2012-08-02 08:06:29 +04:00
|
|
|
#include <unistd.h>
|
2012-08-02 08:17:27 +04:00
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <linux/netlink.h>
|
|
|
|
|
#include <linux/rtnetlink.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <net/if_arp.h>
|
|
|
|
|
#include <sys/wait.h>
|
2012-08-10 19:14:36 +04:00
|
|
|
#include <sched.h>
|
2013-08-17 01:30:48 +04:00
|
|
|
#include <sys/mount.h>
|
2015-01-12 14:54:18 +03:00
|
|
|
#include <net/if.h>
|
|
|
|
|
#include <linux/sockios.h>
|
2013-08-17 01:30:48 +04:00
|
|
|
|
2014-09-29 12:47:37 +04:00
|
|
|
#include "imgset.h"
|
2012-08-02 08:06:29 +04:00
|
|
|
#include "syscall-types.h"
|
|
|
|
|
#include "namespaces.h"
|
|
|
|
|
#include "net.h"
|
2012-08-02 08:17:27 +04:00
|
|
|
#include "libnetlink.h"
|
2013-11-06 17:21:11 +04:00
|
|
|
#include "cr_options.h"
|
2012-09-17 20:05:55 +04:00
|
|
|
#include "sk-inet.h"
|
2013-08-23 19:02:55 +04:00
|
|
|
#include "tun.h"
|
2013-08-17 01:30:48 +04:00
|
|
|
#include "util-pie.h"
|
2013-12-26 17:00:05 +04:00
|
|
|
#include "plugin.h"
|
2014-09-03 23:43:23 +04:00
|
|
|
#include "action-scripts.h"
|
2014-09-29 22:03:55 +04:00
|
|
|
#include "sockets.h"
|
|
|
|
|
#include "pstree.h"
|
2015-03-31 10:51:10 +03:00
|
|
|
#include "sysctl.h"
|
2012-08-02 08:17:27 +04:00
|
|
|
#include "protobuf.h"
|
|
|
|
|
#include "protobuf/netdev.pb-c.h"
|
|
|
|
|
|
2012-08-10 19:14:36 +04:00
|
|
|
static int ns_fd = -1;
|
2013-08-17 01:30:48 +04:00
|
|
|
static int ns_sysfs_fd = -1;
|
2012-08-10 19:14:36 +04:00
|
|
|
|
2013-08-17 01:34:17 +04:00
|
|
|
int read_ns_sys_file(char *path, char *buf, int len)
|
|
|
|
|
{
|
|
|
|
|
int fd, rlen;
|
|
|
|
|
|
|
|
|
|
BUG_ON(ns_sysfs_fd == -1);
|
|
|
|
|
|
|
|
|
|
fd = openat(ns_sysfs_fd, path, O_RDONLY, 0);
|
|
|
|
|
if (fd < 0) {
|
|
|
|
|
pr_perror("Can't open ns' %s", path);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rlen = read(fd, buf, len);
|
|
|
|
|
close(fd);
|
|
|
|
|
|
|
|
|
|
if (rlen >= 0)
|
|
|
|
|
buf[rlen] = '\0';
|
|
|
|
|
|
|
|
|
|
return rlen;
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-31 10:51:09 +03:00
|
|
|
char *devconfs[] = {
|
|
|
|
|
"accept_local",
|
|
|
|
|
"accept_redirects",
|
|
|
|
|
"accept_source_route",
|
|
|
|
|
"arp_accept",
|
|
|
|
|
"arp_announce",
|
|
|
|
|
"arp_filter",
|
|
|
|
|
"arp_ignore",
|
|
|
|
|
"arp_notify",
|
|
|
|
|
"bootp_relay",
|
|
|
|
|
"disable_policy",
|
|
|
|
|
"disable_xfrm",
|
|
|
|
|
"force_igmp_version",
|
|
|
|
|
"forwarding",
|
|
|
|
|
"igmpv2_unsolicited_report_interval",
|
|
|
|
|
"igmpv3_unsolicited_report_interval",
|
|
|
|
|
"log_martians",
|
|
|
|
|
"medium_id",
|
|
|
|
|
"promote_secondaries",
|
|
|
|
|
"proxy_arp",
|
|
|
|
|
"proxy_arp_pvlan",
|
|
|
|
|
"route_localnet",
|
|
|
|
|
"rp_filter",
|
|
|
|
|
"secure_redirects",
|
|
|
|
|
"send_redirects",
|
|
|
|
|
"shared_media",
|
|
|
|
|
"src_valid_mark",
|
|
|
|
|
"tag",
|
|
|
|
|
NULL,
|
|
|
|
|
};
|
|
|
|
|
|
2015-03-31 10:51:10 +03:00
|
|
|
#define NET_CONF_PATH "net/ipv4/conf"
|
|
|
|
|
#define MAX_CONF_OPT_PATH IFNAMSIZ+50
|
|
|
|
|
|
|
|
|
|
static int ipv4_conf_op(char *tgt, int *conf, int op)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
int ret;
|
|
|
|
|
struct sysctl_req req[ARRAY_SIZE(devconfs) + 1];
|
|
|
|
|
char path[ARRAY_SIZE(devconfs)][MAX_CONF_OPT_PATH];
|
|
|
|
|
|
|
|
|
|
for (i = 0; devconfs[i]; i++) {
|
|
|
|
|
sprintf(path[i], "%s/%s/%s", NET_CONF_PATH, tgt, devconfs[i]);
|
|
|
|
|
req[i].name = path[i];
|
|
|
|
|
req[i].arg = &conf[i];
|
|
|
|
|
req[i].type = CTL_32;
|
|
|
|
|
}
|
|
|
|
|
req[i].name = NULL;
|
|
|
|
|
|
|
|
|
|
ret = sysctl_op(req, op);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
pr_err("Failed to %s %s/<confs>\n", (op == CTL_READ)?"read":"write", tgt);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-29 12:47:37 +04:00
|
|
|
int write_netdev_img(NetDeviceEntry *nde, struct cr_imgset *fds)
|
2013-08-17 01:10:15 +04:00
|
|
|
{
|
2014-09-29 12:47:37 +04:00
