[mirror_iproute2.git] / ip / ipnetns.c

#define _ATFILE_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/inotify.h>
#include <sys/mount.h>
#include <sys/param.h>
#include <sys/syscall.h>
#include <stdio.h>
#include <string.h>
#include <sched.h>
#include <fcntl.h>
#include <dirent.h>
#include <errno.h>
#include <unistd.h>
#include <ctype.h>

#include "utils.h"
#include "ip_common.h"

#define NETNS_RUN_DIR "/var/run/netns"
#define NETNS_ETC_DIR "/etc/netns"

#ifndef CLONE_NEWNET
#define CLONE_NEWNET 0x40000000	/* New network namespace (lo, device, names sockets, etc) */
#endif

#ifndef MNT_DETACH
#define MNT_DETACH	0x00000002	/* Just detach from the tree */
#endif /* MNT_DETACH */

/* sys/mount.h may be out too old to have these */
#ifndef MS_REC
#define MS_REC		16384
#endif

#ifndef MS_SLAVE
#define MS_SLAVE	(1 << 19)
#endif

#ifndef MS_SHARED
#define MS_SHARED	(1 << 20)
#endif

#ifndef HAVE_SETNS
static int setns(int fd, int nstype)
{
#ifdef __NR_setns
	return syscall(__NR_setns, fd, nstype);
#else
	errno = ENOSYS;
	return -1;
#endif
}
#endif /* HAVE_SETNS */

static int usage(void)
{
	fprintf(stderr, "Usage: ip netns list\n");
	fprintf(stderr, "       ip netns add NAME\n");
	fprintf(stderr, "       ip netns delete NAME\n");
	fprintf(stderr, "       ip netns identify PID\n");
	fprintf(stderr, "       ip netns pids NAME\n");
	fprintf(stderr, "       ip netns exec NAME cmd ...\n");
	fprintf(stderr, "       ip netns monitor\n");
	exit(-1);
}

int get_netns_fd(const char *name)
{
	char pathbuf[MAXPATHLEN];
	const char *path, *ptr;

	path = name;
	ptr = strchr(name, '/');
	if (!ptr) {
		snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
			NETNS_RUN_DIR, name );
		path = pathbuf;
	}
	return open(path, O_RDONLY);
}

static int netns_list(int argc, char **argv)
{
	struct dirent *entry;
	DIR *dir;

	dir = opendir(NETNS_RUN_DIR);
	if (!dir)
		return 0;

	while ((entry = readdir(dir)) != NULL) {
		if (strcmp(entry->d_name, ".") == 0)
			continue;
		if (strcmp(entry->d_name, "..") == 0)
			continue;
		printf("%s\n", entry->d_name);
	}
	closedir(dir);
	return 0;
}

static void bind_etc(const char *name)
{
	char etc_netns_path[MAXPATHLEN];
	char netns_name[MAXPATHLEN];
	char etc_name[MAXPATHLEN];
	struct dirent *entry;
	DIR *dir;

	snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name);
	dir = opendir(etc_netns_path);
	if (!dir)
		return;

	while ((entry = readdir(dir)) != NULL) {
		if (strcmp(entry->d_name, ".") == 0)
			continue;
		if (strcmp(entry->d_name, "..") == 0)
			continue;
		snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name);
		snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name);
		if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) {
			fprintf(stderr, "Bind %s -> %s failed: %s\n",
				netns_name, etc_name, strerror(errno));
		}
	}
	closedir(dir);
}

static int netns_exec(int argc, char **argv)
{
	/* Setup the proper environment for apps that are not netns
	 * aware, and execute a program in that environment.
	 */
	const char *name, *cmd;
	char net_path[MAXPATHLEN];
	int netns;

	if (argc < 1) {
		fprintf(stderr, "No netns name specified\n");
		return -1;
	}
	if (argc < 2) {
		fprintf(stderr, "No command specified\n");
		return -1;
	}

	name = argv[0];
	cmd = argv[1];
	snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
	netns = open(net_path, O_RDONLY | O_CLOEXEC);
	if (netns < 0) {
		fprintf(stderr, "Cannot open network namespace \"%s\": %s\n",
			name, strerror(errno));
		return -1;
	}

	if (setns(netns, CLONE_NEWNET) < 0) {
		fprintf(stderr, "seting the network namespace \"%s\" failed: %s\n",
			name, strerror(errno));
		return -1;
	}

