]>
Commit | Line | Data |
---|---|---|
9a2a5625 LP |
1 | /*** |
2 | This file is part of systemd. | |
3 | ||
4 | Copyright 2015 Lennart Poettering | |
5 | ||
6 | systemd is free software; you can redistribute it and/or modify it | |
7 | under the terms of the GNU Lesser General Public License as published by | |
8 | the Free Software Foundation; either version 2.1 of the License, or | |
9 | (at your option) any later version. | |
10 | ||
11 | systemd is distributed in the hope that it will be useful, but | |
12 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | Lesser General Public License for more details. | |
15 | ||
16 | You should have received a copy of the GNU Lesser General Public License | |
17 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
18 | ***/ | |
19 | ||
20 | #include <linux/veth.h> | |
21 | #include <net/if.h> | |
22 | ||
b4bbcaa9 | 23 | #include "libudev.h" |
9a2a5625 LP |
24 | #include "sd-id128.h" |
25 | #include "sd-netlink.h" | |
9a2a5625 | 26 | |
b5efdb8a | 27 | #include "alloc-util.h" |
9a2a5625 | 28 | #include "ether-addr-util.h" |
22b28dfd | 29 | #include "lockfile-util.h" |
9a2a5625 | 30 | #include "netlink-util.h" |
cf0fbc49 | 31 | #include "nspawn-network.h" |
07630cea | 32 | #include "siphash24.h" |
ef76dff2 LP |
33 | #include "socket-util.h" |
34 | #include "stat-util.h" | |
07630cea | 35 | #include "string-util.h" |
9a2a5625 | 36 | #include "udev-util.h" |
07630cea | 37 | #include "util.h" |
9a2a5625 LP |
38 | |
39 | #define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1) | |
40 | #define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2) | |
f6d6bad1 LP |
41 | #define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66) |
42 | #define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59) | |
9a2a5625 LP |
43 | #define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f) |
44 | ||
22b28dfd LP |
45 | static int remove_one_link(sd_netlink *rtnl, const char *name) { |
46 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; | |
47 | int r; | |
48 | ||
49 | if (isempty(name)) | |
50 | return 0; | |
51 | ||
52 | r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0); | |
53 | if (r < 0) | |
54 | return log_error_errno(r, "Failed to allocate netlink message: %m"); | |
55 | ||
56 | r = sd_netlink_message_append_string(m, IFLA_IFNAME, name); | |
57 | if (r < 0) | |
58 | return log_error_errno(r, "Failed to add netlink interface name: %m"); | |
59 | ||
60 | r = sd_netlink_call(rtnl, m, 0, NULL); | |
61 | if (r == -ENODEV) /* Already gone */ | |
62 | return 0; | |
63 | if (r < 0) | |
64 | return log_error_errno(r, "Failed to remove interface %s: %m", name); | |
65 | ||
66 | return 1; | |
67 | } | |
68 | ||
9a2a5625 LP |
69 | static int generate_mac( |
70 | const char *machine_name, | |
71 | struct ether_addr *mac, | |
72 | sd_id128_t hash_key, | |
73 | uint64_t idx) { | |
74 | ||
dbe81cbd | 75 | uint64_t result; |
9a2a5625 LP |
76 | size_t l, sz; |
77 | uint8_t *v, *i; | |
78 | int r; | |
79 | ||
80 | l = strlen(machine_name); | |
81 | sz = sizeof(sd_id128_t) + l; | |
82 | if (idx > 0) | |
83 | sz += sizeof(idx); | |
84 | ||
85 | v = alloca(sz); | |
86 | ||
87 | /* fetch some persistent data unique to the host */ | |
88 | r = sd_id128_get_machine((sd_id128_t*) v); | |
89 | if (r < 0) | |
90 | return r; | |
91 | ||
92 | /* combine with some data unique (on this host) to this | |
93 | * container instance */ | |
94 | i = mempcpy(v + sizeof(sd_id128_t), machine_name, l); | |
95 | if (idx > 0) { | |
96 | idx = htole64(idx); | |
97 | memcpy(i, &idx, sizeof(idx)); | |