|
|
|
return pb_write_one(img_from_set(fds, CR_FD_NETDEV), nde, PB_NETDEV);
|
2013-08-17 01:10:15 +04:00
|
|
|
}
|
|
|
|
|
|
2012-08-10 13:09:03 +04:00
|
|
|
static int dump_one_netdev(int type, struct ifinfomsg *ifi,
|
2014-09-29 12:47:37 +04:00
|
|
|
struct rtattr **tb, struct cr_imgset *fds,
|
|
|
|
|
int (*dump)(NetDeviceEntry *, struct cr_imgset *))
|
2012-08-02 08:17:27 +04:00
|
|
|
{
|
2015-03-31 10:51:10 +03:00
|
|
|
int ret;
|
2012-08-02 08:17:27 +04:00
|
|
|
NetDeviceEntry netdev = NET_DEVICE_ENTRY__INIT;
|
|
|
|
|
|
|
|
|
|
if (!tb[IFLA_IFNAME]) {
|
|
|
|
|
pr_err("No name for link %d\n", ifi->ifi_index);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
netdev.type = type;
|
|
|
|
|
netdev.ifindex = ifi->ifi_index;
|
|
|
|
|
netdev.mtu = *(int *)RTA_DATA(tb[IFLA_MTU]);
|
|
|
|
|
netdev.flags = ifi->ifi_flags;
|
|
|
|
|
netdev.name = RTA_DATA(tb[IFLA_IFNAME]);
|
|
|
|
|
|
2013-08-24 01:07:33 +04:00
|
|
|
if (tb[IFLA_ADDRESS] && (type != ND_TYPE__LOOPBACK)) {
|
|
|
|
|
netdev.has_address = true;
|
|
|
|
|
netdev.address.data = RTA_DATA(tb[IFLA_ADDRESS]);
|
|
|
|
|
netdev.address.len = RTA_PAYLOAD(tb[IFLA_ADDRESS]);
|
|
|
|
|
pr_info("Found ll addr (%02x:../%d) for %s\n",
|
|
|
|
|
(int)netdev.address.data[0],
|
|
|
|
|
(int)netdev.address.len, netdev.name);
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-31 10:51:10 +03:00
|
|
|
netdev.n_conf = ARRAY_SIZE(devconfs);
|
|
|
|
|
netdev.conf = xmalloc(sizeof(int) * netdev.n_conf);
|
|
|
|
|
if (!netdev.conf)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
ret = ipv4_conf_op(netdev.name, netdev.conf, CTL_READ);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
goto err_free;
|
|
|
|
|
|
2013-08-17 01:10:15 +04:00
|
|
|
if (!dump)
|
|
|
|
|
dump = write_netdev_img;
|
|
|
|
|
|
2015-03-31 10:51:10 +03:00
|
|
|
ret = dump(&netdev, fds);
|
|
|
|
|
err_free:
|
|
|
|
|
xfree(netdev.conf);
|
|
|
|
|
return ret;
|
2012-08-02 08:17:27 +04:00
|
|
|
}
|
|
|
|
|
|
2013-06-10 16:17:45 +04:00
|
|
|
static char *link_kind(struct ifinfomsg *ifi, struct rtattr **tb)
|
2012-08-10 17:24:11 +04:00
|
|
|
{
|
|
|
|
|
struct rtattr *linkinfo[IFLA_INFO_MAX + 1];
|
|
|
|
|
|
|
|
|
|
if (!tb[IFLA_LINKINFO]) {
|
|
|
|
|
pr_err("No linkinfo for eth link %d\n", ifi->ifi_index);
|
2013-06-10 16:17:45 +04:00
|
|
|
return NULL;
|
2012-08-10 17:24:11 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb[IFLA_LINKINFO]);
|
|
|
|
|
if (!linkinfo[IFLA_INFO_KIND]) {
|
|
|
|
|
pr_err("No kind for eth link %d\n", ifi->ifi_index);
|
2013-06-10 16:17:45 +04:00
|
|
|
return NULL;
|
2012-08-10 17:24:11 +04:00
|
|
|
}
|
|
|
|
|
|
2013-06-10 16:17:45 +04:00
|
|
|
return RTA_DATA(linkinfo[IFLA_INFO_KIND]);
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-26 16:59:45 +04:00
|
|
|
static int dump_unknown_device(struct ifinfomsg *ifi, char *kind,
|
2014-09-29 12:47:37 +04:00
|
|
|
struct rtattr **tb, struct cr_imgset *fds)
|
2013-12-26 16:59:45 +04:00
|
|
|
{
|
2013-12-26 17:00:05 +04:00
|
|
|
int ret;
|
|
|
|
|
|
2014-02-27 20:58:23 +04:00
|
|
|
ret = run_plugins(DUMP_EXT_LINK, ifi->ifi_index, ifi->ifi_type, kind);
|
2013-12-26 17:00:05 +04:00
|
|
|
if (ret == 0)
|
|
|
|
|
return dump_one_netdev(ND_TYPE__EXTLINK, ifi, tb, fds, NULL);
|
|
|
|
|
|
|
|
|
|
if (ret == -ENOTSUP)
|
|
|
|
|
pr_err("Unsupported link %d (type %d kind %s)\n",
|
|
|
|
|
ifi->ifi_index, ifi->ifi_type, kind);
|
2013-12-26 16:59:45 +04:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-26 16:59:28 +04:00
|
|
|
static int dump_one_ethernet(struct ifinfomsg *ifi, char *kind,
|
2014-09-29 12:47:37 +04:00
|
|
|
struct rtattr **tb, struct cr_imgset *fds)
|
2013-06-10 16:17:45 +04:00
|
|
|
{
|
2012-08-10 17:24:11 +04:00
|
|
|
if (!strcmp(kind, "veth"))
|
|
|
|
|
/*
|
|
|
|
|
* This is not correct. The peer of the veth device may
|
|
|
|
|
* be either outside or inside the netns we're working
|
|
|
|
|
* on, but there's currently no way of finding this out.