	if (unshare(CLONE_NEWNS) < 0) {
		fprintf(stderr, "unshare failed: %s\n", strerror(errno));
		return -1;
	}
	/* Don't let any mounts propagate back to the parent */
	if (mount("", "/", "none", MS_SLAVE | MS_REC, NULL)) {
		fprintf(stderr, "\"mount --make-rslave /\" failed: %s\n",
			strerror(errno));
		return -1;
	}
	/* Mount a version of /sys that describes the network namespace */
	if (umount2("/sys", MNT_DETACH) < 0) {
		fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno));
		return -1;
	}
	if (mount(name, "/sys", "sysfs", 0, NULL) < 0) {
		fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno));
		return -1;
	}

	/* Setup bind mounts for config files in /etc */
	bind_etc(name);

	fflush(stdout);

	if (batch_mode) {
		int status;
		pid_t pid;

		pid = fork();
		if (pid < 0) {
			perror("fork");
			exit(1);
		}

		if (pid != 0) {
			/* Parent  */
			if (waitpid(pid, &status, 0) < 0) {
				perror("waitpid");
				exit(1);
			}

			if (WIFEXITED(status)) {
				/* ip must return the status of the child,
				 * but do_cmd() will add a minus to this,
				 * so let's add another one here to cancel it.
				 */
				return -WEXITSTATUS(status);
			}

			exit(1);
		}
	}

	if (execvp(cmd, argv + 1)  < 0)
		fprintf(stderr, "exec of \"%s\" failed: %s\n",
			cmd, strerror(errno));
	_exit(1);
}

static int is_pid(const char *str)
{
	int ch;
	for (; (ch = *str); str++) {
		if (!isdigit(ch))
			return 0;
	}
	return 1;
}

static int netns_pids(int argc, char **argv)
{
	const char *name;
	char net_path[MAXPATHLEN];
	int netns;
	struct stat netst;
	DIR *dir;
	struct dirent *entry;

	if (argc < 1) {
		fprintf(stderr, "No netns name specified\n");
		return -1;
	}
	if (argc > 1) {
		fprintf(stderr, "extra arguments specified\n");
		return -1;
	}

	name = argv[0];
	snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
	netns = open(net_path, O_RDONLY);
	if (netns < 0) {
		fprintf(stderr, "Cannot open network namespace: %s\n",
			strerror(errno));
		return -1;
	}
	if (fstat(netns, &netst) < 0) {
		fprintf(stderr, "Stat of netns failed: %s\n",
			strerror(errno));
		return -1;
	}
	dir = opendir("/proc/");
	if (!dir) {
		fprintf(stderr, "Open of /proc failed: %s\n",
			strerror(errno));
		return -1;
	}
	while((entry = readdir(dir))) {
		char pid_net_path[MAXPATHLEN];
		struct stat st;
		if (!is_pid(entry->d_name))
			continue;
		snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%s/ns/net",
			entry->d_name);
		if (stat(pid_net_path, &st) != 0)
			continue;
		if ((st.st_dev == netst.st_dev) &&
		    (st.st_ino == netst.st_ino)) {
			printf("%s\n", entry->d_name);
		}
	}
	closedir(dir);
	return 0;
	
}

static int netns_identify(int argc, char **argv)
{
	const char *pidstr;
	char net_path[MAXPATHLEN];
	int netns;
	struct stat netst;
	DIR *dir;
	struct dirent *entry;

	if (argc < 1) {
		fprintf(stderr, "No pid specified\n");
		return -1;
	}
	if (argc > 1) {
		fprintf(stderr, "extra arguments specified\n");
		return -1;
	}
	pidstr = argv[0];

	if (!is_pid(pidstr)) {
		fprintf(stderr, "Specified string '%s' is not a pid\n",
			pidstr);
		return -1;
	}

	snprintf(net_path, sizeof(net_path), "/proc/%s/ns/net", pidstr);
	netns = open(net_path, O_RDONLY);
	if (netns < 0) {
		fprintf(stderr, "Cannot open network namespace: %s\n",
			strerror(errno));
		return -1;
	}
	if (fstat(netns, &netst) < 0) {
		fprintf(stderr, "Stat of netns failed: %s\n",
			strerror(errno));
		return -1;
	}
	dir = opendir(NETNS_RUN_DIR);
	if (!dir) {
		/* Succeed treat a missing directory as an empty directory */
		if (errno == ENOENT)
			return 0;

