]>
Commit | Line | Data |
---|---|---|
0dc34c77 EB |
1 | #define _ATFILE_SOURCE |
2 | #include <sys/types.h> | |
3 | #include <sys/stat.h> | |
4 | #include <sys/wait.h> | |
5 | #include <sys/inotify.h> | |
6 | #include <sys/mount.h> | |
7 | #include <sys/param.h> | |
8 | #include <sys/syscall.h> | |
9 | #include <stdio.h> | |
10 | #include <string.h> | |
11 | #include <sched.h> | |
12 | #include <fcntl.h> | |
13 | #include <dirent.h> | |
14 | #include <errno.h> | |
15 | #include <unistd.h> | |
9a7b3d91 | 16 | #include <ctype.h> |
0dc34c77 EB |
17 | |
18 | #include "utils.h" | |
19 | #include "ip_common.h" | |
20 | ||
21 | #define NETNS_RUN_DIR "/var/run/netns" | |
22 | #define NETNS_ETC_DIR "/etc/netns" | |
23 | ||
24 | #ifndef CLONE_NEWNET | |
25 | #define CLONE_NEWNET 0x40000000 /* New network namespace (lo, device, names sockets, etc) */ | |
26 | #endif | |
27 | ||
28 | #ifndef MNT_DETACH | |
29 | #define MNT_DETACH 0x00000002 /* Just detach from the tree */ | |
30 | #endif /* MNT_DETACH */ | |
31 | ||
2e8a07f5 | 32 | #ifndef HAVE_SETNS |
0dc34c77 EB |
33 | static int setns(int fd, int nstype) |
34 | { | |
35 | #ifdef __NR_setns | |
36 | return syscall(__NR_setns, fd, nstype); | |
37 | #else | |
38 | errno = ENOSYS; | |
39 | return -1; | |
40 | #endif | |
41 | } | |
2e8a07f5 | 42 | #endif /* HAVE_SETNS */ |
0dc34c77 | 43 | |
8e2d47dc | 44 | static int usage(void) |
0dc34c77 EB |
45 | { |
46 | fprintf(stderr, "Usage: ip netns list\n"); | |
47 | fprintf(stderr, " ip netns add NAME\n"); | |
48 | fprintf(stderr, " ip netns delete NAME\n"); | |
9a7b3d91 EB |
49 | fprintf(stderr, " ip netns identify PID\n"); |
50 | fprintf(stderr, " ip netns pids NAME\n"); | |
0dc34c77 EB |
51 | fprintf(stderr, " ip netns exec NAME cmd ...\n"); |
52 | fprintf(stderr, " ip netns monitor\n"); | |
8e2d47dc | 53 | return EXIT_FAILURE; |
0dc34c77 EB |
54 | } |
55 | ||
56 | int get_netns_fd(const char *name) | |
57 | { | |
58 | char pathbuf[MAXPATHLEN]; | |
59 | const char *path, *ptr; | |
60 | ||
61 | path = name; | |
62 | ptr = strchr(name, '/'); | |
63 | if (!ptr) { | |
64 | snprintf(pathbuf, sizeof(pathbuf), "%s/%s", | |
65 | NETNS_RUN_DIR, name ); | |
66 | path = pathbuf; | |
67 | } | |
68 | return open(path, O_RDONLY); | |
69 | } | |
70 | ||
71 | static int netns_list(int argc, char **argv) | |
72 | { | |
73 | struct dirent *entry; | |
74 | DIR *dir; | |
75 | ||
76 | dir = opendir(NETNS_RUN_DIR); | |
77 | if (!dir) | |
8e2d47dc | 78 | return EXIT_SUCCESS; |
0dc34c77 EB |
79 | |
80 | while ((entry = readdir(dir)) != NULL) { | |
81 | if (strcmp(entry->d_name, ".") == 0) | |
82 | continue; | |
83 | if (strcmp(entry->d_name, "..") == 0) | |
84 | continue; | |
85 | printf("%s\n", entry->d_name); | |
86 | } | |
87 | closedir(dir); | |
8e2d47dc | 88 | return EXIT_SUCCESS; |
0dc34c77 EB |
89 | } |
90 | ||
91 | static void bind_etc(const char *name) | |
92 | { | |
93 | char etc_netns_path[MAXPATHLEN]; | |
94 | char netns_name[MAXPATHLEN]; | |
95 | char etc_name[MAXPATHLEN]; | |
96 | struct dirent *entry; | |
97 | DIR *dir; | |