|
|
|
|
|
*
|
|
|
|
|
* Sigh... we have to assume, that the veth device is a
|
|
|
|
|
* connection to the outer world and just dump this end :(
|
|
|
|
|
*/
|
2013-08-17 01:10:15 +04:00
|
|
|
return dump_one_netdev(ND_TYPE__VETH, ifi, tb, fds, NULL);
|
2013-08-23 19:02:55 +04:00
|
|
|
if (!strcmp(kind, "tun"))
|
|
|
|
|
return dump_one_netdev(ND_TYPE__TUN, ifi, tb, fds, dump_tun_link);
|
2013-12-26 16:59:28 +04:00
|
|
|
|
2013-12-26 16:59:45 +04:00
|
|
|
return dump_unknown_device(ifi, kind, tb, fds);
|
2012-08-10 17:24:11 +04:00
|
|
|
}
|
|
|
|
|
|
2013-12-26 16:59:28 +04:00
|
|
|
static int dump_one_gendev(struct ifinfomsg *ifi, char *kind,
|
2014-09-29 12:47:37 +04:00
|
|
|
struct rtattr **tb, struct cr_imgset *fds)
|
2013-08-23 19:02:55 +04:00
|
|
|
{
|
|
|
|
|
if (!strcmp(kind, "tun"))
|
|
|
|
|
return dump_one_netdev(ND_TYPE__TUN, ifi, tb, fds, dump_tun_link);
|
|
|
|
|
|
2013-12-26 16:59:45 +04:00
|
|
|
return dump_unknown_device(ifi, kind, tb, fds);
|
2013-08-23 19:02:55 +04:00
|
|
|
}
|
|
|
|
|
|
2013-12-26 16:59:28 +04:00
|
|
|
static int dump_one_voiddev(struct ifinfomsg *ifi, char *kind,
|
2014-09-29 12:47:37 +04:00
|
|
|
struct rtattr **tb, struct cr_imgset *fds)
|
2013-12-26 16:59:12 +04:00
|
|
|
{
|
|
|
|
|
if (!strcmp(kind, "venet"))
|
|
|
|
|
/*
|
|
|
|
|
* If we meet a link we know about, such as
|
|
|
|
|
* OpenVZ's venet, save general parameters of
|
|
|
|
|
* it as external link.
|
|
|
|
|
*/
|
|
|
|
|
return dump_one_netdev(ND_TYPE__EXTLINK, ifi, tb, fds, NULL);
|
|
|
|
|
|
2013-12-26 16:59:45 +04:00
|
|
|
return dump_unknown_device(ifi, kind, tb, fds);
|
2013-12-26 16:59:12 +04:00
|
|
|
}
|
|
|
|
|
|
2012-08-02 08:17:27 +04:00
|
|
|
static int dump_one_link(struct nlmsghdr *hdr, void *arg)
|
|
|
|
|
{
|
2014-09-29 12:47:37 +04:00
|
|
|
struct cr_imgset *fds = arg;
|
2012-08-02 08:17:27 +04:00
|
|
|
struct ifinfomsg *ifi;
|
2012-08-10 13:09:03 +04:00
|
|
|
int ret = 0, len = hdr->nlmsg_len - NLMSG_LENGTH(sizeof(*ifi));
|
2012-08-11 22:03:11 +04:00
|
|
|
struct rtattr *tb[IFLA_MAX + 1];
|
2013-12-26 16:59:28 +04:00
|
|
|
char *kind;
|
2012-08-02 08:17:27 +04:00
|
|
|
|
|
|
|
|
ifi = NLMSG_DATA(hdr);
|
2012-08-10 13:09:03 +04:00
|
|
|
|
|
|
|
|
if (len < 0) {
|
|
|
|
|
pr_err("No iflas for link %d\n", ifi->ifi_index);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len);
|
2012-08-02 08:17:27 +04:00
|
|
|
pr_info("\tLD: Got link %d, type %d\n", ifi->ifi_index, ifi->ifi_type);
|
|
|
|
|
|
2013-12-26 16:59:28 +04:00
|
|
|
if (ifi->ifi_type == ARPHRD_LOOPBACK)
|
|
|
|
|
return dump_one_netdev(ND_TYPE__LOOPBACK, ifi, tb, fds, NULL);
|
|
|
|
|
|
|
|
|
|
kind = link_kind(ifi, tb);
|
2013-12-26 16:59:45 +04:00
|
|
|
if (!kind)
|
|
|
|
|
goto unk;
|
2013-12-26 16:59:28 +04:00
|
|
|
|
2012-08-02 08:17:27 +04:00
|
|
|
switch (ifi->ifi_type) {
|
2012-08-10 17:24:11 +04:00
|
|
|
case ARPHRD_ETHER:
|
2013-12-26 16:59:28 +04:00
|
|
|
ret = dump_one_ethernet(ifi, kind, tb, fds);
|
2012-08-10 17:24:11 +04:00
|
|
|
break;
|
2013-08-23 19:02:55 +04:00
|
|
|
case ARPHRD_NONE:
|
2013-12-26 16:59:28 +04:00
|
|
|
ret = dump_one_gendev(ifi, kind, tb, fds);
|
2013-08-23 19:02:55 +04:00
|
|
|
break;
|
2013-10-10 14:31:34 +04:00
|
|
|
case ARPHRD_VOID:
|
2013-12-26 16:59:28 +04:00
|
|
|
ret = dump_one_voiddev(ifi, kind, tb, fds);
|
2013-12-26 16:59:12 +04:00
|
|
|
break;
|
2012-08-02 08:17:27 +04:00
|
|
|
default:
|
2013-12-26 16:59:45 +04:00
|
|
|
unk:
|
|
|
|
|
ret = dump_unknown_device(ifi, kind, tb, fds);
|
2012-08-02 08:17:27 +04:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-29 12:47:37 +04:00
|
|
|
static int dump_links(struct cr_imgset *fds)
|
2012-08-02 08:17:27 +04:00
|
|
|
{
|
|
|
|
|
int sk, ret;
|
|
|
|
|
struct {
|
|
|
|
|
struct nlmsghdr nlh;
|
|
|
|
|
struct rtgenmsg g;
|
|
|
|
|
} req;
|
|
|
|
|
|
2013-09-10 12:45:42 +04:00
|
|
|
pr_info("Dumping netns links\n");
|
|
|
|
|
|
2012-08-02 08:17:27 +04:00
|
|
|
ret = sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
|
|
|
|
|
if (sk < 0) {
|
|
|
|
|
