]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/nspawn/nspawn-network.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2495 from heftig/master
[thirdparty/systemd.git] / src / nspawn / nspawn-network.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2015 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <linux/veth.h>
21 #include <net/if.h>
22
23 #include "libudev.h"
24 #include "sd-id128.h"
25 #include "sd-netlink.h"
26
27 #include "alloc-util.h"
28 #include "ether-addr-util.h"
29 #include "netlink-util.h"
30 #include "nspawn-network.h"
31 #include "siphash24.h"
32 #include "string-util.h"
33 #include "udev-util.h"
34 #include "util.h"
35
36 #define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
37 #define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
38 #define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
39 #define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
40 #define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
41
42 static int generate_mac(
43 const char *machine_name,
44 struct ether_addr *mac,
45 sd_id128_t hash_key,
46 uint64_t idx) {
47
48 uint64_t result;
49 size_t l, sz;
50 uint8_t *v, *i;
51 int r;
52
53 l = strlen(machine_name);
54 sz = sizeof(sd_id128_t) + l;
55 if (idx > 0)
56 sz += sizeof(idx);
57
58 v = alloca(sz);
59
60 /* fetch some persistent data unique to the host */
61 r = sd_id128_get_machine((sd_id128_t*) v);
62 if (r < 0)
63 return r;
64
65 /* combine with some data unique (on this host) to this
66 * container instance */
67 i = mempcpy(v + sizeof(sd_id128_t), machine_name, l);
68 if (idx > 0) {
69 idx = htole64(idx);
70 memcpy(i, &idx, sizeof(idx));
71 }
72
73 /* Let's hash the host machine ID plus the container name. We
74 * use a fixed, but originally randomly created hash key here. */
75 result = htole64(siphash24(v, sz, hash_key.bytes));
76
77 assert_cc(ETH_ALEN <= sizeof(result));
78 memcpy(mac->ether_addr_octet, &result, ETH_ALEN);
79
80 /* see eth_random_addr in the kernel */
81 mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
82 mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
83
84 return 0;
85 }
86
87 static int add_veth(
88 sd_netlink *rtnl,
89 pid_t pid,
90 const char *ifname_host,
91 const struct ether_addr *mac_host,
92 const char *ifname_container,
93 const struct ether_addr *mac_container) {
94
95 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
96 int r;
97
98 assert(rtnl);
99 assert(ifname_host);
100 assert(mac_host);
101 assert(ifname_container);
102 assert(mac_container);
103
104 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
105 if (r < 0)
106 return log_error_errno(r, "Failed to allocate netlink message: %m");
107
108 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
109 if (r < 0)
110 return log_error_errno(r, "Failed to add netlink interface name: %m");
111
112 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
113 if (r < 0)
114 return log_error_errno(r, "Failed to add netlink MAC address: %m");
115
116 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
117 if (r < 0)
118 return log_error_errno(r, "Failed to open netlink container: %m");
119
120 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "veth");
121 if (r < 0)
122 return log_error_errno(r, "Failed to open netlink container: %m");
123
124 r = sd_netlink_message_open_container(m, VETH_INFO_PEER);
125 if (r < 0)
126 return log_error_errno(r, "Failed to open netlink container: %m");
127
128 r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
129 if (r < 0)
130 return log_error_errno(r, "Failed to add netlink interface name: %m");
131
132 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
133 if (r < 0)
134 return log_error_errno(r, "Failed to add netlink MAC address: %m");
135
136 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
137 if (r < 0)
138 return log_error_errno(r, "Failed to add netlink namespace field: %m");
139
140 r = sd_netlink_message_close_container(m);
141 if (r < 0)
142 return log_error_errno(r, "Failed to close netlink container: %m");
143
144 r = sd_netlink_message_close_container(m);
145 if (r < 0)
146 return log_error_errno(r, "Failed to close netlink container: %m");
147
148 r = sd_netlink_message_close_container(m);
149 if (r < 0)
150 return log_error_errno(r, "Failed to close netlink container: %m");
151
152 r = sd_netlink_call(rtnl, m, 0, NULL);
153 if (r < 0)
154 return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
155
156 return 0;
157 }
158
159 int setup_veth(const char *machine_name,
160 pid_t pid,
161 char iface_name[IFNAMSIZ],
162 bool bridge) {
163
164 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
165 struct ether_addr mac_host, mac_container;
166 int r, i;
167
168 assert(machine_name);
169 assert(pid > 0);
170 assert(iface_name);
171
172 /* Use two different interface name prefixes depending whether
173 * we are in bridge mode or not. */
174 snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
175 bridge ? "vb" : "ve", machine_name);
176
177 r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
178 if (r < 0)
179 return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
180