98 | ||
99 | snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name); | |
100 | dir = opendir(etc_netns_path); | |
101 | if (!dir) | |
102 | return; | |
103 | ||
104 | while ((entry = readdir(dir)) != NULL) { | |
105 | if (strcmp(entry->d_name, ".") == 0) | |
106 | continue; | |
107 | if (strcmp(entry->d_name, "..") == 0) | |
108 | continue; | |
109 | snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name); | |
110 | snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name); | |
111 | if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) { | |
112 | fprintf(stderr, "Bind %s -> %s failed: %s\n", | |
113 | netns_name, etc_name, strerror(errno)); | |
114 | } | |
115 | } | |
116 | closedir(dir); | |
117 | } | |
118 | ||
119 | static int netns_exec(int argc, char **argv) | |
120 | { | |
121 | /* Setup the proper environment for apps that are not netns | |
122 | * aware, and execute a program in that environment. | |
123 | */ | |
124 | const char *name, *cmd; | |
125 | char net_path[MAXPATHLEN]; | |
126 | int netns; | |
127 | ||
128 | if (argc < 1) { | |
129 | fprintf(stderr, "No netns name specified\n"); | |
8e2d47dc | 130 | return EXIT_FAILURE; |
0dc34c77 EB |
131 | } |
132 | if (argc < 2) { | |
133 | fprintf(stderr, "No cmd specified\n"); | |
8e2d47dc | 134 | return EXIT_FAILURE; |
0dc34c77 EB |
135 | } |
136 | name = argv[0]; | |
137 | cmd = argv[1]; | |
138 | snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name); | |
139 | netns = open(net_path, O_RDONLY); | |
140 | if (netns < 0) { | |
4395d48c EB |
141 | fprintf(stderr, "Cannot open network namespace %s: %s\n", |
142 | name, strerror(errno)); | |
8e2d47dc | 143 | return EXIT_FAILURE; |
0dc34c77 EB |
144 | } |
145 | if (setns(netns, CLONE_NEWNET) < 0) { | |
146 | fprintf(stderr, "seting the network namespace failed: %s\n", | |
147 | strerror(errno)); | |
8e2d47dc | 148 | return EXIT_FAILURE; |
0dc34c77 EB |
149 | } |
150 | ||
151 | if (unshare(CLONE_NEWNS) < 0) { | |
152 | fprintf(stderr, "unshare failed: %s\n", strerror(errno)); | |
8e2d47dc | 153 | return EXIT_FAILURE; |
0dc34c77 | 154 | } |
144e6ce1 EB |
155 | /* Don't let any mounts propogate back to the parent */ |
156 | if (mount("", "/", "none", MS_SLAVE | MS_REC, NULL)) { | |
157 | fprintf(stderr, "mount --make-rslave / failed: %s\n", | |
158 | strerror(errno)); | |
8e2d47dc | 159 | return EXIT_FAILURE; |
144e6ce1 | 160 | } |
0dc34c77 EB |
161 | /* Mount a version of /sys that describes the network namespace */ |
162 | if (umount2("/sys", MNT_DETACH) < 0) { | |
163 | fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno)); | |
8e2d47dc | 164 | return EXIT_FAILURE; |
0dc34c77 EB |
165 | } |
166 | if (mount(name, "/sys", "sysfs", 0, NULL) < 0) { | |
167 | fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno)); | |
8e2d47dc | 168 | return EXIT_FAILURE; |
0dc34c77 EB |
169 | } |
170 | ||
171 | /* Setup bind mounts for config files in /etc */ | |
172 | bind_etc(name); | |
173 | ||
174 | if (execvp(cmd, argv + 1) < 0) | |
175 | fprintf(stderr, "exec of %s failed: %s\n", | |
