]>
Commit | Line | Data |
---|---|---|
0dc34c77 EB |
1 | #define _ATFILE_SOURCE |
2 | #include <sys/types.h> | |
3 | #include <sys/stat.h> | |
4 | #include <sys/wait.h> | |
5 | #include <sys/inotify.h> | |
6 | #include <sys/mount.h> | |
7 | #include <sys/param.h> | |
8 | #include <sys/syscall.h> | |
9 | #include <stdio.h> | |
10 | #include <string.h> | |
11 | #include <sched.h> | |
12 | #include <fcntl.h> | |
13 | #include <dirent.h> | |
14 | #include <errno.h> | |
15 | #include <unistd.h> | |
9a7b3d91 | 16 | #include <ctype.h> |
0dc34c77 EB |
17 | |
18 | #include "utils.h" | |
19 | #include "ip_common.h" | |
20 | ||
21 | #define NETNS_RUN_DIR "/var/run/netns" | |
22 | #define NETNS_ETC_DIR "/etc/netns" | |
23 | ||
24 | #ifndef CLONE_NEWNET | |
25 | #define CLONE_NEWNET 0x40000000 /* New network namespace (lo, device, names sockets, etc) */ | |
26 | #endif | |
27 | ||
28 | #ifndef MNT_DETACH | |
29 | #define MNT_DETACH 0x00000002 /* Just detach from the tree */ | |
30 | #endif /* MNT_DETACH */ | |
31 | ||
03fdb011 SH |
32 | /* sys/mount.h may be out too old to have these */ |
33 | #ifndef MS_REC | |
34 | #define MS_REC 16384 | |
35 | #endif | |
36 | ||
37 | #ifndef MS_SLAVE | |
38 | #define MS_SLAVE (1 << 19) | |
39 | #endif | |
40 | ||
41 | #ifndef MS_SHARED | |
42 | #define MS_SHARED (1 << 20) | |
43 | #endif | |
44 | ||
2e8a07f5 | 45 | #ifndef HAVE_SETNS |
0dc34c77 EB |
46 | static int setns(int fd, int nstype) |
47 | { | |
48 | #ifdef __NR_setns | |
49 | return syscall(__NR_setns, fd, nstype); | |
50 | #else | |
51 | errno = ENOSYS; | |
52 | return -1; | |
53 | #endif | |
54 | } | |
2e8a07f5 | 55 | #endif /* HAVE_SETNS */ |
0dc34c77 | 56 | |
8e2d47dc | 57 | static int usage(void) |
0dc34c77 EB |
58 | { |
59 | fprintf(stderr, "Usage: ip netns list\n"); | |
60 | fprintf(stderr, " ip netns add NAME\n"); | |
61 | fprintf(stderr, " ip netns delete NAME\n"); | |
9a7b3d91 EB |
62 | fprintf(stderr, " ip netns identify PID\n"); |
63 | fprintf(stderr, " ip netns pids NAME\n"); | |
0dc34c77 EB |
64 | fprintf(stderr, " ip netns exec NAME cmd ...\n"); |
65 | fprintf(stderr, " ip netns monitor\n"); | |
a05f6511 | 66 | exit(-1); |
0dc34c77 EB |
67 | } |
68 | ||
69 | int get_netns_fd(const char *name) | |
70 | { | |
71 | char pathbuf[MAXPATHLEN]; | |
72 | const char *path, *ptr; | |
73 | ||
74 | path = name; | |
75 | ptr = strchr(name, '/'); | |
76 | if (!ptr) { | |
77 | snprintf(pathbuf, sizeof(pathbuf), "%s/%s", | |
78 | NETNS_RUN_DIR, name ); | |
79 | path = pathbuf; | |
80 | } | |
81 | return open(path, O_RDONLY); | |
82 | } | |
83 | ||
84 | static int netns_list(int argc, char **argv) | |
85 | { | |
86 | struct dirent *entry; | |
87 | DIR *dir; | |
88 | ||
89 | dir = opendir(NETNS_RUN_DIR); | |
90 | if (!dir) | |
a05f6511 | 91 | return 0; |
0dc34c77 EB |
92 | |
93 | while ((entry = readdir(dir)) != NULL) { | |
94 | if (strcmp(entry->d_name, ".") == 0) | |
95 | continue; | |
96 | if (strcmp(entry->d_name, "..") == 0) | |
97 | continue; | |
98 | printf("%s\n", entry->d_name); | |