		fprintf(stderr, "Failed to open directory %s:%s\n",
			NETNS_RUN_DIR, strerror(errno));
		return -1;
	}

	while((entry = readdir(dir))) {
		char name_path[MAXPATHLEN];
		struct stat st;

		if (strcmp(entry->d_name, ".") == 0)
			continue;
		if (strcmp(entry->d_name, "..") == 0)
			continue;

		snprintf(name_path, sizeof(name_path), "%s/%s",	NETNS_RUN_DIR,
			entry->d_name);

		if (stat(name_path, &st) != 0)
			continue;

		if ((st.st_dev == netst.st_dev) &&
		    (st.st_ino == netst.st_ino)) {
			printf("%s\n", entry->d_name);
		}
	}
	closedir(dir);
	return 0;
	
}

static int netns_delete(int argc, char **argv)
{
	const char *name;
	char netns_path[MAXPATHLEN];

	if (argc < 1) {
		fprintf(stderr, "No netns name specified\n");
		return -1;
	}

	name = argv[0];
	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
	umount2(netns_path, MNT_DETACH);
	if (unlink(netns_path) < 0) {
		fprintf(stderr, "Cannot remove namespace file \"%s\": %s\n",
			netns_path, strerror(errno));
		return -1;
	}
	return 0;
}

static int netns_add(int argc, char **argv)
{
	/* This function creates a new network namespace and
	 * a new mount namespace and bind them into a well known
	 * location in the filesystem based on the name provided.
	 *
	 * The mount namespace is created so that any necessary
	 * userspace tweaks like remounting /sys, or bind mounting
	 * a new /etc/resolv.conf can be shared between uers.
	 */
	char netns_path[MAXPATHLEN];
	const char *name;
	int fd;
	int made_netns_run_dir_mount = 0;

	if (argc < 1) {
		fprintf(stderr, "No netns name specified\n");
		return -1;
	}
	name = argv[0];

	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);

	/* Create the base netns directory if it doesn't exist */
	mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);

	/* Make it possible for network namespace mounts to propagate between
	 * mount namespaces.  This makes it likely that a unmounting a network
	 * namespace file in one namespace will unmount the network namespace
	 * file in all namespaces allowing the network namespace to be freed
	 * sooner.
	 */
	while (mount("", NETNS_RUN_DIR, "none", MS_SHARED | MS_REC, NULL)) {
		/* Fail unless we need to make the mount point */
		if (errno != EINVAL || made_netns_run_dir_mount) {
			fprintf(stderr, "mount --make-shared %s failed: %s\n",
				NETNS_RUN_DIR, strerror(errno));
			return -1;
		}

		/* Upgrade NETNS_RUN_DIR to a mount point */
		if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) {
			fprintf(stderr, "mount --bind %s %s failed: %s\n",
				NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno));
			return -1;
		}
		made_netns_run_dir_mount = 1;
	}

	/* Create the filesystem state */
	fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0);
	if (fd < 0) {
		fprintf(stderr, "Cannot not create namespace file \"%s\": %s\n",
			netns_path, strerror(errno));
		return -1;
	}
	close(fd);
	if (unshare(CLONE_NEWNET) < 0) {
		fprintf(stderr, "Failed to create a new network namespace \"%s\": %s\n",
			name, strerror(errno));
		goto out_delete;
	}

	/* Bind the netns last so I can watch for it */
	if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) {
		fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n",
			netns_path, strerror(errno));
		goto out_delete;
	}
	return 0;
out_delete:
	netns_delete(argc, argv);
	return -1;
}


static int netns_monitor(int argc, char **argv)
{
	char buf[4096];
	struct inotify_event *event;
	int fd;
	fd = inotify_init();
	if (fd < 0) {
		fprintf(stderr, "inotify_init failed: %s\n",
			strerror(errno));
		return -1;
	}
	if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE | IN_DELETE) < 0) {
		fprintf(stderr, "inotify_add_watch failed: %s\n",
			strerror(errno));
		return -1;
	}
	for(;;) {
		ssize_t len = read(fd, buf, sizeof(buf));
		if (len < 0) {
			fprintf(stderr, "read failed: %s\n",
				strerror(errno));
			return -1;
		}
		for (event = (struct inotify_event *)buf;
		     (char *)event < &buf[len];
		     event = (struct inotify_event *)((char *)event + sizeof(*event) + event->len)) {
			if (event->mask & IN_CREATE)
				printf("add %s\n", event->name);
			if (event->mask & IN_DELETE)
				printf("delete %s\n", event->name);
		}
	}
	return 0;
}

