namespace PID to netlink message: %m");
467
468 r = sd_netlink_call(rtnl, m, 0, NULL);
469 if (r < 0)
470 return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
471 }
472
473 return 0;
474}
475
476int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
477 _cleanup_udev_unref_ struct udev *udev = NULL;
4afd3348 478 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
9a2a5625
LP		 479 unsigned idx = 0;
480 char **i;
481 int r;
482
483 if (strv_isempty(ifaces))
484 return 0;
485
486 r = sd_netlink_open(&rtnl);
487 if (r < 0)
488 return log_error_errno(r, "Failed to connect to netlink: %m");
489
490 udev = udev_new();
491 if (!udev) {
492 log_error("Failed to connect to udev.");
493 return -ENOMEM;
494 }
495
496 STRV_FOREACH(i, ifaces) {
4afd3348 497 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
9a2a5625
LP		 498 _cleanup_free_ char *n = NULL;
499 struct ether_addr mac;
500 int ifi;
501
502 ifi = parse_interface(udev, *i);
503 if (ifi < 0)
504 return ifi;
505
506 r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
507 if (r < 0)
508 return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
509
510 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
511 if (r < 0)
512 return log_error_errno(r, "Failed to allocate netlink message: %m");
513
514 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
515 if (r < 0)
516 return log_error_errno(r, "Failed to add netlink interface index: %m");
517
518 n = strappend("mv-", *i);
519 if (!n)
520 return log_oom();
521
522 strshorten(n, IFNAMSIZ-1);
523
524 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
525 if (r < 0)
526 return log_error_errno(r, "Failed to add netlink interface name: %m");
527
528 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
529 if (r < 0)
530 return log_error_errno(r, "Failed to add netlink MAC address: %m");
531
532 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
533 if (r < 0)
534 return log_error_errno(r, "Failed to add netlink namespace field: %m");
535
536 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
537 if (r < 0)
538 return log_error_errno(r, "Failed to open netlink container: %m");
539
540 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
541 if (r < 0)
542 return log_error_errno(r, "Failed to open netlink container: %m");
543
544 r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
545 if (r < 0)
546 return log_error_errno(r, "Failed to append macvlan mode: %m");
547
548 r = sd_netlink_message_close_container(m);
549 if (r < 0)
550 return log_error_errno(r, "Failed to close netlink container: %m");
551
552 r = sd_netlink_message_close_container(m);
553 if (r < 0)
554 return log_error_errno(r, "Failed to close netlink container: %m");
555
556 r = sd_netlink_call(rtnl, m, 0, NULL);
557 if (r < 0)
558 return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
559 }
560
561 return 0;
562}
563
564int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
565 _cleanup_udev_unref_ struct udev *udev = NULL;
4afd3348 566 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
9a2a5625
LP		 567 char **i;
568 int r;
569
570 if (strv_isempty(ifaces))
571 return 0;
572
573 r = sd_netlink_open(&rtnl);
574 if (r < 0)
575 return log_error_errno(r, "Failed to connect to netlink: %m");
576
577 udev = udev_new();
578 if (!udev) {
579 log_error("Failed to connect to udev.");
580 return -ENOMEM;
581 }
582
583 STRV_FOREACH(i, ifaces) {
4afd3348 584 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
9a2a5625
LP		 585 _cleanup_free_ char *n = NULL;
586 int ifi;
587
588 ifi = parse_interface(udev, *i);
589 if (ifi < 0)
590 return ifi;
591
592 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
593 if (r < 0)
594 return log_error_errno(r, "Failed to allocate netlink message: %m");
595
596 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
597 if (r < 0)
598 return log_error_errno(r, "Failed to add netlink interface index: %m");
599
600 n = strappend("iv-", *i);
601 if (!n)
602 return log_oom();
603
604 strshorten(n, IFNAMSIZ-1);
605
606 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
607 if (r < 0)
608 return log_error_errno(r, "Failed to add netlink interface name: %m");
609
610 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
611 if (r < 0)
612 return log_error_errno(r, "Failed to add netlink namespace field: %m");
613
614 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
615 if (r < 0)
616 return log_error_errno(r, "Failed to open netlink container: %m");
617
618 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
619 if (r < 0)
620 return log_error_errno(r, "Failed to open netlink container: %m");
621
622 r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
623 if (r < 0)
624 return log_error_errno(r, "Failed to add ipvlan mode: %m");
625
626 r = sd_netlink_message_close_container(m);
627 if (r < 0)
628 return log_error_errno(r, "Failed to close netlink container: %m");
629
630 r = sd_netlink_message_close_container(m);
631 if (r < 0)
632 return log_error_errno(r, "Failed to close netlink container: %m");
633
634 r = sd_netlink_call(rtnl, m, 0, NULL);
635 if (r < 0)
636 return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
637 }
638
639 return 0;
640}
f6d6bad1
LP		 641
642int veth_extra_parse(char ***l, const char *p) {
643 _cleanup_free_ char *a = NULL, *b = NULL;
644 int r;
645
646 r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
647 if (r < 0)
648 return r;
ef76dff2 649 if (r == 0 || !ifname_valid(a))
f6d6bad1
LP		 650 return -EINVAL;
651
652 r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
653 if (r < 0)
654 return r;
ef76dff2 655 if (r == 0 || !ifname_valid(b)) {
f6d6bad1
LP		 656 free(b);
657 b = strdup(a);
658 if (!b)
659 return -ENOMEM;
660 }
661
662 if (p)
663 return -EINVAL;
664
665 r = strv_push_pair(l, a, b);
666 if (r < 0)
667 return -ENOMEM;
668
669 a = b = NULL;
670 return 0;
671}
ef3b2aa7 672
ef3b2aa7
LP		 673int remove_veth_links(const char *primary, char **pairs) {
674 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
675 char **a, **b;
676 int r;
677
678 /* In some cases the kernel might pin the veth links between host and container even after the namespace
679 * died. Hence, let's better remove them explicitly too. */
680
681 if (isempty(primary) && strv_isempty(pairs))
682 return 0;
683
684 r = sd_netlink_open(&rtnl);
685 if (r < 0)
686 return log_error_errno(r, "Failed to connect to netlink: %m");
687
22b28dfd 688 remove_one_link(rtnl, primary);
ef3b2aa7
LP		 689
690 STRV_FOREACH_PAIR(a, b, pairs)
22b28dfd 691 remove_one_link(rtnl, *a);
ef3b2aa7
LP		 692
693 return 0;
694}
Unnamed repository; edit this file 'description' to name the repository.