98 | } | |
99 | ||
100 | /* Let's hash the host machine ID plus the container name. We | |
101 | * use a fixed, but originally randomly created hash key here. */ | |
933f9cae | 102 | result = htole64(siphash24(v, sz, hash_key.bytes)); |
9a2a5625 LP |
103 | |
104 | assert_cc(ETH_ALEN <= sizeof(result)); | |
dbe81cbd | 105 | memcpy(mac->ether_addr_octet, &result, ETH_ALEN); |
9a2a5625 LP |
106 | |
107 | /* see eth_random_addr in the kernel */ | |
108 | mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */ | |
109 | mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */ | |
110 | ||
111 | return 0; | |
112 | } | |
113 | ||
f6d6bad1 LP |
114 | static int add_veth( |
115 | sd_netlink *rtnl, | |
116 | pid_t pid, | |
117 | const char *ifname_host, | |
118 | const struct ether_addr *mac_host, | |
119 | const char *ifname_container, | |
120 | const struct ether_addr *mac_container) { | |
9a2a5625 | 121 | |
4afd3348 | 122 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
f6d6bad1 | 123 | int r; |
9a2a5625 | 124 | |
f6d6bad1 LP |
125 | assert(rtnl); |
126 | assert(ifname_host); | |
127 | assert(mac_host); | |
128 | assert(ifname_container); | |
129 | assert(mac_container); | |
9a2a5625 LP |
130 | |
131 | r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0); | |
132 | if (r < 0) | |
133 | return log_error_errno(r, "Failed to allocate netlink message: %m"); | |
134 | ||
f6d6bad1 | 135 | r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host); |
9a2a5625 LP |
136 | if (r < 0) |
137 | return log_error_errno(r, "Failed to add netlink interface name: %m"); | |
138 | ||
f6d6bad1 | 139 | r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host); |
9a2a5625 LP |
140 | if (r < 0) |
141 | return log_error_errno(r, "Failed to add netlink MAC address: %m"); | |
142 | ||
143 | r = sd_netlink_message_open_container(m, IFLA_LINKINFO); | |
144 | if (r < 0) | |
145 | return log_error_errno(r, "Failed to open netlink container: %m"); | |
146 | ||
147 | r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth"); | |
148 | if (r < 0) | |
149 | return log_error_errno(r, "Failed to open netlink container: %m"); | |
150 | ||
151 | r = sd_netlink_message_open_container(m, VETH_INFO_PEER); | |
152 | if (r < 0) | |
153 | return log_error_errno(r, "Failed to open netlink container: %m"); | |
154 | ||
f6d6bad1 | 155 | r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container); |
9a2a5625 LP |
156 | if (r < 0) |
157 | return log_error_errno(r, "Failed to add netlink interface name: %m"); | |
158 | ||
f6d6bad1 | 159 | r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container); |
9a2a5625 LP |
160 | if (r < 0) |
161 | return log_error_errno(r, "Failed to add netlink MAC address: %m"); | |
162 | ||
163 | r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid); | |
164 | if (r < 0) | |
165 | return log_error_errno(r, "Failed to add netlink namespace field: %m"); | |
166 | ||
167 | r = sd_netlink_message_close_container(m); | |
168 | if (r < 0) | |
169 | return log_error_errno(r, "Failed to close netlink container: %m"); | |
170 | ||
171 | r = sd_netlink_message_close_container(m); | |
172 | if (r < 0) | |
173 | return log_error_errno(r, "Failed to close netlink container: %m"); | |
174 | ||
175 | r = sd_netlink_message_close_container(m); | |
176 | if (r < 0) | |
177 | return log_error_errno(r, "Failed to close netlink container: %m"); | |
178 | ||
179 | r = sd_netlink_call(rtnl, m, 0, NULL); | |
180 | if (r < 0) | |
f6d6bad1 LP |
181 | return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container); |
182 | ||