pr_perror("Can't open rtnl sock for net dump");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(&req, 0, sizeof(req));
|
|
|
|
|
req.nlh.nlmsg_len = sizeof(req);
|
|
|
|
|
req.nlh.nlmsg_type = RTM_GETLINK;
|
|
|
|
|
req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;
|
|
|
|
|
req.nlh.nlmsg_pid = 0;
|
|
|
|
|
req.nlh.nlmsg_seq = CR_NLMSG_SEQ;
|
|
|
|
|
req.g.rtgen_family = AF_PACKET;
|
|
|
|
|
|
2015-01-14 17:28:24 +03:00
|
|
|
ret = do_rtnl_req(sk, &req, sizeof(req), dump_one_link, NULL, fds);
|
2012-08-02 08:17:27 +04:00
|
|
|
close(sk);
|
|
|
|
|
out:
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int restore_link_cb(struct nlmsghdr *hdr, void *arg)
|
|
|
|
|
{
|
2013-04-12 13:00:05 -07:00
|
|
|
pr_info("Got response on SETLINK =)\n");
|
2012-08-02 08:17:27 +04:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-10 17:27:36 +04:00
|
|
|
struct newlink_req {
|
|
|
|
|
struct nlmsghdr h;
|
|
|
|
|
struct ifinfomsg i;
|
|
|
|
|
char buf[1024];
|
|
|
|
|
};
|
|
|
|
|
|
2013-08-23 18:46:48 +04:00
|
|
|
static int do_rtm_link_req(int msg_type, NetDeviceEntry *nde, int nlsk,
|
2012-08-10 17:32:56 +04:00
|
|
|
int (*link_info)(NetDeviceEntry *, struct newlink_req *))
|
2012-08-02 08:17:27 +04:00
|
|
|
{
|
2012-08-10 17:27:36 +04:00
|
|
|
struct newlink_req req;
|
2012-08-02 08:17:27 +04:00
|
|
|
|
|
|
|
|
memset(&req, 0, sizeof(req));
|
|
|
|
|
|
|
|
|
|
req.h.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
|
2012-08-10 17:25:42 +04:00
|
|
|
req.h.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK|NLM_F_CREATE;
|
2013-08-23 18:46:48 +04:00
|
|
|
req.h.nlmsg_type = msg_type;
|
2012-08-02 08:17:27 +04:00
|
|
|
req.h.nlmsg_seq = CR_NLMSG_SEQ;
|
|
|
|
|
req.i.ifi_family = AF_PACKET;
|
2013-12-27 16:00:57 +04:00
|
|
|
/*
|
|
|
|
|
* SETLINK is called for external devices which may
|
|
|
|
|
* have ifindex changed. Thus configure them by their
|
|
|
|
|
* name only.
|
|
|
|
|
*/
|
2013-12-26 17:00:55 +04:00
|
|
|
if (msg_type == RTM_NEWLINK)
|
|
|
|
|
req.i.ifi_index = nde->ifindex;
|
2012-08-02 08:17:27 +04:00
|
|
|
req.i.ifi_flags = nde->flags;
|
|
|
|
|
|
2012-08-10 17:31:03 +04:00
|
|
|
addattr_l(&req.h, sizeof(req), IFLA_IFNAME, nde->name, strlen(nde->name));
|
|
|
|
|
addattr_l(&req.h, sizeof(req), IFLA_MTU, &nde->mtu, sizeof(nde->mtu));
|
2012-08-02 08:17:27 +04:00
|
|
|
|
2013-08-24 01:07:33 +04:00
|
|
|
if (nde->has_address) {
|
|
|
|
|
pr_debug("Restore ll addr (%02x:../%d) for device\n",
|
|
|
|
|
(int)nde->address.data[0], (int)nde->address.len);
|
|
|
|
|
addattr_l(&req.h, sizeof(req), IFLA_ADDRESS,
|
|
|
|
|
nde->address.data, nde->address.len);
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-10 17:32:56 +04:00
|
|
|
if (link_info) {
|
|
|
|
|
struct rtattr *linkinfo;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
linkinfo = NLMSG_TAIL(&req.h);
|
|
|
|
|
addattr_l(&req.h, sizeof(req), IFLA_LINKINFO, NULL, 0);
|
|
|
|
|
|
|
|
|
|
ret = link_info(nde, &req);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
linkinfo->rta_len = (void *)NLMSG_TAIL(&req.h) - (void *)linkinfo;
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-14 17:28:24 +03:00
|
|
|
return do_rtnl_req(nlsk, &req, req.h.nlmsg_len, restore_link_cb, NULL, NULL);
|
2012-08-02 08:17:27 +04:00
|
|
|
}
|
|
|
|
|
|
2013-08-23 18:46:48 +04:00
|
|
|
int restore_link_parms(NetDeviceEntry *nde, int nlsk)
|
|
|
|
|
{
|
|
|
|
|
return do_rtm_link_req(RTM_SETLINK, nde, nlsk, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int restore_one_link(NetDeviceEntry *nde, int nlsk,
|
|
|
|
|
int (*link_info)(NetDeviceEntry *, struct newlink_req *))
|
|
|
|
|
{
|
2013-09-18 20:43:59 +04:00
|
|
|
pr_info("Restoring netdev %s idx %d\n", nde->name, nde->ifindex);
|
2013-08-23 18:46:48 +04:00
|
|
|
return do_rtm_link_req(RTM_NEWLINK, nde, nlsk, link_info);
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-10 17:36:00 +04:00
|
|
|
#ifndef VETH_INFO_MAX
|
|
|
|
|
enum {
|
|
|
|
|
VETH_INFO_UNSPEC,
|
|
|
|
|
VETH_INFO_PEER,
|
|
|
|
|
|
|
|
|
|
__VETH_INFO_MAX
|
|
|
|
|
#define VETH_INFO_MAX (__VETH_INFO_MAX - 1)
|
|
|
