]> git.proxmox.com Git - mirror_iproute2.git/blame - ip/ipnetns.c
iplink: add support for bonding slave
[mirror_iproute2.git] / ip / ipnetns.c
CommitLineData
0dc34c77
EB
1#define _ATFILE_SOURCE
2#include <sys/types.h>
3#include <sys/stat.h>
4#include <sys/wait.h>
5#include <sys/inotify.h>
6#include <sys/mount.h>
7#include <sys/param.h>
8#include <sys/syscall.h>
9#include <stdio.h>
10#include <string.h>
11#include <sched.h>
12#include <fcntl.h>
13#include <dirent.h>
14#include <errno.h>
15#include <unistd.h>
9a7b3d91 16#include <ctype.h>
0dc34c77
EB
17
18#include "utils.h"
19#include "ip_common.h"
20
21#define NETNS_RUN_DIR "/var/run/netns"
22#define NETNS_ETC_DIR "/etc/netns"
23
24#ifndef CLONE_NEWNET
25#define CLONE_NEWNET 0x40000000 /* New network namespace (lo, device, names sockets, etc) */
26#endif
27
28#ifndef MNT_DETACH
29#define MNT_DETACH 0x00000002 /* Just detach from the tree */
30#endif /* MNT_DETACH */
31
03fdb011
SH
32/* sys/mount.h may be out too old to have these */
33#ifndef MS_REC
34#define MS_REC 16384
35#endif
36
37#ifndef MS_SLAVE
38#define MS_SLAVE (1 << 19)
39#endif
40
41#ifndef MS_SHARED
42#define MS_SHARED (1 << 20)
43#endif
44
2e8a07f5 45#ifndef HAVE_SETNS
0dc34c77
EB
46static int setns(int fd, int nstype)
47{
48#ifdef __NR_setns
49 return syscall(__NR_setns, fd, nstype);
50#else
51 errno = ENOSYS;
52 return -1;
53#endif
54}
2e8a07f5 55#endif /* HAVE_SETNS */
0dc34c77 56
8e2d47dc 57static int usage(void)
0dc34c77
EB
58{
59 fprintf(stderr, "Usage: ip netns list\n");
60 fprintf(stderr, " ip netns add NAME\n");
61 fprintf(stderr, " ip netns delete NAME\n");
9a7b3d91
EB
62 fprintf(stderr, " ip netns identify PID\n");
63 fprintf(stderr, " ip netns pids NAME\n");
0dc34c77
EB
64 fprintf(stderr, " ip netns exec NAME cmd ...\n");
65 fprintf(stderr, " ip netns monitor\n");
a05f6511 66 exit(-1);
0dc34c77
EB
67}
68
69int get_netns_fd(const char *name)
70{
71 char pathbuf[MAXPATHLEN];
72 const char *path, *ptr;
73
74 path = name;
75 ptr = strchr(name, '/');
76 if (!ptr) {
77 snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
78 NETNS_RUN_DIR, name );
79 path = pathbuf;
80 }
81 return open(path, O_RDONLY);
82}
83
84static int netns_list(int argc, char **argv)
85{
86 struct dirent *entry;
87 DIR *dir;
88
89 dir = opendir(NETNS_RUN_DIR);
90 if (!dir)
a05f6511 91 return 0;
0dc34c77
EB
92
93 while ((entry = readdir(dir)) != NULL) {
94 if (strcmp(entry->d_name, ".") == 0)
95 continue;
96 if (strcmp(entry->d_name, "..") == 0)
97 continue;
98 printf("%s\n", entry->d_name);
99 }
100 closedir(dir);
a05f6511 101 return 0;
0dc34c77
EB
102}
103
104static void bind_etc(const char *name)
105{
106 char etc_netns_path[MAXPATHLEN];
107 char netns_name[MAXPATHLEN];
108 char etc_name[MAXPATHLEN];
109 struct dirent *entry;
110 DIR *dir;
111
112 snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name);
113 dir = opendir(etc_netns_path);
114 if (!dir)
115 return;
116
117 while ((entry = readdir(dir)) != NULL) {
118 if (strcmp(entry->d_name, ".") == 0)
119 continue;
120 if (strcmp(entry->d_name, "..") == 0)
121 continue;
122 snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name);
123 snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name);
124 if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) {
125 fprintf(stderr, "Bind %s -> %s failed: %s\n",
126 netns_name, etc_name, strerror(errno));
127 }
128 }
129 closedir(dir);
130}
131
132static int netns_exec(int argc, char **argv)
133{
134 /* Setup the proper environment for apps that are not netns
135 * aware, and execute a program in that environment.