99 | } | |
100 | closedir(dir); | |
a05f6511 | 101 | return 0; |
0dc34c77 EB |
102 | } |
103 | ||
104 | static void bind_etc(const char *name) | |
105 | { | |
106 | char etc_netns_path[MAXPATHLEN]; | |
107 | char netns_name[MAXPATHLEN]; | |
108 | char etc_name[MAXPATHLEN]; | |
109 | struct dirent *entry; | |
110 | DIR *dir; | |
111 | ||
112 | snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name); | |
113 | dir = opendir(etc_netns_path); | |
114 | if (!dir) | |
115 | return; | |
116 | ||
117 | while ((entry = readdir(dir)) != NULL) { | |
118 | if (strcmp(entry->d_name, ".") == 0) | |
119 | continue; | |
120 | if (strcmp(entry->d_name, "..") == 0) | |
121 | continue; | |
122 | snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name); | |
123 | snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name); | |
124 | if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) { | |
125 | fprintf(stderr, "Bind %s -> %s failed: %s\n", | |
126 | netns_name, etc_name, strerror(errno)); | |
127 | } | |
128 | } | |
129 | closedir(dir); | |
130 | } | |
131 | ||
132 | static int netns_exec(int argc, char **argv) | |
133 | { | |
134 | /* Setup the proper environment for apps that are not netns | |
135 | * aware, and execute a program in that environment. | |
136 | */ | |
137 | const char *name, *cmd; | |
138 | char net_path[MAXPATHLEN]; | |
139 | int netns; | |
140 | ||
141 | if (argc < 1) { | |
142 | fprintf(stderr, "No netns name specified\n"); | |
a05f6511 | 143 | return -1; |
0dc34c77 EB |
144 | } |
145 | if (argc < 2) { | |
14645ec2 | 146 | fprintf(stderr, "No command specified\n"); |
a05f6511 | 147 | return -1; |
0dc34c77 | 148 | } |
a05f6511 | 149 | |
0dc34c77 EB |
150 | name = argv[0]; |
151 | cmd = argv[1]; | |
152 | snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name); | |
bcb9d403 | 153 | netns = open(net_path, O_RDONLY | O_CLOEXEC); |
0dc34c77 | 154 | if (netns < 0) { |
14645ec2 | 155 | fprintf(stderr, "Cannot open network namespace \"%s\": %s\n", |
4395d48c | 156 | name, strerror(errno)); |
a05f6511 | 157 | return -1; |
0dc34c77 | 158 | } |
a05f6511 | 159 | |
0dc34c77 | 160 | if (setns(netns, CLONE_NEWNET) < 0) { |
14645ec2 KR |
161 | fprintf(stderr, "seting the network namespace \"%s\" failed: %s\n", |
162 | name, strerror(errno)); | |
a05f6511 | 163 | return -1; |
0dc34c77 EB |
164 | } |
165 | ||
166 | if (unshare(CLONE_NEWNS) < 0) { | |
167 | fprintf(stderr, "unshare failed: %s\n", strerror(errno)); | |
a05f6511 | 168 | return -1; |
0dc34c77 | 169 | } |
d259f030 | 170 | /* Don't let any mounts propagate back to the parent */ |
144e6ce1 | 171 | if (mount("", "/", "none", MS_SLAVE | MS_REC, NULL)) { |
14645ec2 | 172 | fprintf(stderr, "\"mount --make-rslave /\" failed: %s\n", |
144e6ce1 | 173 | strerror(errno)); |
a05f6511 | 174 | return -1; |
144e6ce1 | 175 | } |
0dc34c77 EB |
176 | /* Mount a version of /sys that describes the network namespace */ |
177 | if (umount2("/sys", MNT_DETACH) < 0) { | |