183 | return 0; | |
184 | } | |
185 | ||
186 | int setup_veth(const char *machine_name, | |
187 | pid_t pid, | |
188 | char iface_name[IFNAMSIZ], | |
189 | bool bridge) { | |
190 | ||
4afd3348 | 191 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; |
f6d6bad1 LP |
192 | struct ether_addr mac_host, mac_container; |
193 | int r, i; | |
194 | ||
195 | assert(machine_name); | |
196 | assert(pid > 0); | |
197 | assert(iface_name); | |
198 | ||
199 | /* Use two different interface name prefixes depending whether | |
200 | * we are in bridge mode or not. */ | |
201 | snprintf(iface_name, IFNAMSIZ - 1, "%s-%s", | |
202 | bridge ? "vb" : "ve", machine_name); | |
203 | ||
204 | r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0); | |
205 | if (r < 0) | |
206 | return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m"); | |
207 | ||
208 | r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0); | |
209 | if (r < 0) | |
210 | return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m"); | |
211 | ||
212 | r = sd_netlink_open(&rtnl); | |
213 | if (r < 0) | |
214 | return log_error_errno(r, "Failed to connect to netlink: %m"); | |
215 | ||
216 | r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container); | |
217 | if (r < 0) | |
218 | return r; | |
9a2a5625 LP |
219 | |
220 | i = (int) if_nametoindex(iface_name); | |
221 | if (i <= 0) | |
222 | return log_error_errno(errno, "Failed to resolve interface %s: %m", iface_name); | |
223 | ||
224 | return i; | |
225 | } | |
226 | ||
f6d6bad1 LP |
227 | int setup_veth_extra( |
228 | const char *machine_name, | |
229 | pid_t pid, | |
230 | char **pairs) { | |
231 | ||
4afd3348 | 232 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; |
f6d6bad1 LP |
233 | uint64_t idx = 0; |
234 | char **a, **b; | |
235 | int r; | |
236 | ||
237 | assert(machine_name); | |
238 | assert(pid > 0); | |
239 | ||
240 | if (strv_isempty(pairs)) | |
241 | return 0; | |
242 | ||
243 | r = sd_netlink_open(&rtnl); | |
244 | if (r < 0) | |
245 | return log_error_errno(r, "Failed to connect to netlink: %m"); | |
246 | ||
247 | STRV_FOREACH_PAIR(a, b, pairs) { | |
248 | struct ether_addr mac_host, mac_container; | |
249 | ||
250 | r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx); | |
251 | if (r < 0) | |
252 | return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m"); | |
253 | ||
254 | r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx); | |
255 | if (r < 0) | |
256 | return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m"); | |
257 | ||
258 | r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container); | |
259 | if (r < 0) | |
260 | return r; | |
261 | ||
313cefa1 | 262 | idx++; |
f6d6bad1 LP |
263 | } |
264 | ||
265 | return 0; | |
266 | } | |
267 | ||
22b28dfd | 268 | static int join_bridge(sd_netlink *rtnl, const char *veth_name, const char *bridge_name) { |
4afd3348 | 269 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
9a2a5625 LP |
270 | int r, bridge_ifi; |
271 | ||
22b28dfd | 272 | assert(rtnl); |
9a2a5625 LP |
273 | assert(veth_name); |
274 | assert(bridge_name); | |
275 | ||
276 | bridge_ifi = (int) if_nametoindex(bridge_name); | |
277 | if (bridge_ifi <= 0) | |
22b28dfd | 278 | return -errno; |
9a2a5625 LP |
279 | |
280 | r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0); | |
281 | if (r < 0) | |
22b28dfd | 282 | return r; |
9a2a5625 LP |
283 | |
284 | r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP); | |
285 | if (r < 0) | |
22b28dfd | 286 | return r; |
9a2a5625 LP |
287 | |
288 | r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name); | |