int do_netns(int argc, char **argv)
{
	if (argc < 1)
		return netns_list(0, NULL);

	if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) ||
	    (matches(*argv, "lst") == 0))
		return netns_list(argc-1, argv+1);

	if (matches(*argv, "help") == 0)
		return usage();

	if (matches(*argv, "add") == 0)
		return netns_add(argc-1, argv+1);

	if (matches(*argv, "delete") == 0)
		return netns_delete(argc-1, argv+1);

	if (matches(*argv, "identify") == 0)
		return netns_identify(argc-1, argv+1);

	if (matches(*argv, "pids") == 0)
		return netns_pids(argc-1, argv+1);

	if (matches(*argv, "exec") == 0)
		return netns_exec(argc-1, argv+1);

	if (matches(*argv, "monitor") == 0)
		return netns_monitor(argc-1, argv+1);

	fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv);
	exit(-1);
}
Commit	Line	Data
0dc34c77 EB	1	#define _ATFILE_SOURCE
	2	#include <sys/types.h>
	3	#include <sys/stat.h>
	4	#include <sys/wait.h>
	5	#include <sys/inotify.h>
	6	#include <sys/mount.h>
	7	#include <sys/param.h>
	8	#include <sys/syscall.h>
	9	#include <stdio.h>
	10	#include <string.h>
	11	#include <sched.h>
	12	#include <fcntl.h>
	13	#include <dirent.h>
	14	#include <errno.h>
	15	#include <unistd.h>
9a7b3d91	16	#include <ctype.h>
0dc34c77 EB	17
	18	#include "utils.h"
	19	#include "ip_common.h"
	20
	21	#define NETNS_RUN_DIR "/var/run/netns"
	22	#define NETNS_ETC_DIR "/etc/netns"
	23
	24	#ifndef CLONE_NEWNET
	25	#define CLONE_NEWNET 0x40000000 /* New network namespace (lo, device, names sockets, etc) */
	26	#endif
	27
	28	#ifndef MNT_DETACH
	29	#define MNT_DETACH 0x00000002 /* Just detach from the tree */
	30	#endif /* MNT_DETACH */
	31
03fdb011 SH	32	/* sys/mount.h may be out too old to have these */
	33	#ifndef MS_REC
	34	#define MS_REC 16384
	35	#endif
	36
	37	#ifndef MS_SLAVE
	38	#define MS_SLAVE (1 << 19)
	39	#endif
	40
	41	#ifndef MS_SHARED
	42	#define MS_SHARED (1 << 20)
	43	#endif
	44
2e8a07f5	45	#ifndef HAVE_SETNS
0dc34c77 EB	46	static int setns(int fd, int nstype)
	47	{
	48	#ifdef __NR_setns
	49	return syscall(__NR_setns, fd, nstype);
	50	#else
	51	errno = ENOSYS;
	52	return -1;
	53	#endif
	54	}
2e8a07f5	55	#endif /* HAVE_SETNS */
0dc34c77	56
8e2d47dc	57	static int usage(void)
0dc34c77 EB	58	{
	59	fprintf(stderr, "Usage: ip netns list\n");
	60	fprintf(stderr, " ip netns add NAME\n");
	61	fprintf(stderr, " ip netns delete NAME\n");
9a7b3d91 EB	62	fprintf(stderr, " ip netns identify PID\n");
9a7b3d91 EB	63	fprintf(stderr, " ip netns pids NAME\n");
0dc34c77 EB	64	fprintf(stderr, " ip netns exec NAME cmd ...\n");
0dc34c77 EB	65	fprintf(stderr, " ip netns monitor\n");
a05f6511	66	exit(-1);
0dc34c77 EB	67	}
	68
	69	int get_netns_fd(const char *name)
	70	{
	71	char pathbuf[MAXPATHLEN];
	72	const char path, ptr;
	73
	74	path = name;
	75	ptr = strchr(name, '/');
	76	if (!ptr) {
	77	snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
	78	NETNS_RUN_DIR, name );
	79	path = pathbuf;
	80	}
	81	return open(path, O_RDONLY);
	82	}
	83
	84	static int netns_list(int argc, char **argv)
	85	{
	86	struct dirent *entry;
	87	DIR *dir;
	88
	89	dir = opendir(NETNS_RUN_DIR);
	90	if (!dir)
a05f6511	91	return 0;
0dc34c77 EB	92
	93	while ((entry = readdir(dir)) != NULL) {
	94	if (strcmp(entry->d_name, ".") == 0)
	95	continue;