178 | fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno)); | |
a05f6511 | 179 | return -1; |
0dc34c77 EB |
180 | } |
181 | if (mount(name, "/sys", "sysfs", 0, NULL) < 0) { | |
182 | fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno)); | |
a05f6511 | 183 | return -1; |
0dc34c77 EB |
184 | } |
185 | ||
186 | /* Setup bind mounts for config files in /etc */ | |
187 | bind_etc(name); | |
188 | ||
95592b47 J |
189 | fflush(stdout); |
190 | ||
a3aa47a5 | 191 | if (batch_mode) { |
95592b47 J |
192 | int status; |
193 | pid_t pid; | |
194 | ||
195 | pid = fork(); | |
196 | if (pid < 0) { | |
197 | perror("fork"); | |
a05f6511 | 198 | exit(1); |
95592b47 J |
199 | } |
200 | ||
201 | if (pid != 0) { | |
202 | /* Parent */ | |
203 | if (waitpid(pid, &status, 0) < 0) { | |
204 | perror("waitpid"); | |
a05f6511 | 205 | exit(1); |
95592b47 J |
206 | } |
207 | ||
3c61c01a ND |
208 | if (WIFEXITED(status)) { |
209 | /* ip must return the status of the child, | |
210 | * but do_cmd() will add a minus to this, | |
211 | * so let's add another one here to cancel it. | |
212 | */ | |
213 | return -WEXITSTATUS(status); | |
214 | } | |
95592b47 | 215 | |
3c61c01a | 216 | exit(1); |
95592b47 J |
217 | } |
218 | } | |
219 | ||
0dc34c77 | 220 | if (execvp(cmd, argv + 1) < 0) |
14645ec2 | 221 | fprintf(stderr, "exec of \"%s\" failed: %s\n", |
0dc34c77 | 222 | cmd, strerror(errno)); |
a05f6511 | 223 | _exit(1); |
0dc34c77 EB |
224 | } |
225 | ||
9a7b3d91 EB |
226 | static int is_pid(const char *str) |
227 | { | |
228 | int ch; | |
229 | for (; (ch = *str); str++) { | |
230 | if (!isdigit(ch)) | |
231 | return 0; | |
232 | } | |
233 | return 1; | |
234 | } | |
235 | ||
236 | static int netns_pids(int argc, char **argv) | |
237 | { | |
238 | const char *name; | |
239 | char net_path[MAXPATHLEN]; | |
240 | int netns; | |
241 | struct stat netst; | |
242 | DIR *dir; | |
243 | struct dirent *entry; | |
244 | ||
245 | if (argc < 1) { | |
246 | fprintf(stderr, "No netns name specified\n"); | |
a05f6511 | 247 | return -1; |
9a7b3d91 EB |
248 | } |
249 | if (argc > 1) { | |
250 | fprintf(stderr, "extra arguments specified\n"); | |
a05f6511 | 251 | return -1; |
9a7b3d91 EB |
252 | } |
253 | ||
254 | name = argv[0]; | |
255 | snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name); | |
256 | netns = open(net_path, O_RDONLY); | |
257 | if (netns < 0) { | |
258 | fprintf(stderr, "Cannot open network namespace: %s\n", | |
259 | strerror(errno)); | |
a05f6511 | 260 | return -1; |
9a7b3d91 EB |
261 | } |
262 | if (fstat(netns, &netst) < 0) { | |
263 | fprintf(stderr, "Stat of netns failed: %s\n", | |
264 | strerror(errno)); | |
a05f6511 | 265 | return -1; |
9a7b3d91 EB |
266 | } |
267 | dir = opendir("/proc/"); | |
268 | if (!dir) { | |
269 | fprintf(stderr, "Open of /proc failed: %s\n", | |
270 | strerror(errno)); | |
a05f6511 | 271 | return -1; |
9a7b3d91 EB |
272 | } |
273 | while((entry = readdir(dir))) { | |
274 | char pid_net_path[MAXPATHLEN]; | |
275 | struct stat st; | |
276 | if (!is_pid(entry->d_name)) | |