289 | if (r < 0) | |
22b28dfd | 290 | return r; |
9a2a5625 LP |
291 | |
292 | r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi); | |
293 | if (r < 0) | |
22b28dfd | 294 | return r; |
9a2a5625 LP |
295 | |
296 | r = sd_netlink_call(rtnl, m, 0, NULL); | |
297 | if (r < 0) | |
22b28dfd | 298 | return r; |
9a2a5625 LP |
299 | |
300 | return bridge_ifi; | |
301 | } | |
302 | ||
22b28dfd LP |
303 | static int create_bridge(sd_netlink *rtnl, const char *bridge_name) { |
304 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; | |
305 | int r; | |
306 | ||
307 | r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0); | |
308 | if (r < 0) | |
309 | return r; | |
310 | ||
311 | r = sd_netlink_message_append_string(m, IFLA_IFNAME, bridge_name); | |
312 | if (r < 0) | |
313 | return r; | |
314 | ||
315 | r = sd_netlink_message_open_container(m, IFLA_LINKINFO); | |
316 | if (r < 0) | |
317 | return r; | |
318 | ||
319 | r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "bridge"); | |
320 | if (r < 0) | |
321 | return r; | |
322 | ||
323 | r = sd_netlink_message_close_container(m); | |
324 | if (r < 0) | |
325 | return r; | |
326 | ||
327 | r = sd_netlink_message_close_container(m); | |
328 | if (r < 0) | |
329 | return r; | |
330 | ||
331 | r = sd_netlink_call(rtnl, m, 0, NULL); | |
332 | if (r < 0) | |
333 | return r; | |
334 | ||
335 | return 0; | |
336 | } | |
337 | ||
338 | int setup_bridge(const char *veth_name, const char *bridge_name, bool create) { | |
339 | _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT; | |
340 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; | |
341 | int r, bridge_ifi; | |
342 | unsigned n = 0; | |
343 | ||
344 | assert(veth_name); | |
345 | assert(bridge_name); | |
346 | ||
347 | r = sd_netlink_open(&rtnl); | |
348 | if (r < 0) | |
349 | return log_error_errno(r, "Failed to connect to netlink: %m"); | |
350 | ||
351 | if (create) { | |
352 | /* We take a system-wide lock here, so that we can safely check whether there's still a member in the | |
6dd6a9c4 | 353 | * bridge before removing it, without risking interference from other nspawn instances. */ |
22b28dfd LP |
354 | |
355 | r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock); | |
356 | if (r < 0) | |
357 | return log_error_errno(r, "Failed to take network zone lock: %m"); | |
358 | } | |
359 | ||
360 | for (;;) { | |
361 | bridge_ifi = join_bridge(rtnl, veth_name, bridge_name); | |
362 | if (bridge_ifi >= 0) | |
363 | return bridge_ifi; | |
364 | if (bridge_ifi != -ENODEV || !create || n > 10) | |
365 | return log_error_errno(bridge_ifi, "Failed to add interface %s to bridge %s: %m", veth_name, bridge_name); | |
366 | ||
367 | /* Count attempts, so that we don't enter an endless loop here. */ | |
368 | n++; | |
369 | ||
370 | /* The bridge doesn't exist yet. Let's create it */ | |
371 | r = create_bridge(rtnl, bridge_name); | |
372 | if (r < 0) | |
373 | return log_error_errno(r, "Failed to create bridge interface %s: %m", bridge_name); | |
374 | ||
375 | /* Try again, now that the bridge exists */ | |
376 | } | |
377 | } | |
378 | ||
379 | int remove_bridge(const char *bridge_name) { | |
380 | _cleanup_release_lock_file_ LockFile bridge_lock = LOCK_FILE_INIT; | |
381 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; | |
382 | const char *path; | |
383 | int r; | |
384 | ||
385 | /* Removes the specified bridge, but only if it is currently empty */ | |
386 | ||
387 | if (isempty(bridge_name)) | |
388 | return 0; | |
389 | ||
390 | r = make_lock_file("/run/systemd/nspawn-network-zone", LOCK_EX, &bridge_lock); | |