	96	if (strcmp(entry->d_name, "..") == 0)
	97	continue;
	98	printf("%s\n", entry->d_name);
	99	}
	100	closedir(dir);
a05f6511	101	return 0;
0dc34c77 EB	102	}
	103
	104	static void bind_etc(const char *name)
	105	{
	106	char etc_netns_path[MAXPATHLEN];
	107	char netns_name[MAXPATHLEN];
	108	char etc_name[MAXPATHLEN];
	109	struct dirent *entry;
	110	DIR *dir;
	111
	112	snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name);
	113	dir = opendir(etc_netns_path);
	114	if (!dir)
	115	return;
	116
	117	while ((entry = readdir(dir)) != NULL) {
	118	if (strcmp(entry->d_name, ".") == 0)
	119	continue;
	120	if (strcmp(entry->d_name, "..") == 0)
	121	continue;
	122	snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name);
	123	snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name);
	124	if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) {
	125	fprintf(stderr, "Bind %s -> %s failed: %s\n",
	126	netns_name, etc_name, strerror(errno));
	127	}
	128	}
	129	closedir(dir);
	130	}
	131
	132	static int netns_exec(int argc, char **argv)
	133	{
	134	/* Setup the proper environment for apps that are not netns
	135	* aware, and execute a program in that environment.
	136	*/
	137	const char name, cmd;
	138	char net_path[MAXPATHLEN];
	139	int netns;
	140
	141	if (argc < 1) {
	142	fprintf(stderr, "No netns name specified\n");
a05f6511	143	return -1;
0dc34c77 EB	144	}
0dc34c77 EB	145	if (argc < 2) {
14645ec2	146	fprintf(stderr, "No command specified\n");
a05f6511	147	return -1;
0dc34c77	148	}
a05f6511	149
0dc34c77 EB	150	name = argv[0];
	151	cmd = argv[1];
	152	snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
bcb9d403	153	netns = open(net_path, O_RDONLY \| O_CLOEXEC);
0dc34c77	154	if (netns < 0) {
14645ec2	155	fprintf(stderr, "Cannot open network namespace \"%s\": %s\n",
4395d48c	156	name, strerror(errno));
a05f6511	157	return -1;
0dc34c77	158	}
a05f6511	159
0dc34c77	160	if (setns(netns, CLONE_NEWNET) < 0) {
14645ec2 KR	161	fprintf(stderr, "seting the network namespace \"%s\" failed: %s\n",
14645ec2 KR	162	name, strerror(errno));
a05f6511	163	return -1;
0dc34c77 EB	164	}
	165
	166	if (unshare(CLONE_NEWNS) < 0) {
	167	fprintf(stderr, "unshare failed: %s\n", strerror(errno));
a05f6511	168	return -1;
0dc34c77	169	}
d259f030	170	/* Don't let any mounts propagate back to the parent */
144e6ce1	171	if (mount("", "/", "none", MS_SLAVE \| MS_REC, NULL)) {
14645ec2	172	fprintf(stderr, "\"mount --make-rslave /\" failed: %s\n",
144e6ce1	173	strerror(errno));
a05f6511	174	return -1;
144e6ce1	175	}
0dc34c77 EB	176	/* Mount a version of /sys that describes the network namespace */
	177	if (umount2("/sys", MNT_DETACH) < 0) {
	178	fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno));
a05f6511	179	return -1;
0dc34c77 EB	180	}
	181	if (mount(name, "/sys", "sysfs", 0, NULL) < 0) {
	182	fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno));
a05f6511	183	return -1;
0dc34c77 EB	184	}
	185
	186	/* Setup bind mounts for config files in /etc */
	187	bind_etc(name);
	188
95592b47 J	189	fflush(stdout);
95592b47 J	190
a3aa47a5	191	if (batch_mode) {
95592b47 J	192	int status;
	193	pid_t pid;
	194
	195	pid = fork();
	196	if (pid < 0) {
	197	perror("fork");
a05f6511	198	exit(1);
95592b47 J	199	}
	200