136 */
137 const char *name, *cmd;
138 char net_path[MAXPATHLEN];
139 int netns;
140
141 if (argc < 1) {
142 fprintf(stderr, "No netns name specified\n");
a05f6511 143 return -1;
0dc34c77
EB
144 }
145 if (argc < 2) {
14645ec2 146 fprintf(stderr, "No command specified\n");
a05f6511 147 return -1;
0dc34c77 148 }
a05f6511 149
0dc34c77
EB
150 name = argv[0];
151 cmd = argv[1];
152 snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
bcb9d403 153 netns = open(net_path, O_RDONLY | O_CLOEXEC);
0dc34c77 154 if (netns < 0) {
14645ec2 155 fprintf(stderr, "Cannot open network namespace \"%s\": %s\n",
4395d48c 156 name, strerror(errno));
a05f6511 157 return -1;
0dc34c77 158 }
a05f6511 159
0dc34c77 160 if (setns(netns, CLONE_NEWNET) < 0) {
14645ec2
KR
161 fprintf(stderr, "seting the network namespace \"%s\" failed: %s\n",
162 name, strerror(errno));
a05f6511 163 return -1;
0dc34c77
EB
164 }
165
166 if (unshare(CLONE_NEWNS) < 0) {
167 fprintf(stderr, "unshare failed: %s\n", strerror(errno));
a05f6511 168 return -1;
0dc34c77 169 }
d259f030 170 /* Don't let any mounts propagate back to the parent */
144e6ce1 171 if (mount("", "/", "none", MS_SLAVE | MS_REC, NULL)) {
14645ec2 172 fprintf(stderr, "\"mount --make-rslave /\" failed: %s\n",
144e6ce1 173 strerror(errno));
a05f6511 174 return -1;
144e6ce1 175 }
0dc34c77
EB
176 /* Mount a version of /sys that describes the network namespace */
177 if (umount2("/sys", MNT_DETACH) < 0) {
178 fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno));
a05f6511 179 return -1;
0dc34c77
EB
180 }
181 if (mount(name, "/sys", "sysfs", 0, NULL) < 0) {
182 fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno));
a05f6511 183 return -1;
0dc34c77
EB
184 }
185
186 /* Setup bind mounts for config files in /etc */
187 bind_etc(name);
188
95592b47
J
189 fflush(stdout);
190
a3aa47a5 191 if (batch_mode) {
95592b47
J
192 int status;
193 pid_t pid;
194
195 pid = fork();
196 if (pid < 0) {
197 perror("fork");
a05f6511 198 exit(1);
95592b47
J
199 }
200
201 if (pid != 0) {
202 /* Parent */
203 if (waitpid(pid, &status, 0) < 0) {
204 perror("waitpid");
a05f6511 205 exit(1);
95592b47
J
206 }
207
3c61c01a
ND
208 if (WIFEXITED(status)) {
209 /* ip must return the status of the child,
210 * but do_cmd() will add a minus to this,
211 * so let's add another one here to cancel it.
212 */
213 return -WEXITSTATUS(status);
214 }
95592b47 215
3c61c01a 216 exit(1);
95592b47
J
217 }
218 }
219
0dc34c77 220 if (execvp(cmd, argv + 1) < 0)
14645ec2 221 fprintf(stderr, "exec of \"%s\" failed: %s\n",
0dc34c77 222 cmd, strerror(errno));
a05f6511 223 _exit(1);
0dc34c77
EB
224}
225
9a7b3d91
EB
226static int is_pid(const char *str)
227{
228 int ch;
229 for (; (ch = *str); str++) {
230 if (!isdigit(ch))
231 return 0;
232 }
233 return 1;
234}
235
236static int netns_pids(int argc, char **argv)
237{
238 const char *name;
239 char net_path[MAXPATHLEN];
240 int netns;
241 struct stat netst;
242 DIR *dir;
243 struct dirent *entry;
244
245 if (argc < 1) {
246 fprintf(stderr, "No netns name specified\n");
a05f6511 247 return -1;
9a7b3d91
EB
248 }
249 if (argc > 1) {
250 fprintf(stderr, "extra arguments specified\n");
a05f6511 251 return -1;
9a7b3d91
EB
252 }
253
254 name = argv[0];
255 snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
256 netns = open(net_path, O_RDONLY);
257 if (netns < 0) {
258 fprintf(stderr, "Cannot open network namespace: %s\n",
259 strerror(errno));
a05f6511 260 return -1;
9a7b3d91
EB
261 }
262 if (fstat(netns, &netst) < 0) {
263 fprintf(stderr, "Stat of netns failed: %s\n",