391 | if (r < 0) | |
392 | return log_error_errno(r, "Failed to take network zone lock: %m"); | |
393 | ||
394 | path = strjoina("/sys/class/net/", bridge_name, "/brif"); | |
395 | ||
396 | r = dir_is_empty(path); | |
397 | if (r == -ENOENT) /* Already gone? */ | |
398 | return 0; | |
399 | if (r < 0) | |
400 | return log_error_errno(r, "Can't detect if bridge %s is empty: %m", bridge_name); | |
401 | if (r == 0) /* Still populated, leave it around */ | |
402 | return 0; | |
403 | ||
404 | r = sd_netlink_open(&rtnl); | |
405 | if (r < 0) | |
406 | return log_error_errno(r, "Failed to connect to netlink: %m"); | |
407 | ||
408 | return remove_one_link(rtnl, bridge_name); | |
409 | } | |
410 | ||
9a2a5625 LP |
411 | static int parse_interface(struct udev *udev, const char *name) { |
412 | _cleanup_udev_device_unref_ struct udev_device *d = NULL; | |
413 | char ifi_str[2 + DECIMAL_STR_MAX(int)]; | |
414 | int ifi; | |
415 | ||
416 | ifi = (int) if_nametoindex(name); | |
417 | if (ifi <= 0) | |
418 | return log_error_errno(errno, "Failed to resolve interface %s: %m", name); | |
419 | ||
420 | sprintf(ifi_str, "n%i", ifi); | |
421 | d = udev_device_new_from_device_id(udev, ifi_str); | |
422 | if (!d) | |
423 | return log_error_errno(errno, "Failed to get udev device for interface %s: %m", name); | |
424 | ||
425 | if (udev_device_get_is_initialized(d) <= 0) { | |
426 | log_error("Network interface %s is not initialized yet.", name); | |
427 | return -EBUSY; | |
428 | } | |
429 | ||
430 | return ifi; | |
431 | } | |
432 | ||
433 | int move_network_interfaces(pid_t pid, char **ifaces) { | |
434 | _cleanup_udev_unref_ struct udev *udev = NULL; | |
4afd3348 | 435 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; |
9a2a5625 LP |
436 | char **i; |
437 | int r; | |
438 | ||
439 | if (strv_isempty(ifaces)) | |
440 | return 0; | |
441 | ||
442 | r = sd_netlink_open(&rtnl); | |
443 | if (r < 0) | |
444 | return log_error_errno(r, "Failed to connect to netlink: %m"); | |
445 | ||
446 | udev = udev_new(); | |
447 | if (!udev) { | |
448 | log_error("Failed to connect to udev."); | |
449 | return -ENOMEM; | |
450 | } | |
451 | ||
452 | STRV_FOREACH(i, ifaces) { | |
4afd3348 | 453 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
9a2a5625 LP |
454 | int ifi; |
455 | ||
456 | ifi = parse_interface(udev, *i); | |
457 | if (ifi < 0) | |
458 | return ifi; | |
459 | ||
460 | r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi); | |
461 | if (r < 0) | |
462 | return log_error_errno(r, "Failed to allocate netlink message: %m"); | |
463 | ||
464 | r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid); | |
465 | if (r < 0) | |
466 | return log_error_errno(r, "Failed to append namespace PID to netlink message: %m"); | |
467 | ||
468 | r = sd_netlink_call(rtnl, m, 0, NULL); | |
469 | if (r < 0) | |
470 | return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i); | |
471 | } | |
472 | ||
473 | return 0; | |
474 | } | |
475 | ||
476 | int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) { | |
477 | _cleanup_udev_unref_ struct udev *udev = NULL; | |
4afd3348 | 478 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; |
9a2a5625 LP |
479 | unsigned idx = 0; |
480 | char **i; | |
481 | int r; | |
482 | ||
483 | if (strv_isempty(ifaces)) | |
484 | return 0; | |
485 | ||
486 | r = sd_netlink_open(&rtnl); | |
487 | if (r < 0) | |
488 | return log_error_errno(r, "Failed to connect to netlink: %m"); | |
489 | ||
490 | udev = udev_new(); | |
491 | if (!udev) { | |