	201	if (pid != 0) {
	202	/* Parent */
	203	if (waitpid(pid, &status, 0) < 0) {
	204	perror("waitpid");
a05f6511	205	exit(1);
95592b47 J	206	}
95592b47 J	207
3c61c01a ND	208	if (WIFEXITED(status)) {
	209	/* ip must return the status of the child,
	210	* but do_cmd() will add a minus to this,
	211	* so let's add another one here to cancel it.
	212	*/
	213	return -WEXITSTATUS(status);
	214	}
95592b47	215
3c61c01a	216	exit(1);
95592b47 J	217	}
	218	}
	219
0dc34c77	220	if (execvp(cmd, argv + 1) < 0)
14645ec2	221	fprintf(stderr, "exec of \"%s\" failed: %s\n",
0dc34c77	222	cmd, strerror(errno));
a05f6511	223	_exit(1);
0dc34c77 EB	224	}
0dc34c77 EB	225
9a7b3d91 EB	226	static int is_pid(const char *str)
	227	{
	228	int ch;
	229	for (; (ch = *str); str++) {
	230	if (!isdigit(ch))
	231	return 0;
	232	}
	233	return 1;
	234	}
	235
	236	static int netns_pids(int argc, char **argv)
	237	{
	238	const char *name;
	239	char net_path[MAXPATHLEN];
	240	int netns;
	241	struct stat netst;
	242	DIR *dir;
	243	struct dirent *entry;
	244
	245	if (argc < 1) {
	246	fprintf(stderr, "No netns name specified\n");
a05f6511	247	return -1;
9a7b3d91 EB	248	}
	249	if (argc > 1) {
	250	fprintf(stderr, "extra arguments specified\n");
a05f6511	251	return -1;
9a7b3d91 EB	252	}
	253
	254	name = argv[0];
	255	snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
	256	netns = open(net_path, O_RDONLY);
	257	if (netns < 0) {
	258	fprintf(stderr, "Cannot open network namespace: %s\n",
	259	strerror(errno));
a05f6511	260	return -1;
9a7b3d91 EB	261	}
	262	if (fstat(netns, &netst) < 0) {
	263	fprintf(stderr, "Stat of netns failed: %s\n",
	264	strerror(errno));
a05f6511	265	return -1;
9a7b3d91 EB	266	}
	267	dir = opendir("/proc/");
	268	if (!dir) {
	269	fprintf(stderr, "Open of /proc failed: %s\n",
	270	strerror(errno));
a05f6511	271	return -1;
9a7b3d91 EB	272	}
	273	while((entry = readdir(dir))) {
	274	char pid_net_path[MAXPATHLEN];
	275	struct stat st;
	276	if (!is_pid(entry->d_name))
	277	continue;
	278	snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%s/ns/net",
	279	entry->d_name);
	280	if (stat(pid_net_path, &st) != 0)
	281	continue;
	282	if ((st.st_dev == netst.st_dev) &&
	283	(st.st_ino == netst.st_ino)) {
	284	printf("%s\n", entry->d_name);
	285	}
	286	}
	287	closedir(dir);
a05f6511	288	return 0;
9a7b3d91 EB	289
	290	}
	291
	292	static int netns_identify(int argc, char **argv)
	293	{
	294	const char *pidstr;
	295	char net_path[MAXPATHLEN];
	296	int netns;
	297	struct stat netst;
	298	DIR *dir;
	299	struct dirent *entry;
	300
	301	if (argc < 1) {
	302	fprintf(stderr, "No pid specified\n");
a05f6511	303	return -1;
9a7b3d91 EB	304	}
	305	if (argc > 1) {
	306	fprintf(stderr, "extra arguments specified\n");
a05f6511	307	return -1;
9a7b3d91 EB	308	}
	309	pidstr = argv[0];
	310
	311	if (!is_pid(pidstr)) {
	312	fprintf(stderr, "Specified string '%s' is not a pid\n",
	313	pidstr);
a05f6511	314	return -1;
9a7b3d91 EB	315	}
	316
	317	snprintf(net_path, sizeof(net_path), "/proc/%s/ns/net", pidstr);
	318	netns = open(net_path, O_RDONLY);
	319	if (netns < 0) {
	320	fprintf(stderr, "Cannot open network namespace: %s\n",
	321	strerror(errno));
a05f6511	322	return -1;
9a7b3d91 EB	323	}
	324	if (fstat(netns, &netst) < 0) {