|
|
};
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-08-10 19:14:36 +04:00
|
|
|
#if IFLA_MAX <= 28
|
|
|
|
|
#define IFLA_NET_NS_FD 28
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-08-10 17:36:00 +04:00
|
|
|
static int veth_link_info(NetDeviceEntry *nde, struct newlink_req *req)
|
|
|
|
|
{
|
|
|
|
|
struct rtattr *veth_data, *peer_data;
|
|
|
|
|
struct ifinfomsg ifm;
|
2012-09-02 01:07:32 +04:00
|
|
|
struct veth_pair *n;
|
2012-08-10 17:36:00 +04:00
|
|
|
|
2012-08-10 19:14:36 +04:00
|
|
|
BUG_ON(ns_fd < 0);
|
|
|
|
|
|
2012-08-10 17:36:00 +04:00
|
|
|
addattr_l(&req->h, sizeof(*req), IFLA_INFO_KIND, "veth", 4);
|
|
|
|
|
|
|
|
|
|
veth_data = NLMSG_TAIL(&req->h);
|
|
|
|
|
addattr_l(&req->h, sizeof(*req), IFLA_INFO_DATA, NULL, 0);
|
|
|
|
|
peer_data = NLMSG_TAIL(&req->h);
|
|
|
|
|
memset(&ifm, 0, sizeof(ifm));
|
|
|
|
|
addattr_l(&req->h, sizeof(*req), VETH_INFO_PEER, &ifm, sizeof(ifm));
|
2012-09-02 01:07:32 +04:00
|
|
|
list_for_each_entry(n, &opts.veth_pairs, node) {
|
|
|
|
|
if (!strcmp(nde->name, n->inside))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (&n->node != &opts.veth_pairs)
|
|
|
|
|
addattr_l(&req->h, sizeof(*req), IFLA_IFNAME, n->outside, strlen(n->outside));
|
2012-08-10 19:14:36 +04:00
|
|
|
addattr_l(&req->h, sizeof(*req), IFLA_NET_NS_FD, &ns_fd, sizeof(ns_fd));
|
2012-08-10 17:36:00 +04:00
|
|
|
peer_data->rta_len = (void *)NLMSG_TAIL(&req->h) - (void *)peer_data;
|
|
|
|
|
veth_data->rta_len = (void *)NLMSG_TAIL(&req->h) - (void *)veth_data;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-02 08:17:27 +04:00
|
|
|
static int restore_link(NetDeviceEntry *nde, int nlsk)
|
|
|
|
|
{
|
2013-09-18 20:43:59 +04:00
|
|
|
pr_info("Restoring link %s type %d\n", nde->name, nde->type);
|
2012-08-02 08:17:27 +04:00
|
|
|
|
|
|
|
|
switch (nde->type) {
|
2013-11-08 16:52:20 +04:00
|
|
|
case ND_TYPE__LOOPBACK: /* fallthrough */
|
|
|
|
|
case ND_TYPE__EXTLINK: /* see comment in protobuf/netdev.proto */
|
2013-10-10 14:31:33 +04:00
|
|
|
return restore_link_parms(nde, nlsk);
|
2012-08-10 17:24:11 +04:00
|
|
|
case ND_TYPE__VETH:
|
2012-08-10 17:36:00 +04:00
|
|
|
return restore_one_link(nde, nlsk, veth_link_info);
|
2013-08-23 19:10:15 +04:00
|
|
|
case ND_TYPE__TUN:
|
|
|
|
|
return restore_one_tun(nde, nlsk);
|
2013-02-11 17:14:20 +04:00
|
|
|
default:
|
|
|
|
|
pr_err("Unsupported link type %d\n", nde->type);
|
|
|
|
|
break;
|
2012-08-02 08:17:27 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int restore_links(int pid)
|
|
|
|
|
{
|
2014-09-29 12:48:53 +04:00
|
|
|
int nlsk, ret;
|
|
|
|
|
struct cr_img *img;
|
2012-08-02 08:17:27 +04:00
|
|
|
NetDeviceEntry *nde;
|
|
|
|
|
|
2014-09-29 12:48:53 +04:00
|
|
|
img = open_image(CR_FD_NETDEV, O_RSTR, pid);
|
|
|
|
|
if (!img)
|
2012-08-02 08:17:27 +04:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
nlsk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
|
|
|
|
|
if (nlsk < 0) {
|
|
|
|
|
pr_perror("Can't create nlk socket");
|
2014-09-29 12:48:53 +04:00
|
|
|
close_image(img);
|
2012-08-02 08:17:27 +04:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (1) {
|
2014-09-29 12:48:53 +04:00
|
|
|
ret = pb_read_one_eof(img, &nde, PB_NETDEV);
|
2012-08-02 08:17:27 +04:00
|
|
|
if (ret <= 0)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
ret = restore_link(nde, nlsk);
|
|
|
|
|
net_device_entry__free_unpacked(nde, NULL);
|
|
|
|
|
if (ret)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
close(nlsk);
|
2014-09-29 12:48:53 +04:00
|
|
|
close_image(img);
|
2012-08-02 08:17:27 +04:00
|
|
|
return ret;
|
|
|
|
|
}
|
2012-08-02 08:06:29 +04:00
|
|
|
|
2012-08-02 08:26:43 +04:00
|
|
|
static int run_ip_tool(char *arg1, char *arg2, int fdin, int fdout)
|
2012-08-02 08:21:19 +04:00
|
|
|
{
|
2012-09-28 14:09:58 +04:00
|
|
|
char *ip_tool_cmd;
|
|
|
|
|
int ret;
|
2012-08-02 08:21:19 +04:00
|
|
|
|
|
|
|
|
pr_debug("\tRunning ip %s %s\n", arg1, arg2);
|
|
|
|
|
|
2012-09-28 14:09:58 +04:00
|
|
|
ip_tool_cmd = getenv("CR_IP_TOOL");
|
|
|
|
|
if (!ip_tool_cmd)
|
|