181 r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
182 if (r < 0)
183 return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
184
185 r = sd_netlink_open(&rtnl);
186 if (r < 0)
187 return log_error_errno(r, "Failed to connect to netlink: %m");
188
189 r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container);
190 if (r < 0)
191 return r;
192
193 i = (int) if_nametoindex(iface_name);
194 if (i <= 0)
195 return log_error_errno(errno, "Failed to resolve interface %s: %m", iface_name);
196
197 return i;
198 }
199
200 int setup_veth_extra(
201 const char *machine_name,
202 pid_t pid,
203 char **pairs) {
204
205 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
206 uint64_t idx = 0;
207 char **a, **b;
208 int r;
209
210 assert(machine_name);
211 assert(pid > 0);
212
213 if (strv_isempty(pairs))
214 return 0;
215
216 r = sd_netlink_open(&rtnl);
217 if (r < 0)
218 return log_error_errno(r, "Failed to connect to netlink: %m");
219
220 STRV_FOREACH_PAIR(a, b, pairs) {
221 struct ether_addr mac_host, mac_container;
222
223 r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
224 if (r < 0)
225 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
226
227 r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
228 if (r < 0)
229 return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
230
231 r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
232 if (r < 0)
233 return r;
234
235 idx ++;
236 }
237
238 return 0;
239 }
240
241 int setup_bridge(const char *veth_name, const char *bridge_name) {
242 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
243 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
244 int r, bridge_ifi;
245
246 assert(veth_name);
247 assert(bridge_name);
248
249 bridge_ifi = (int) if_nametoindex(bridge_name);
250 if (bridge_ifi <= 0)
251 return log_error_errno(errno, "Failed to resolve interface %s: %m", bridge_name);
252
253 r = sd_netlink_open(&rtnl);
254 if (r < 0)
255 return log_error_errno(r, "Failed to connect to netlink: %m");
256
257 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
258 if (r < 0)
259 return log_error_errno(r, "Failed to allocate netlink message: %m");
260
261 r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
262 if (r < 0)
263 return log_error_errno(r, "Failed to set IFF_UP flag: %m");
264
265 r = sd_netlink_message_append_string(m, IFLA_IFNAME, veth_name);
266 if (r < 0)
267 return log_error_errno(r, "Failed to add netlink interface name field: %m");
268
269 r = sd_netlink_message_append_u32(m, IFLA_MASTER, bridge_ifi);
270 if (r < 0)
271 return log_error_errno(r, "Failed to add netlink master field: %m");
272
273 r = sd_netlink_call(rtnl, m, 0, NULL);
274 if (r < 0)
275 return log_error_errno(r, "Failed to add veth interface to bridge: %m");
276
277 return bridge_ifi;
278 }
279
280 static int parse_interface(struct udev *udev, const char *name) {
281 _cleanup_udev_device_unref_ struct udev_device *d = NULL;
282 char ifi_str[2 + DECIMAL_STR_MAX(int)];
283 int ifi;
284
285 ifi = (int) if_nametoindex(name);
286 if (ifi <= 0)
287 return log_error_errno(errno, "Failed to resolve interface %s: %m", name);
288
289 sprintf(ifi_str, "n%i", ifi);
290 d = udev_device_new_from_device_id(udev, ifi_str);
291 if (!d)
292 return log_error_errno(errno, "Failed to get udev device for interface %s: %m", name);
293
294 if (udev_device_get_is_initialized(d) <= 0) {
295 log_error("Network interface %s is not initialized yet.", name);
296 return -EBUSY;
297 }
298
299 return ifi;
300 }
301
302 int move_network_interfaces(pid_t pid, char **ifaces) {
303 _cleanup_udev_unref_ struct udev *udev = NULL;
304 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
305 char **i;
306 int r;
307
308 if (strv_isempty(ifaces))
309 return 0;
310
311 r = sd_netlink_open(&rtnl);
312 if (r < 0)
313 return log_error_errno(r, "Failed to connect to netlink: %m");
314
315 udev = udev_new();
316 if (!udev) {
317 log_error("Failed to connect to udev.");
318 return -ENOMEM;
319 }
320
321 STRV_FOREACH(i, ifaces) {
322 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
323 int ifi;
324
325 ifi = parse_interface(udev, *i);
326 if (ifi < 0)
327 return ifi;
328
329 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi);
330 if (r < 0)
331 return log_error_errno(r, "Failed to allocate netlink message: %m");
332
333 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
334 if (r < 0)
335 return log_error_errno(r, "Failed to append namespace PID to netlink message: %m");
336
337 r = sd_netlink_call(rtnl, m, 0, NULL);
338 if (r < 0)
339 return log_error_errno(r, "Failed to move interface %s to namespace: %m", *i);
340 }
341
342 return 0;
343 }
344
345 int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces) {
346 _cleanup_udev_unref_ struct udev *udev = NULL;
347 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
348 unsigned idx = 0;
349 char **i;
350 int r;
351
352 if (strv_isempty(ifaces))
353 return 0;
354
355 r = sd_netlink_open(&rtnl);
356 if (r < 0)
357 return log_error_errno(r, "Failed to connect to netlink: %m");
358
359 udev = udev_new();
360 if (!udev) {
361 log_error("Failed to connect to udev.");
362 return -ENOMEM;
363 }
364