	325	fprintf(stderr, "Stat of netns failed: %s\n",
	326	strerror(errno));
a05f6511	327	return -1;
9a7b3d91 EB	328	}
	329	dir = opendir(NETNS_RUN_DIR);
	330	if (!dir) {
	331	/* Succeed treat a missing directory as an empty directory */
	332	if (errno == ENOENT)
a05f6511	333	return 0;
9a7b3d91 EB	334
	335	fprintf(stderr, "Failed to open directory %s:%s\n",
	336	NETNS_RUN_DIR, strerror(errno));
a05f6511	337	return -1;
9a7b3d91 EB	338	}
	339
	340	while((entry = readdir(dir))) {
	341	char name_path[MAXPATHLEN];
	342	struct stat st;
	343
	344	if (strcmp(entry->d_name, ".") == 0)
	345	continue;
	346	if (strcmp(entry->d_name, "..") == 0)
	347	continue;
	348
	349	snprintf(name_path, sizeof(name_path), "%s/%s", NETNS_RUN_DIR,
	350	entry->d_name);
	351
	352	if (stat(name_path, &st) != 0)
	353	continue;
	354
	355	if ((st.st_dev == netst.st_dev) &&
	356	(st.st_ino == netst.st_ino)) {
	357	printf("%s\n", entry->d_name);
	358	}
	359	}
	360	closedir(dir);
a05f6511	361	return 0;
9a7b3d91 EB	362
	363	}
	364
0dc34c77 EB	365	static int netns_delete(int argc, char **argv)
	366	{
	367	const char *name;
	368	char netns_path[MAXPATHLEN];
	369
	370	if (argc < 1) {
	371	fprintf(stderr, "No netns name specified\n");
a05f6511	372	return -1;
0dc34c77 EB	373	}
	374
	375	name = argv[0];
	376	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
	377	umount2(netns_path, MNT_DETACH);
	378	if (unlink(netns_path) < 0) {
14645ec2	379	fprintf(stderr, "Cannot remove namespace file \"%s\": %s\n",
0dc34c77	380	netns_path, strerror(errno));
a05f6511	381	return -1;
0dc34c77	382	}
a05f6511	383	return 0;
0dc34c77 EB	384	}
	385
	386	static int netns_add(int argc, char **argv)
	387	{
	388	/* This function creates a new network namespace and
	389	* a new mount namespace and bind them into a well known
	390	* location in the filesystem based on the name provided.
	391	*
	392	* The mount namespace is created so that any necessary
	393	* userspace tweaks like remounting /sys, or bind mounting
	394	* a new /etc/resolv.conf can be shared between uers.
	395	*/
	396	char netns_path[MAXPATHLEN];
	397	const char *name;
223f4d8e	398	int fd;
58a3e827	399	int made_netns_run_dir_mount = 0;
0dc34c77 EB	400
	401	if (argc < 1) {
	402	fprintf(stderr, "No netns name specified\n");
a05f6511	403	return -1;
0dc34c77 EB	404	}
	405	name = argv[0];
	406
	407	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
	408
	409	/* Create the base netns directory if it doesn't exist */
	410	mkdir(NETNS_RUN_DIR, S_IRWXU\|S_IRGRP\|S_IXGRP\|S_IROTH\|S_IXOTH);
	411
d259f030	412	/* Make it possible for network namespace mounts to propagate between
58a3e827 EB	413	* mount namespaces. This makes it likely that a unmounting a network
	414	* namespace file in one namespace will unmount the network namespace
	415	* file in all namespaces allowing the network namespace to be freed
	416	* sooner.
	417	*/
	418	while (mount("", NETNS_RUN_DIR, "none", MS_SHARED \| MS_REC, NULL)) {
	419	/* Fail unless we need to make the mount point */
	420	if (errno != EINVAL \|\| made_netns_run_dir_mount) {
	421	fprintf(stderr, "mount --make-shared %s failed: %s\n",
	422	NETNS_RUN_DIR, strerror(errno));
a05f6511	423	return -1;
58a3e827 EB	424	}
	425
	426	/* Upgrade NETNS_RUN_DIR to a mount point */