|
|
|
ip_tool_cmd = "ip";
|
2012-08-02 08:21:19 +04:00
|
|
|
|
2012-09-28 14:09:58 +04:00
|
|
|
ret = cr_system(fdin, fdout, -1, ip_tool_cmd,
|
|
|
|
|
(char *[]) { "ip", arg1, arg2, NULL });
|
|
|
|
|
if (ret) {
|
|
|
|
|
pr_err("IP tool failed on %s %s\n", arg1, arg2);
|
2012-08-02 08:21:19 +04:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-04 02:51:33 +04:00
|
|
|
static int run_iptables_tool(char *def_cmd, int fdin, int fdout)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
char *cmd;
|
|
|
|
|
|
|
|
|
|
cmd = getenv("CR_IPTABLES");
|
|
|
|
|
if (!cmd)
|
|
|
|
|
cmd = def_cmd;
|
|
|
|
|
pr_debug("\tRunning %s for %s\n", cmd, def_cmd);
|
|
|
|
|
ret = cr_system(fdin, fdout, -1, "sh", (char *[]) { "sh", "-c", cmd, NULL });
|
|
|
|
|
if (ret)
|
|
|
|
|
pr_err("%s failed\n", def_cmd);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-29 12:47:37 +04:00
|
|
|
static inline int dump_ifaddr(struct cr_imgset *fds)
|
2012-08-02 08:26:43 +04:00
|
|
|
{
|
2014-09-29 12:48:53 +04:00
|
|
|
struct cr_img *img = img_from_set(fds, CR_FD_IFADDR);
|
|
|
|
|
return run_ip_tool("addr", "save", -1, img_raw_fd(img));
|
2012-08-02 08:26:43 +04:00
|
|
|
}
|
|
|
|
|
|
2014-09-29 12:47:37 +04:00
|
|
|
static inline int dump_route(struct cr_imgset *fds)
|
2012-08-02 08:31:46 +04:00
|
|
|
{
|
2014-09-29 12:48:53 +04:00
|
|
|
struct cr_img *img = img_from_set(fds, CR_FD_ROUTE);
|
|
|
|
|
return run_ip_tool("route", "save", -1, img_raw_fd(img));
|
2012-08-02 08:31:46 +04:00
|
|
|
}
|
|
|
|
|
|
2014-09-29 12:47:37 +04:00
|
|
|
static inline int dump_iptables(struct cr_imgset *fds)
|
2013-10-04 02:51:33 +04:00
|
|
|
{
|
2014-09-29 12:48:53 +04:00
|
|
|
struct cr_img *img = img_from_set(fds, CR_FD_IPTABLES);
|
|
|
|
|
return run_iptables_tool("iptables-save", -1, img_raw_fd(img));
|
2013-10-04 02:51:33 +04:00
|
|
|
}
|
|
|
|
|
|
2012-08-02 08:26:43 +04:00
|
|
|
static int restore_ip_dump(int type, int pid, char *cmd)
|
|
|
|
|
{
|
2014-09-29 12:48:53 +04:00
|
|
|
int ret = -1;
|
|
|
|
|
struct cr_img *img;
|
2012-08-02 08:26:43 +04:00
|
|
|
|
2014-09-29 12:48:53 +04:00
|
|
|
img = open_image(type, O_RSTR, pid);
|
|
|
|
|
if (img) {
|
|
|
|
|
ret = run_ip_tool(cmd, "restore", img_raw_fd(img), -1);
|
|
|
|
|
close_image(img);
|
2012-08-02 08:26:43 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline int restore_ifaddr(int pid)
|
|
|
|
|
{
|
|
|
|
|
return restore_ip_dump(CR_FD_IFADDR, pid, "addr");
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-02 08:31:46 +04:00
|
|
|
static inline int restore_route(int pid)
|
|
|
|
|
{
|
|
|
|
|
return restore_ip_dump(CR_FD_ROUTE, pid, "route");
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-04 02:51:33 +04:00
|
|
|
static inline int restore_iptables(int pid)
|
|
|
|
|
{
|
2014-09-29 12:48:53 +04:00
|
|
|
int ret = -1;
|
|
|
|
|
struct cr_img *img;
|
2013-10-04 02:51:33 +04:00
|
|
|
|
2014-09-29 12:48:53 +04:00
|
|
|
img = open_image(CR_FD_IPTABLES, O_RSTR, pid);
|
|
|
|
|
if (img) {
|
|
|
|
|
ret = run_iptables_tool("iptables-restore", img_raw_fd(img), -1);
|
|
|
|
|
close_image(img);
|
2013-10-04 02:51:33 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-17 01:30:48 +04:00
|
|
|
static int mount_ns_sysfs(void)
|
|
|
|
|
{
|
|
|
|
|
char sys_mount[] = "crtools-sys.XXXXXX";
|
|
|
|
|
|
|
|
|
|
BUG_ON(ns_sysfs_fd != -1);
|
|
|
|
|
|
2013-08-29 17:46:28 +04:00
|
|
|
/*
|
|
|
|
|
* A new mntns is required to avoid the race between
|
|
|
|
|
* open_detach_mount and creating mntns.
|
|
|
|
|
*/
|
|
|
|
|
if (unshare(CLONE_NEWNS)) {
|
|
|
|
|
pr_perror("Can't create new mount namespace");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL)) {
|
|
|
|
|
pr_perror("Can't mark the root mount as private");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-17 01:30:48 +04:00
|
|
|
if (mkdtemp(sys_mount) == NULL) {
|
|
|
|
|
pr_perror("mkdtemp failed %s", sys_mount);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The setns() is called, so we're in proper context,
|
|
|
|
|
* no need in pulling the mountpoint from parasite.