277 | continue; | |
278 | snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%s/ns/net", | |
279 | entry->d_name); | |
280 | if (stat(pid_net_path, &st) != 0) | |
281 | continue; | |
282 | if ((st.st_dev == netst.st_dev) && | |
283 | (st.st_ino == netst.st_ino)) { | |
284 | printf("%s\n", entry->d_name); | |
285 | } | |
286 | } | |
287 | closedir(dir); | |
a05f6511 | 288 | return 0; |
9a7b3d91 EB |
289 | |
290 | } | |
291 | ||
292 | static int netns_identify(int argc, char **argv) | |
293 | { | |
294 | const char *pidstr; | |
295 | char net_path[MAXPATHLEN]; | |
296 | int netns; | |
297 | struct stat netst; | |
298 | DIR *dir; | |
299 | struct dirent *entry; | |
300 | ||
301 | if (argc < 1) { | |
302 | fprintf(stderr, "No pid specified\n"); | |
a05f6511 | 303 | return -1; |
9a7b3d91 EB |
304 | } |
305 | if (argc > 1) { | |
306 | fprintf(stderr, "extra arguments specified\n"); | |
a05f6511 | 307 | return -1; |
9a7b3d91 EB |
308 | } |
309 | pidstr = argv[0]; | |
310 | ||
311 | if (!is_pid(pidstr)) { | |
312 | fprintf(stderr, "Specified string '%s' is not a pid\n", | |
313 | pidstr); | |
a05f6511 | 314 | return -1; |
9a7b3d91 EB |
315 | } |
316 | ||
317 | snprintf(net_path, sizeof(net_path), "/proc/%s/ns/net", pidstr); | |
318 | netns = open(net_path, O_RDONLY); | |
319 | if (netns < 0) { | |
320 | fprintf(stderr, "Cannot open network namespace: %s\n", | |
321 | strerror(errno)); | |
a05f6511 | 322 | return -1; |
9a7b3d91 EB |
323 | } |
324 | if (fstat(netns, &netst) < 0) { | |
325 | fprintf(stderr, "Stat of netns failed: %s\n", | |
326 | strerror(errno)); | |
a05f6511 | 327 | return -1; |
9a7b3d91 EB |
328 | } |
329 | dir = opendir(NETNS_RUN_DIR); | |
330 | if (!dir) { | |
331 | /* Succeed treat a missing directory as an empty directory */ | |
332 | if (errno == ENOENT) | |
a05f6511 | 333 | return 0; |
9a7b3d91 EB |
334 | |
335 | fprintf(stderr, "Failed to open directory %s:%s\n", | |
336 | NETNS_RUN_DIR, strerror(errno)); | |
a05f6511 | 337 | return -1; |
9a7b3d91 EB |
338 | } |
339 | ||
340 | while((entry = readdir(dir))) { | |
341 | char name_path[MAXPATHLEN]; | |
342 | struct stat st; | |
343 | ||
344 | if (strcmp(entry->d_name, ".") == 0) | |
345 | continue; | |
346 | if (strcmp(entry->d_name, "..") == 0) | |
347 | continue; | |
348 | ||
349 | snprintf(name_path, sizeof(name_path), "%s/%s", NETNS_RUN_DIR, | |
350 | entry->d_name); | |
351 | ||
352 | if (stat(name_path, &st) != 0) | |
353 | continue; | |
354 | ||
355 | if ((st.st_dev == netst.st_dev) && | |
356 | (st.st_ino == netst.st_ino)) { | |
357 | printf("%s\n", entry->d_name); | |
358 | } | |
359 | } | |
360 | closedir(dir); | |
a05f6511 | 361 | return 0; |
9a7b3d91 EB |
362 | |
363 | } | |
364 | ||
0dc34c77 EB |
365 | static int netns_delete(int argc, char **argv) |
366 | { | |
367 | const char *name; | |
368 | char netns_path[MAXPATHLEN]; | |
369 | ||
370 | if (argc < 1) { | |
371 | fprintf(stderr, "No netns name specified\n"); | |
a05f6511 | 372 | return -1; |
0dc34c77 EB |