492 | log_error("Failed to connect to udev."); | |
493 | return -ENOMEM; | |
494 | } | |
495 | ||
496 | STRV_FOREACH(i, ifaces) { | |
4afd3348 | 497 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
9a2a5625 LP |
498 | _cleanup_free_ char *n = NULL; |
499 | struct ether_addr mac; | |
500 | int ifi; | |
501 | ||
502 | ifi = parse_interface(udev, *i); | |
503 | if (ifi < 0) | |
504 | return ifi; | |
505 | ||
506 | r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++); | |
507 | if (r < 0) | |
508 | return log_error_errno(r, "Failed to create MACVLAN MAC address: %m"); | |
509 | ||
510 | r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0); | |
511 | if (r < 0) | |
512 | return log_error_errno(r, "Failed to allocate netlink message: %m"); | |
513 | ||
514 | r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi); | |
515 | if (r < 0) | |
516 | return log_error_errno(r, "Failed to add netlink interface index: %m"); | |
517 | ||
518 | n = strappend("mv-", *i); | |
519 | if (!n) | |
520 | return log_oom(); | |
521 | ||
522 | strshorten(n, IFNAMSIZ-1); | |
523 | ||
524 | r = sd_netlink_message_append_string(m, IFLA_IFNAME, n); | |
525 | if (r < 0) | |
526 | return log_error_errno(r, "Failed to add netlink interface name: %m"); | |
527 | ||
528 | r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac); | |
529 | if (r < 0) | |
530 | return log_error_errno(r, "Failed to add netlink MAC address: %m"); | |
531 | ||
532 | r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid); | |
533 | if (r < 0) | |
534 | return log_error_errno(r, "Failed to add netlink namespace field: %m"); | |
535 | ||
536 | r = sd_netlink_message_open_container(m, IFLA_LINKINFO); | |
537 | if (r < 0) | |
538 | return log_error_errno(r, "Failed to open netlink container: %m"); | |
539 | ||
540 | r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan"); | |
541 | if (r < 0) | |
542 | return log_error_errno(r, "Failed to open netlink container: %m"); | |
543 | ||
544 | r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE); | |
545 | if (r < 0) | |
546 | return log_error_errno(r, "Failed to append macvlan mode: %m"); | |
547 | ||
548 | r = sd_netlink_message_close_container(m); | |
549 | if (r < 0) | |
550 | return log_error_errno(r, "Failed to close netlink container: %m"); | |
551 | ||
552 | r = sd_netlink_message_close_container(m); | |
553 | if (r < 0) | |
554 | return log_error_errno(r, "Failed to close netlink container: %m"); | |
555 | ||
556 | r = sd_netlink_call(rtnl, m, 0, NULL); | |
557 | if (r < 0) | |
558 | return log_error_errno(r, "Failed to add new macvlan interfaces: %m"); | |
559 | } | |
560 | ||
561 | return 0; | |
562 | } | |
563 | ||
564 | int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) { | |
565 | _cleanup_udev_unref_ struct udev *udev = NULL; | |
4afd3348 | 566 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; |
9a2a5625 LP |
567 | char **i; |
568 | int r; | |
569 | ||
570 | if (strv_isempty(ifaces)) | |
571 | return 0; | |
572 | ||
573 | r = sd_netlink_open(&rtnl); | |
574 | if (r < 0) | |
575 | return log_error_errno(r, "Failed to connect to netlink: %m"); | |
576 | ||
577 | udev = udev_new(); | |
578 | if (!udev) { | |
579 | log_error("Failed to connect to udev."); | |
580 | return -ENOMEM; | |
581 | } | |
582 | ||
583 | STRV_FOREACH(i, ifaces) { | |
4afd3348 | 584 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; |
9a2a5625 LP |
585 | _cleanup_free_ char *n = NULL; |
586 | int ifi; | |
587 | ||
588 | ifi = parse_interface(udev, *i); | |
589 | if (ifi < 0) | |
590 | return ifi; | |
591 | ||