	427	if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) {
	428	fprintf(stderr, "mount --bind %s %s failed: %s\n",
	429	NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno));
a05f6511	430	return -1;
58a3e827 EB	431	}
	432	made_netns_run_dir_mount = 1;
	433	}
	434
0dc34c77	435	/* Create the filesystem state */
223f4d8e EB	436	fd = open(netns_path, O_RDONLY\|O_CREAT\|O_EXCL, 0);
223f4d8e EB	437	if (fd < 0) {
14645ec2	438	fprintf(stderr, "Cannot not create namespace file \"%s\": %s\n",
0dc34c77	439	netns_path, strerror(errno));
a05f6511	440	return -1;
0dc34c77	441	}
223f4d8e	442	close(fd);
0dc34c77	443	if (unshare(CLONE_NEWNET) < 0) {
14645ec2 KR	444	fprintf(stderr, "Failed to create a new network namespace \"%s\": %s\n",
14645ec2 KR	445	name, strerror(errno));
0dc34c77 EB	446	goto out_delete;
	447	}
	448
	449	/* Bind the netns last so I can watch for it */
	450	if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) {
	451	fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n",
	452	netns_path, strerror(errno));
	453	goto out_delete;
	454	}
a05f6511	455	return 0;
0dc34c77 EB	456	out_delete:
0dc34c77 EB	457	netns_delete(argc, argv);
a05f6511	458	return -1;
0dc34c77 EB	459	}
	460
	461
	462	static int netns_monitor(int argc, char **argv)
	463	{
	464	char buf[4096];
	465	struct inotify_event *event;
	466	int fd;
	467	fd = inotify_init();
	468	if (fd < 0) {
	469	fprintf(stderr, "inotify_init failed: %s\n",
	470	strerror(errno));
a05f6511	471	return -1;
0dc34c77 EB	472	}
	473	if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE \| IN_DELETE) < 0) {
	474	fprintf(stderr, "inotify_add_watch failed: %s\n",
	475	strerror(errno));
a05f6511	476	return -1;
0dc34c77 EB	477	}
	478	for(;;) {
	479	ssize_t len = read(fd, buf, sizeof(buf));
	480	if (len < 0) {
	481	fprintf(stderr, "read failed: %s\n",
	482	strerror(errno));
a05f6511	483	return -1;
0dc34c77 EB	484	}
	485	for (event = (struct inotify_event *)buf;
	486	(char *)event < &buf[len];
	487	event = (struct inotify_event )((char )event + sizeof(*event) + event->len)) {
	488	if (event->mask & IN_CREATE)
	489	printf("add %s\n", event->name);
	490	if (event->mask & IN_DELETE)
	491	printf("delete %s\n", event->name);
	492	}
	493	}
a05f6511	494	return 0;
0dc34c77 EB	495	}
	496
	497	int do_netns(int argc, char **argv)
	498	{
	499	if (argc < 1)
	500	return netns_list(0, NULL);
	501
	502	if ((matches(argv, "list") == 0) \|\| (matches(argv, "show") == 0) \|\|
	503	(matches(*argv, "lst") == 0))
	504	return netns_list(argc-1, argv+1);
	505
	506	if (matches(*argv, "help") == 0)
8e2d47dc	507	return usage();
0dc34c77 EB	508
	509	if (matches(*argv, "add") == 0)
	510	return netns_add(argc-1, argv+1);
	511
	512	if (matches(*argv, "delete") == 0)
	513	return netns_delete(argc-1, argv+1);
	514
9a7b3d91 EB	515	if (matches(*argv, "identify") == 0)
	516	return netns_identify(argc-1, argv+1);
	517
	518	if (matches(*argv, "pids") == 0)
	519	return netns_pids(argc-1, argv+1);
	520
0dc34c77 EB	521	if (matches(*argv, "exec") == 0)
	522	return netns_exec(argc-1, argv+1);
	523
	524	if (matches(*argv, "monitor") == 0)
	525	return netns_monitor(argc-1, argv+1);
	526
	527	fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv);
a05f6511	528	exit(-1);
0dc34c77	529	}