373 | } |
374 | ||
375 | name = argv[0]; | |
376 | snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name); | |
377 | umount2(netns_path, MNT_DETACH); | |
378 | if (unlink(netns_path) < 0) { | |
14645ec2 | 379 | fprintf(stderr, "Cannot remove namespace file \"%s\": %s\n", |
0dc34c77 | 380 | netns_path, strerror(errno)); |
a05f6511 | 381 | return -1; |
0dc34c77 | 382 | } |
a05f6511 | 383 | return 0; |
0dc34c77 EB |
384 | } |
385 | ||
386 | static int netns_add(int argc, char **argv) | |
387 | { | |
388 | /* This function creates a new network namespace and | |
389 | * a new mount namespace and bind them into a well known | |
390 | * location in the filesystem based on the name provided. | |
391 | * | |
392 | * The mount namespace is created so that any necessary | |
393 | * userspace tweaks like remounting /sys, or bind mounting | |
394 | * a new /etc/resolv.conf can be shared between uers. | |
395 | */ | |
396 | char netns_path[MAXPATHLEN]; | |
397 | const char *name; | |
223f4d8e | 398 | int fd; |
58a3e827 | 399 | int made_netns_run_dir_mount = 0; |
0dc34c77 EB |
400 | |
401 | if (argc < 1) { | |
402 | fprintf(stderr, "No netns name specified\n"); | |
a05f6511 | 403 | return -1; |
0dc34c77 EB |
404 | } |
405 | name = argv[0]; | |
406 | ||
407 | snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name); | |
408 | ||
409 | /* Create the base netns directory if it doesn't exist */ | |
410 | mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); | |
411 | ||
d259f030 | 412 | /* Make it possible for network namespace mounts to propagate between |
58a3e827 EB |
413 | * mount namespaces. This makes it likely that a unmounting a network |
414 | * namespace file in one namespace will unmount the network namespace | |
415 | * file in all namespaces allowing the network namespace to be freed | |
416 | * sooner. | |
417 | */ | |
418 | while (mount("", NETNS_RUN_DIR, "none", MS_SHARED | MS_REC, NULL)) { | |
419 | /* Fail unless we need to make the mount point */ | |
420 | if (errno != EINVAL || made_netns_run_dir_mount) { | |
421 | fprintf(stderr, "mount --make-shared %s failed: %s\n", | |
422 | NETNS_RUN_DIR, strerror(errno)); | |
a05f6511 | 423 | return -1; |
58a3e827 EB |
424 | } |
425 | ||
426 | /* Upgrade NETNS_RUN_DIR to a mount point */ | |
427 | if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) { | |
428 | fprintf(stderr, "mount --bind %s %s failed: %s\n", | |
429 | NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno)); | |
a05f6511 | 430 | return -1; |
58a3e827 EB |
431 | } |
432 | made_netns_run_dir_mount = 1; | |
433 | } | |
434 | ||
0dc34c77 | 435 | /* Create the filesystem state */ |
223f4d8e EB |
436 | fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0); |
437 | if (fd < 0) { | |
14645ec2 | 438 | fprintf(stderr, "Cannot not create namespace file \"%s\": %s\n", |
0dc34c77 | 439 | netns_path, strerror(errno)); |
a05f6511 | 440 | return -1; |
0dc34c77 | 441 | } |
223f4d8e | 442 | close(fd); |
0dc34c77 | 443 | if (unshare(CLONE_NEWNET) < 0) { |