176 | cmd, strerror(errno)); | |
8e2d47dc | 177 | return EXIT_FAILURE; |
0dc34c77 EB |
178 | } |
179 | ||
9a7b3d91 EB |
180 | static int is_pid(const char *str) |
181 | { | |
182 | int ch; | |
183 | for (; (ch = *str); str++) { | |
184 | if (!isdigit(ch)) | |
185 | return 0; | |
186 | } | |
187 | return 1; | |
188 | } | |
189 | ||
190 | static int netns_pids(int argc, char **argv) | |
191 | { | |
192 | const char *name; | |
193 | char net_path[MAXPATHLEN]; | |
194 | int netns; | |
195 | struct stat netst; | |
196 | DIR *dir; | |
197 | struct dirent *entry; | |
198 | ||
199 | if (argc < 1) { | |
200 | fprintf(stderr, "No netns name specified\n"); | |
201 | return EXIT_FAILURE; | |
202 | } | |
203 | if (argc > 1) { | |
204 | fprintf(stderr, "extra arguments specified\n"); | |
205 | return EXIT_FAILURE; | |
206 | } | |
207 | ||
208 | name = argv[0]; | |
209 | snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name); | |
210 | netns = open(net_path, O_RDONLY); | |
211 | if (netns < 0) { | |
212 | fprintf(stderr, "Cannot open network namespace: %s\n", | |
213 | strerror(errno)); | |
214 | return EXIT_FAILURE; | |
215 | } | |
216 | if (fstat(netns, &netst) < 0) { | |
217 | fprintf(stderr, "Stat of netns failed: %s\n", | |
218 | strerror(errno)); | |
219 | return EXIT_FAILURE; | |
220 | } | |
221 | dir = opendir("/proc/"); | |
222 | if (!dir) { | |
223 | fprintf(stderr, "Open of /proc failed: %s\n", | |
224 | strerror(errno)); | |
225 | return EXIT_FAILURE; | |
226 | } | |
227 | while((entry = readdir(dir))) { | |
228 | char pid_net_path[MAXPATHLEN]; | |
229 | struct stat st; | |
230 | if (!is_pid(entry->d_name)) | |
231 | continue; | |
232 | snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%s/ns/net", | |
233 | entry->d_name); | |
234 | if (stat(pid_net_path, &st) != 0) | |
235 | continue; | |
236 | if ((st.st_dev == netst.st_dev) && | |
237 | (st.st_ino == netst.st_ino)) { | |
238 | printf("%s\n", entry->d_name); | |
239 | } | |
240 | } | |
241 | closedir(dir); | |
242 | return EXIT_SUCCESS; | |
243 | ||
244 | } | |
245 | ||
246 | static int netns_identify(int argc, char **argv) | |
247 | { | |
248 | const char *pidstr; | |
249 | char net_path[MAXPATHLEN]; | |
250 | int netns; | |
251 | struct stat netst; | |
252 | DIR *dir; | |
253 | struct dirent *entry; | |
254 | ||
255 | if (argc < 1) { | |
256 | fprintf(stderr, "No pid specified\n"); | |
257 | return EXIT_FAILURE; | |
258 | } | |
259 | if (argc > 1) { | |
260 | fprintf(stderr, "extra arguments specified\n"); | |
261 | return EXIT_FAILURE; | |
262 | } | |
263 | pidstr = argv[0]; | |
264 | ||
265 | if (!is_pid(pidstr)) { | |
266 | fprintf(stderr, "Specified string '%s' is not a pid\n", | |
267 | pidstr); | |
268 | return EXIT_FAILURE; | |
269 | } | |
270 | ||
271 | snprintf(net_path, sizeof(net_path), "/proc/%s/ns/net", pidstr); | |
272 | netns = open(net_path, O_RDONLY); | |
273 | if (netns < 0) { | |
274 | fprintf(stderr, "Cannot open network namespace: %s\n", | |
275 | strerror(errno)); | |
276 | return EXIT_FAILURE; | |