592 | r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0); | |
593 | if (r < 0) | |
594 | return log_error_errno(r, "Failed to allocate netlink message: %m"); | |
595 | ||
596 | r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi); | |
597 | if (r < 0) | |
598 | return log_error_errno(r, "Failed to add netlink interface index: %m"); | |
599 | ||
600 | n = strappend("iv-", *i); | |
601 | if (!n) | |
602 | return log_oom(); | |
603 | ||
604 | strshorten(n, IFNAMSIZ-1); | |
605 | ||
606 | r = sd_netlink_message_append_string(m, IFLA_IFNAME, n); | |
607 | if (r < 0) | |
608 | return log_error_errno(r, "Failed to add netlink interface name: %m"); | |
609 | ||
610 | r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid); | |
611 | if (r < 0) | |
612 | return log_error_errno(r, "Failed to add netlink namespace field: %m"); | |
613 | ||
614 | r = sd_netlink_message_open_container(m, IFLA_LINKINFO); | |
615 | if (r < 0) | |
616 | return log_error_errno(r, "Failed to open netlink container: %m"); | |
617 | ||
618 | r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan"); | |
619 | if (r < 0) | |
620 | return log_error_errno(r, "Failed to open netlink container: %m"); | |
621 | ||
622 | r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2); | |
623 | if (r < 0) | |
624 | return log_error_errno(r, "Failed to add ipvlan mode: %m"); | |
625 | ||
626 | r = sd_netlink_message_close_container(m); | |
627 | if (r < 0) | |
628 | return log_error_errno(r, "Failed to close netlink container: %m"); | |
629 | ||
630 | r = sd_netlink_message_close_container(m); | |
631 | if (r < 0) | |
632 | return log_error_errno(r, "Failed to close netlink container: %m"); | |
633 | ||
634 | r = sd_netlink_call(rtnl, m, 0, NULL); | |
635 | if (r < 0) | |
636 | return log_error_errno(r, "Failed to add new ipvlan interfaces: %m"); | |
637 | } | |
638 | ||
639 | return 0; | |
640 | } | |
f6d6bad1 LP |
641 | |
642 | int veth_extra_parse(char ***l, const char *p) { | |
643 | _cleanup_free_ char *a = NULL, *b = NULL; | |
644 | int r; | |
645 | ||
646 | r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS); | |
647 | if (r < 0) | |
648 | return r; | |
ef76dff2 | 649 | if (r == 0 || !ifname_valid(a)) |
f6d6bad1 LP |
650 | return -EINVAL; |
651 | ||
652 | r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS); | |
653 | if (r < 0) | |
654 | return r; | |
ef76dff2 | 655 | if (r == 0 || !ifname_valid(b)) { |
f6d6bad1 LP |
656 | free(b); |
657 | b = strdup(a); | |
658 | if (!b) | |
659 | return -ENOMEM; | |
660 | } | |
661 | ||
662 | if (p) | |
663 | return -EINVAL; | |
664 | ||
665 | r = strv_push_pair(l, a, b); | |
666 | if (r < 0) | |
667 | return -ENOMEM; | |
668 | ||
669 | a = b = NULL; | |
670 | return 0; | |
671 | } | |
ef3b2aa7 | 672 | |
ef3b2aa7 LP |
673 | int remove_veth_links(const char *primary, char **pairs) { |
674 | _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; | |
675 | char **a, **b; | |
676 | int r; | |
677 | ||
678 | /* In some cases the kernel might pin the veth links between host and container even after the namespace | |
679 | * died. Hence, let's better remove them explicitly too. */ | |
680 | ||
681 | if (isempty(primary) && strv_isempty(pairs)) | |
682 | return 0; | |
683 | ||
684 | r = sd_netlink_open(&rtnl); | |
685 | if (r < 0) | |
686 | return log_error_errno(r, "Failed to connect to netlink: %m"); | |
687 | ||
22b28dfd | 688 | remove_one_link(rtnl, primary); |
ef3b2aa7 LP |
689 | |
690 | STRV_FOREACH_PAIR(a, b, pairs) | |
22b28dfd | 691 | remove_one_link(rtnl, *a); |
ef3b2aa7 LP |
692 | |
693 | return 0; | |
694 | } |