14645ec2 KR |
444 | fprintf(stderr, "Failed to create a new network namespace \"%s\": %s\n", |
445 | name, strerror(errno)); | |
0dc34c77 EB |
446 | goto out_delete; |
447 | } | |
448 | ||
449 | /* Bind the netns last so I can watch for it */ | |
450 | if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) { | |
451 | fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n", | |
452 | netns_path, strerror(errno)); | |
453 | goto out_delete; | |
454 | } | |
a05f6511 | 455 | return 0; |
0dc34c77 EB |
456 | out_delete: |
457 | netns_delete(argc, argv); | |
a05f6511 | 458 | return -1; |
0dc34c77 EB |
459 | } |
460 | ||
461 | ||
462 | static int netns_monitor(int argc, char **argv) | |
463 | { | |
464 | char buf[4096]; | |
465 | struct inotify_event *event; | |
466 | int fd; | |
467 | fd = inotify_init(); | |
468 | if (fd < 0) { | |
469 | fprintf(stderr, "inotify_init failed: %s\n", | |
470 | strerror(errno)); | |
a05f6511 | 471 | return -1; |
0dc34c77 EB |
472 | } |
473 | if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE | IN_DELETE) < 0) { | |
474 | fprintf(stderr, "inotify_add_watch failed: %s\n", | |
475 | strerror(errno)); | |
a05f6511 | 476 | return -1; |
0dc34c77 EB |
477 | } |
478 | for(;;) { | |
479 | ssize_t len = read(fd, buf, sizeof(buf)); | |
480 | if (len < 0) { | |
481 | fprintf(stderr, "read failed: %s\n", | |
482 | strerror(errno)); | |
a05f6511 | 483 | return -1; |
0dc34c77 EB |
484 | } |
485 | for (event = (struct inotify_event *)buf; | |
486 | (char *)event < &buf[len]; | |
487 | event = (struct inotify_event *)((char *)event + sizeof(*event) + event->len)) { | |
488 | if (event->mask & IN_CREATE) | |
489 | printf("add %s\n", event->name); | |
490 | if (event->mask & IN_DELETE) | |
491 | printf("delete %s\n", event->name); | |
492 | } | |
493 | } | |
a05f6511 | 494 | return 0; |
0dc34c77 EB |
495 | } |
496 | ||
497 | int do_netns(int argc, char **argv) | |
498 | { | |
499 | if (argc < 1) | |
500 | return netns_list(0, NULL); | |
501 | ||
502 | if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) || | |
503 | (matches(*argv, "lst") == 0)) | |
504 | return netns_list(argc-1, argv+1); | |
505 | ||
506 | if (matches(*argv, "help") == 0) | |
8e2d47dc | 507 | return usage(); |
0dc34c77 EB |
508 | |
509 | if (matches(*argv, "add") == 0) | |
510 | return netns_add(argc-1, argv+1); | |
511 | ||
512 | if (matches(*argv, "delete") == 0) | |
513 | return netns_delete(argc-1, argv+1); | |
514 | ||
9a7b3d91 EB |
515 | if (matches(*argv, "identify") == 0) |
516 | return netns_identify(argc-1, argv+1); | |
517 | ||
518 | if (matches(*argv, "pids") == 0) | |
519 | return netns_pids(argc-1, argv+1); | |
520 | ||
0dc34c77 EB |
521 | if (matches(*argv, "exec") == 0) |
522 | return netns_exec(argc-1, argv+1); | |
523 | ||
524 | if (matches(*argv, "monitor") == 0) | |
525 | return netns_monitor(argc-1, argv+1); | |
526 | ||
527 | fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv); | |
a05f6511 | 528 | exit(-1); |
0dc34c77 | 529 | } |