264 strerror(errno));
a05f6511 265 return -1;
9a7b3d91
EB
266 }
267 dir = opendir("/proc/");
268 if (!dir) {
269 fprintf(stderr, "Open of /proc failed: %s\n",
270 strerror(errno));
a05f6511 271 return -1;
9a7b3d91
EB
272 }
273 while((entry = readdir(dir))) {
274 char pid_net_path[MAXPATHLEN];
275 struct stat st;
276 if (!is_pid(entry->d_name))
277 continue;
278 snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%s/ns/net",
279 entry->d_name);
280 if (stat(pid_net_path, &st) != 0)
281 continue;
282 if ((st.st_dev == netst.st_dev) &&
283 (st.st_ino == netst.st_ino)) {
284 printf("%s\n", entry->d_name);
285 }
286 }
287 closedir(dir);
a05f6511 288 return 0;
9a7b3d91
EB
289
290}
291
292static int netns_identify(int argc, char **argv)
293{
294 const char *pidstr;
295 char net_path[MAXPATHLEN];
296 int netns;
297 struct stat netst;
298 DIR *dir;
299 struct dirent *entry;
300
301 if (argc < 1) {
302 fprintf(stderr, "No pid specified\n");
a05f6511 303 return -1;
9a7b3d91
EB
304 }
305 if (argc > 1) {
306 fprintf(stderr, "extra arguments specified\n");
a05f6511 307 return -1;
9a7b3d91
EB
308 }
309 pidstr = argv[0];
310
311 if (!is_pid(pidstr)) {
312 fprintf(stderr, "Specified string '%s' is not a pid\n",
313 pidstr);
a05f6511 314 return -1;
9a7b3d91
EB
315 }
316
317 snprintf(net_path, sizeof(net_path), "/proc/%s/ns/net", pidstr);
318 netns = open(net_path, O_RDONLY);
319 if (netns < 0) {
320 fprintf(stderr, "Cannot open network namespace: %s\n",
321 strerror(errno));
a05f6511 322 return -1;
9a7b3d91
EB
323 }
324 if (fstat(netns, &netst) < 0) {
325 fprintf(stderr, "Stat of netns failed: %s\n",
326 strerror(errno));
a05f6511 327 return -1;
9a7b3d91
EB
328 }
329 dir = opendir(NETNS_RUN_DIR);
330 if (!dir) {
331 /* Succeed treat a missing directory as an empty directory */
332 if (errno == ENOENT)
a05f6511 333 return 0;
9a7b3d91
EB
334
335 fprintf(stderr, "Failed to open directory %s:%s\n",
336 NETNS_RUN_DIR, strerror(errno));
a05f6511 337 return -1;
9a7b3d91
EB
338 }
339
340 while((entry = readdir(dir))) {
341 char name_path[MAXPATHLEN];
342 struct stat st;
343
344 if (strcmp(entry->d_name, ".") == 0)
345 continue;
346 if (strcmp(entry->d_name, "..") == 0)
347 continue;
348
349 snprintf(name_path, sizeof(name_path), "%s/%s", NETNS_RUN_DIR,
350 entry->d_name);
351
352 if (stat(name_path, &st) != 0)
353 continue;
354
355 if ((st.st_dev == netst.st_dev) &&
356 (st.st_ino == netst.st_ino)) {
357 printf("%s\n", entry->d_name);
358 }
359 }
360 closedir(dir);
a05f6511 361 return 0;
9a7b3d91
EB
362
363}
364
0dc34c77
EB
365static int netns_delete(int argc, char **argv)
366{
367 const char *name;
368 char netns_path[MAXPATHLEN];
369
370 if (argc < 1) {
371 fprintf(stderr, "No netns name specified\n");
a05f6511 372 return -1;
0dc34c77
EB
373 }
374
375 name = argv[0];
376 snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
377 umount2(netns_path, MNT_DETACH);
378 if (unlink(netns_path) < 0) {
14645ec2 379 fprintf(stderr, "Cannot remove namespace file \"%s\": %s\n",
0dc34c77 380 netns_path, strerror(errno));
a05f6511 381 return -1;
0dc34c77 382 }
a05f6511 383 return 0;
0dc34c77
EB
384}
385
386static int netns_add(int argc, char **argv)
387{
388 /* This function creates a new network namespace and
389 * a new mount namespace and bind them into a well known
390 * location in the filesystem based on the name provided.
391 *
392 * The mount namespace is created so that any necessary
393 * userspace tweaks like remounting /sys, or bind mounting
394 * a new /etc/resolv.conf can be shared between uers.