|
|
|
|
|
*/
|
|
|
|
|
pr_info("Mount ns' sysfs in %s\n", sys_mount);
|
|
|
|
|
if (mount("sysfs", sys_mount, "sysfs", MS_MGC_VAL, NULL)) {
|
|
|
|
|
pr_perror("mount failed");
|
|
|
|
|
rmdir(sys_mount);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ns_sysfs_fd = open_detach_mount(sys_mount);
|
|
|
|
|
return ns_sysfs_fd >= 0 ? 0 : -1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-22 16:27:00 +04:00
|
|
|
int dump_net_ns(int ns_id)
|
2012-08-02 08:06:29 +04:00
|
|
|
{
|
2014-09-29 12:47:37 +04:00
|
|
|
struct cr_imgset *fds;
|
2012-08-02 08:06:29 +04:00
|
|
|
int ret;
|
|
|
|
|
|
2014-09-29 12:47:37 +04:00
|
|
|
fds = cr_imgset_open(ns_id, NETNS, O_DUMP);
|
2013-09-30 17:16:46 +04:00
|
|
|
if (fds == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2014-09-22 16:27:00 +04:00
|
|
|
ret = mount_ns_sysfs();
|
2012-08-02 08:17:27 +04:00
|
|
|
if (!ret)
|
|
|
|
|
ret = dump_links(fds);
|
2012-08-02 08:26:43 +04:00
|
|
|
if (!ret)
|
|
|
|
|
ret = dump_ifaddr(fds);
|
2012-08-02 08:31:46 +04:00
|
|
|
if (!ret)
|
|
|
|
|
ret = dump_route(fds);
|
2013-10-04 02:51:33 +04:00
|
|
|
if (!ret)
|
|
|
|
|
ret = dump_iptables(fds);
|
2012-08-02 08:06:29 +04:00
|
|
|
|
2013-08-17 01:30:48 +04:00
|
|
|
close(ns_sysfs_fd);
|
|
|
|
|
ns_sysfs_fd = -1;
|
|
|
|
|
|
2014-09-29 12:47:37 +04:00
|
|
|
close_cr_imgset(&fds);
|
2012-08-02 08:06:29 +04:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int prepare_net_ns(int pid)
|
|
|
|
|
{
|
2012-08-02 08:17:27 +04:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
ret = restore_links(pid);
|
2012-08-02 08:26:43 +04:00
|
|
|
if (!ret)
|
|
|
|
|
ret = restore_ifaddr(pid);
|
2012-08-02 08:31:46 +04:00
|
|
|
if (!ret)
|
|
|
|
|
ret = restore_route(pid);
|
2013-10-04 02:51:33 +04:00
|
|
|
if (!ret)
|
|
|
|
|
ret = restore_iptables(pid);
|
2012-08-02 08:17:27 +04:00
|
|
|
|
2012-08-10 19:14:36 +04:00
|
|
|
close(ns_fd);
|
|
|
|
|
|
2012-08-02 08:17:27 +04:00
|
|
|
return ret;
|
2012-08-02 08:06:29 +04:00
|
|
|
}
|
2012-08-10 19:14:36 +04:00
|
|
|
|
|
|
|
|
int netns_pre_create(void)
|
|
|
|
|
{
|
2014-03-22 20:14:00 +04:00
|
|
|
ns_fd = open("/proc/self/ns/net", O_RDONLY | O_CLOEXEC);
|
2012-08-10 19:14:36 +04:00
|
|
|
if (ns_fd < 0) {
|
|
|
|
|
pr_perror("Can't cache net fd");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pr_info("Saved netns fd for links restore\n");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2012-09-17 20:05:55 +04:00
|
|
|
|
|
|
|
|
int network_lock(void)
|
|
|
|
|
{
|
|
|
|
|
pr_info("Lock network\n");
|
|
|
|
|
|
|
|
|
|
/* Each connection will be locked on dump */
|
2014-04-21 18:23:22 +04:00
|
|
|
if (!(root_ns_mask & CLONE_NEWNET))
|
2012-09-17 20:05:55 +04:00
|
|
|
return 0;
|
|
|
|
|
|
2014-09-03 23:43:46 +04:00
|
|
|
return run_scripts(ACT_NET_LOCK);
|
2012-09-17 20:05:55 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void network_unlock(void)
|
|
|
|
|
{
|
|
|
|
|
pr_info("Unlock network\n");
|
|
|
|
|
|
2013-10-31 20:12:55 +04:00
|
|
|
cpt_unlock_tcp_connections();
|
|
|
|
|
rst_unlock_tcp_connections();
|
2012-09-17 20:05:55 +04:00
|
|
|
|
2014-04-21 18:23:22 +04:00
|
|
|
if (root_ns_mask & CLONE_NEWNET)
|
2014-09-03 23:43:46 +04:00
|
|
|
run_scripts(ACT_NET_UNLOCK);
|
2012-09-17 20:05:55 +04:00
|
|
|
}
|
|
|
|
|
|
2014-02-11 23:53:40 +04:00
|
|
|
int veth_pair_add(char *in, char *out)
|
|
|
|
|
{
|
2015-01-12 14:54:18 +03:00
|
|
|
char *aux;
|
2014-02-11 23:53:40 +04:00
|
|
|
struct veth_pair *n;
|
|
|
|
|
|
|
|
|
|
n = xmalloc(sizeof(*n));
|
|
|
|
|
if (n == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
n->inside = in;
|
|
|
|
|
n->outside = out;
|
2015-01-12 14:54:18 +03:00
|
|
|
/*
|
|
|
|
|
* Does the out string specify a bridge for
|
|
|
|
|
* moving the outside end of the veth pair to?
|
|
|
|
|
*/
|
|
|
|
|
aux = strrchr(out, '@');
|
|
|
|
|
if (aux) {
|
|
|
|
|
*aux++ = '\0';
|
|
|
|
|
n->bridge = aux;
|
|
|
|
|
} else {
|
|
|
|
|
n->bridge = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-11 23:53:40 +04:00
|
|
|
list_add(&n->node, &opts.veth_pairs);
|
2015-01-12 14:54:18 +03:00
|
|
|
if (n->bridge)
|
|
|
|
|
pr_debug("Added %s:%s@%s veth map\n", in, out, aux);
|
|
|
|
|
else
|
|
|
|
|
pr_debug("Added %s:%s veth map\n", in, out);
|
2014-02-11 23:53:40 +04:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-29 22:04:25 +04:00
|
|
|
/*
|
|
|
|
|
* The setns() syscall (called by switch_ns()) can be extremely
|
|
|
|
|
* slow. If we call it two or more times from the same task the
|
|
|
|
|
* kernel will synchonously go on a very slow routine called
|
|
|
|
|
* synchronize_rcu() trying to put a reference on old namespaces.
|
|
|
|
|
*
|
|
|
|
|
* To avoid doing this more than once we pre-create all the
|
|
|
|
|
* needed other-ns sockets in advance.