365 STRV_FOREACH(i, ifaces) {
366 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
367 _cleanup_free_ char *n = NULL;
368 struct ether_addr mac;
369 int ifi;
370
371 ifi = parse_interface(udev, *i);
372 if (ifi < 0)
373 return ifi;
374
375 r = generate_mac(machine_name, &mac, MACVLAN_HASH_KEY, idx++);
376 if (r < 0)
377 return log_error_errno(r, "Failed to create MACVLAN MAC address: %m");
378
379 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
380 if (r < 0)
381 return log_error_errno(r, "Failed to allocate netlink message: %m");
382
383 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
384 if (r < 0)
385 return log_error_errno(r, "Failed to add netlink interface index: %m");
386
387 n = strappend("mv-", *i);
388 if (!n)
389 return log_oom();
390
391 strshorten(n, IFNAMSIZ-1);
392
393 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
394 if (r < 0)
395 return log_error_errno(r, "Failed to add netlink interface name: %m");
396
397 r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
398 if (r < 0)
399 return log_error_errno(r, "Failed to add netlink MAC address: %m");
400
401 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
402 if (r < 0)
403 return log_error_errno(r, "Failed to add netlink namespace field: %m");
404
405 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
406 if (r < 0)
407 return log_error_errno(r, "Failed to open netlink container: %m");
408
409 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
410 if (r < 0)
411 return log_error_errno(r, "Failed to open netlink container: %m");
412
413 r = sd_netlink_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
414 if (r < 0)
415 return log_error_errno(r, "Failed to append macvlan mode: %m");
416
417 r = sd_netlink_message_close_container(m);
418 if (r < 0)
419 return log_error_errno(r, "Failed to close netlink container: %m");
420
421 r = sd_netlink_message_close_container(m);
422 if (r < 0)
423 return log_error_errno(r, "Failed to close netlink container: %m");
424
425 r = sd_netlink_call(rtnl, m, 0, NULL);
426 if (r < 0)
427 return log_error_errno(r, "Failed to add new macvlan interfaces: %m");
428 }
429
430 return 0;
431 }
432
433 int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
434 _cleanup_udev_unref_ struct udev *udev = NULL;
435 _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
436 char **i;
437 int r;
438
439 if (strv_isempty(ifaces))
440 return 0;
441
442 r = sd_netlink_open(&rtnl);
443 if (r < 0)
444 return log_error_errno(r, "Failed to connect to netlink: %m");
445
446 udev = udev_new();
447 if (!udev) {
448 log_error("Failed to connect to udev.");
449 return -ENOMEM;
450 }
451
452 STRV_FOREACH(i, ifaces) {
453 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
454 _cleanup_free_ char *n = NULL;
455 int ifi;
456
457 ifi = parse_interface(udev, *i);
458 if (ifi < 0)
459 return ifi;
460
461 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
462 if (r < 0)
463 return log_error_errno(r, "Failed to allocate netlink message: %m");
464
465 r = sd_netlink_message_append_u32(m, IFLA_LINK, ifi);
466 if (r < 0)
467 return log_error_errno(r, "Failed to add netlink interface index: %m");
468
469 n = strappend("iv-", *i);
470 if (!n)
471 return log_oom();
472
473 strshorten(n, IFNAMSIZ-1);
474
475 r = sd_netlink_message_append_string(m, IFLA_IFNAME, n);
476 if (r < 0)
477 return log_error_errno(r, "Failed to add netlink interface name: %m");
478
479 r = sd_netlink_message_append_u32(m, IFLA_NET_NS_PID, pid);
480 if (r < 0)
481 return log_error_errno(r, "Failed to add netlink namespace field: %m");
482
483 r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
484 if (r < 0)
485 return log_error_errno(r, "Failed to open netlink container: %m");
486
487 r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, "ipvlan");
488 if (r < 0)
489 return log_error_errno(r, "Failed to open netlink container: %m");
490
491 r = sd_netlink_message_append_u16(m, IFLA_IPVLAN_MODE, IPVLAN_MODE_L2);
492 if (r < 0)
493 return log_error_errno(r, "Failed to add ipvlan mode: %m");
494
495 r = sd_netlink_message_close_container(m);
496 if (r < 0)
497 return log_error_errno(r, "Failed to close netlink container: %m");
498
499 r = sd_netlink_message_close_container(m);
500 if (r < 0)
501 return log_error_errno(r, "Failed to close netlink container: %m");
502
503 r = sd_netlink_call(rtnl, m, 0, NULL);
504 if (r < 0)
505 return log_error_errno(r, "Failed to add new ipvlan interfaces: %m");
506 }
507
508 return 0;
509 }
510
511 int veth_extra_parse(char ***l, const char *p) {
512 _cleanup_free_ char *a = NULL, *b = NULL;
513 int r;
514
515 r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
516 if (r < 0)
517 return r;
518 if (r == 0 || isempty(a))
519 return -EINVAL;
520
521 r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
522 if (r < 0)
523 return r;
524 if (r == 0 || isempty(b)) {
525 free(b);
526 b = strdup(a);
527 if (!b)
528 return -ENOMEM;
529 }
530
531 if (p)
532 return -EINVAL;
533
534 r = strv_push_pair(l, a, b);
535 if (r < 0)
536 return -ENOMEM;
537
538 a = b = NULL;
539 return 0;
540 }
Unnamed repository; edit this file 'description' to name the repository.