395 */
396 char netns_path[MAXPATHLEN];
397 const char *name;
223f4d8e 398 int fd;
58a3e827 399 int made_netns_run_dir_mount = 0;
0dc34c77
EB
400
401 if (argc < 1) {
402 fprintf(stderr, "No netns name specified\n");
a05f6511 403 return -1;
0dc34c77
EB
404 }
405 name = argv[0];
406
407 snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
408
409 /* Create the base netns directory if it doesn't exist */
410 mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
411
d259f030 412 /* Make it possible for network namespace mounts to propagate between
58a3e827
EB
413 * mount namespaces. This makes it likely that a unmounting a network
414 * namespace file in one namespace will unmount the network namespace
415 * file in all namespaces allowing the network namespace to be freed
416 * sooner.
417 */
418 while (mount("", NETNS_RUN_DIR, "none", MS_SHARED | MS_REC, NULL)) {
419 /* Fail unless we need to make the mount point */
420 if (errno != EINVAL || made_netns_run_dir_mount) {
421 fprintf(stderr, "mount --make-shared %s failed: %s\n",
422 NETNS_RUN_DIR, strerror(errno));
a05f6511 423 return -1;
58a3e827
EB
424 }
425
426 /* Upgrade NETNS_RUN_DIR to a mount point */
427 if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) {
428 fprintf(stderr, "mount --bind %s %s failed: %s\n",
429 NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno));
a05f6511 430 return -1;
58a3e827
EB
431 }
432 made_netns_run_dir_mount = 1;
433 }
434
0dc34c77 435 /* Create the filesystem state */
223f4d8e
EB
436 fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0);
437 if (fd < 0) {
14645ec2 438 fprintf(stderr, "Cannot not create namespace file \"%s\": %s\n",
0dc34c77 439 netns_path, strerror(errno));
a05f6511 440 return -1;
0dc34c77 441 }
223f4d8e 442 close(fd);
0dc34c77 443 if (unshare(CLONE_NEWNET) < 0) {
14645ec2
KR
444 fprintf(stderr, "Failed to create a new network namespace \"%s\": %s\n",
445 name, strerror(errno));
0dc34c77
EB
446 goto out_delete;
447 }
448
449 /* Bind the netns last so I can watch for it */
450 if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) {
451 fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n",
452 netns_path, strerror(errno));
453 goto out_delete;
454 }
a05f6511 455 return 0;
0dc34c77
EB
456out_delete:
457 netns_delete(argc, argv);
a05f6511 458 return -1;
0dc34c77
EB
459}
460
461
462static int netns_monitor(int argc, char **argv)
463{
464 char buf[4096];
465 struct inotify_event *event;
466 int fd;
467 fd = inotify_init();
468 if (fd < 0) {
469 fprintf(stderr, "inotify_init failed: %s\n",
470 strerror(errno));
a05f6511 471 return -1;
0dc34c77
EB
472 }
473 if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE | IN_DELETE) < 0) {
474 fprintf(stderr, "inotify_add_watch failed: %s\n",
475 strerror(errno));
a05f6511 476 return -1;
0dc34c77
EB
477 }
478 for(;;) {
479 ssize_t len = read(fd, buf, sizeof(buf));
480 if (len < 0) {
481 fprintf(stderr, "read failed: %s\n",
482 strerror(errno));
a05f6511 483 return -1;
0dc34c77
EB
484 }
485 for (event = (struct inotify_event *)buf;
486 (char *)event < &buf[len];
487 event = (struct inotify_event *)((char *)event + sizeof(*event) + event->len)) {
488 if (event->mask & IN_CREATE)
489 printf("add %s\n", event->name);
490 if (event->mask & IN_DELETE)
491 printf("delete %s\n", event->name);
492 }
493 }
a05f6511 494 return 0;
0dc34c77
EB
495}
496
497int do_netns(int argc, char **argv)
498{
499 if (argc < 1)
500 return netns_list(0, NULL);
501
502 if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) ||
503 (matches(*argv, "lst") == 0))
504 return netns_list(argc-1, argv+1);
505
506 if (matches(*argv, "help") == 0)
8e2d47dc 507 return usage();
0dc34c77
EB
508
509 if (matches(*argv, "add") == 0)
510 return netns_add(argc-1, argv+1);
511
512 if (matches(*argv, "delete") == 0)
513 return netns_delete(argc-1, argv+1);
514
9a7b3d91
EB
515 if (matches(*argv, "identify") == 0)
516 return netns_identify(argc-1, argv+1);
517
518 if (matches(*argv, "pids") == 0)
519 return netns_pids(argc-1, argv+1);
520
0dc34c77
EB
521 if (matches(*argv, "exec") == 0)
522 return netns_exec(argc-1, argv+1);
523
524 if (matches(*argv, "monitor") == 0)
525 return netns_monitor(argc-1, argv+1);
526
527 fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv);
a05f6511 528 exit(-1);
0dc34c77 529}