|
|
|
|
|
*/
|
|
|
|
|
|
2014-10-01 16:15:00 +04:00
|
|
|
static int prep_ns_sockets(struct ns_id *ns, bool for_dump)
|
2014-09-29 22:04:25 +04:00
|
|
|
{
|
|
|
|
|
int nsret = -1, ret;
|
|
|
|
|
|
|
|
|
|
if (ns->pid != getpid()) {
|
|
|
|
|
pr_info("Switching to %d's net for collecting sockets\n", ns->pid);
|
|
|
|
|
if (switch_ns(ns->pid, &net_ns_desc, &nsret))
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-01 16:15:00 +04:00
|
|
|
if (for_dump) {
|
|
|
|
|
ret = ns->net.nlsk = socket(PF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
pr_perror("Can't create sock diag socket");
|
|
|
|
|
goto err_nl;
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
ns->net.nlsk = -1;
|
2014-09-29 22:04:25 +04:00
|
|
|
|
2014-09-29 22:05:43 +04:00
|
|
|
ret = ns->net.seqsk = socket(PF_UNIX, SOCK_SEQPACKET, 0);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
pr_perror("Can't create seqsk for parasite");
|
|
|
|
|
goto err_sq;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-29 22:04:25 +04:00
|
|
|
ret = 0;
|
|
|
|
|
out:
|
|
|
|
|
if (nsret >= 0 && restore_ns(nsret, &net_ns_desc) < 0) {
|
|
|
|
|
nsret = -1;
|
|
|
|
|
if (ret == 0)
|
|
|
|
|
goto err_ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
err_ret:
|
2014-09-29 22:05:43 +04:00
|
|
|
close(ns->net.seqsk);
|
|
|
|
|
err_sq:
|
2014-10-01 16:15:00 +04:00
|
|
|
if (ns->net.nlsk >= 0)
|
|
|
|
|
close(ns->net.nlsk);
|
2014-09-29 22:04:25 +04:00
|
|
|
err_nl:
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-09 17:43:03 +04:00
|
|
|
static int collect_net_ns(struct ns_id *ns, void *oarg)
|
2014-09-29 22:04:11 +04:00
|
|
|
{
|
2014-10-09 17:43:03 +04:00
|
|
|
bool for_dump = (oarg == (void *)1);
|
2014-09-29 22:04:25 +04:00
|
|
|
int ret;
|
|
|
|
|
|
2014-09-29 22:04:11 +04:00
|
|
|
pr_info("Collecting netns %d/%d\n", ns->id, ns->pid);
|
2014-10-01 16:15:00 +04:00
|
|
|
ret = prep_ns_sockets(ns, for_dump);
|
2014-09-29 22:04:25 +04:00
|
|
|
if (ret)
|
|
|
|
|
return ret;
|
|
|
|
|
|
2014-10-01 16:15:00 +04:00
|
|
|
if (!for_dump)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2014-09-29 22:04:25 +04:00
|
|
|
return collect_sockets(ns);
|
2014-09-29 22:04:11 +04:00
|
|
|
}
|
|
|
|
|
|
2014-10-01 16:15:00 +04:00
|
|
|
int collect_net_namespaces(bool for_dump)
|
2014-09-29 22:03:55 +04:00
|
|
|
{
|
2015-04-07 23:37:16 +00:00
|
|
|
return walk_namespaces(&net_ns_desc, false, collect_net_ns,
|
2014-10-09 17:43:03 +04:00
|
|
|
(void *)(for_dump ? 1UL : 0));
|
2014-09-29 22:03:55 +04:00
|
|
|
}
|
|
|
|
|
|
2013-05-20 13:30:17 +04:00
|
|
|
struct ns_desc net_ns_desc = NS_DESC_ENTRY(CLONE_NEWNET, "net");
|
2015-01-12 14:54:18 +03:00
|
|
|
|
|
|
|
|
int move_veth_to_bridge(void)
|
|
|
|
|
{
|
|
|
|
|
int s;
|
|
|
|
|
int ret;
|
|
|
|
|
struct veth_pair *n;
|
|
|
|
|
struct ifreq ifr;
|
|
|
|
|
|
|
|
|
|
s = -1;
|
|
|
|
|
ret = 0;
|
|
|
|
|
list_for_each_entry(n, &opts.veth_pairs, node) {
|
|
|
|
|
if (n->bridge == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
pr_debug("\tMoving dev %s to bridge %s\n", n->outside, n->bridge);
|
|
|
|
|
|
|
|
|
|
if (s == -1) {
|
|
|
|
|
s = socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0);
|
|
|
|
|
if (s < 0) {
|
|
|
|
|
pr_perror("Can't create control socket");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Add the device to the bridge. This is equivalent to:
|
|
|
|
|
* $ brctl addif <bridge> <device>
|
|
|
|
|
*/
|
|
|
|
|
ifr.ifr_ifindex = if_nametoindex(n->outside);
|
|
|
|
|
if (ifr.ifr_ifindex == 0) {
|
|
|
|
|
pr_perror("Can't get index of %s", n->outside);
|
|
|
|
|
ret = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
strncpy(ifr.ifr_name, n->bridge, IFNAMSIZ);
|
|
|
|
|
ret = ioctl(s, SIOCBRADDIF, &ifr);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
pr_perror("Can't add interface %s to bridge %s",
|
|
|
|
|
n->outside, n->bridge);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make sure the device is up. This is equivalent to:
|
|
|
|
|
* $ ip link set dev <device> up
|
|
|
|
|
*/
|
|
|
|
|
ifr.ifr_ifindex = 0;
|
|
|
|
|
strncpy(ifr.ifr_name, n->outside, IFNAMSIZ);
|
|
|
|
|
ret = ioctl(s, SIOCGIFFLAGS, &ifr);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
pr_perror("Can't get flags of interface %s", n->outside);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (ifr.ifr_flags & IFF_UP)
|
|
|
|
|
continue;
|
|
|
|
|
ifr.ifr_flags |= IFF_UP;
|
|
|
|
|
ret = ioctl(s, SIOCSIFFLAGS, &ifr);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
pr_perror("Can't set flags of interface %s to 0x%x",
|
|
|
|
|
n->outside, ifr.ifr_flags);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (s >= 0)
|
|
|
|
|
close(s);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