277 | } | |
278 | if (fstat(netns, &netst) < 0) { | |
279 | fprintf(stderr, "Stat of netns failed: %s\n", | |
280 | strerror(errno)); | |
281 | return EXIT_FAILURE; | |
282 | } | |
283 | dir = opendir(NETNS_RUN_DIR); | |
284 | if (!dir) { | |
285 | /* Succeed treat a missing directory as an empty directory */ | |
286 | if (errno == ENOENT) | |
287 | return EXIT_SUCCESS; | |
288 | ||
289 | fprintf(stderr, "Failed to open directory %s:%s\n", | |
290 | NETNS_RUN_DIR, strerror(errno)); | |
291 | return EXIT_FAILURE; | |
292 | } | |
293 | ||
294 | while((entry = readdir(dir))) { | |
295 | char name_path[MAXPATHLEN]; | |
296 | struct stat st; | |
297 | ||
298 | if (strcmp(entry->d_name, ".") == 0) | |
299 | continue; | |
300 | if (strcmp(entry->d_name, "..") == 0) | |
301 | continue; | |
302 | ||
303 | snprintf(name_path, sizeof(name_path), "%s/%s", NETNS_RUN_DIR, | |
304 | entry->d_name); | |
305 | ||
306 | if (stat(name_path, &st) != 0) | |
307 | continue; | |
308 | ||
309 | if ((st.st_dev == netst.st_dev) && | |
310 | (st.st_ino == netst.st_ino)) { | |
311 | printf("%s\n", entry->d_name); | |
312 | } | |
313 | } | |
314 | closedir(dir); | |
315 | return EXIT_SUCCESS; | |
316 | ||
317 | } | |
318 | ||
0dc34c77 EB |
319 | static int netns_delete(int argc, char **argv) |
320 | { | |
321 | const char *name; | |
322 | char netns_path[MAXPATHLEN]; | |
323 | ||
324 | if (argc < 1) { | |
325 | fprintf(stderr, "No netns name specified\n"); | |
8e2d47dc | 326 | return EXIT_FAILURE; |
0dc34c77 EB |
327 | } |
328 | ||
329 | name = argv[0]; | |
330 | snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name); | |
331 | umount2(netns_path, MNT_DETACH); | |
332 | if (unlink(netns_path) < 0) { | |
333 | fprintf(stderr, "Cannot remove %s: %s\n", | |
334 | netns_path, strerror(errno)); | |
8e2d47dc | 335 | return EXIT_FAILURE; |
0dc34c77 | 336 | } |
8e2d47dc | 337 | return EXIT_SUCCESS; |
0dc34c77 EB |
338 | } |
339 | ||
340 | static int netns_add(int argc, char **argv) | |
341 | { | |
342 | /* This function creates a new network namespace and | |
343 | * a new mount namespace and bind them into a well known | |
344 | * location in the filesystem based on the name provided. | |
345 | * | |
346 | * The mount namespace is created so that any necessary | |
347 | * userspace tweaks like remounting /sys, or bind mounting | |
348 | * a new /etc/resolv.conf can be shared between uers. | |
349 | */ | |
350 | char netns_path[MAXPATHLEN]; | |
351 | const char *name; | |
223f4d8e | 352 | int fd; |
58a3e827 | 353 | int made_netns_run_dir_mount = 0; |
0dc34c77 EB |
354 | |
355 | if (argc < 1) { | |
356 | fprintf(stderr, "No netns name specified\n"); | |
8e2d47dc | 357 | return EXIT_FAILURE; |
0dc34c77 EB |
358 | } |
359 | name = argv[0]; | |
360 | ||
361 | snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name); | |
362 | ||
363 | /* Create the base netns directory if it doesn't exist */ | |
364 | mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); | |
365 | ||
58a3e827 EB |
366 | /* Make it possible for network namespace mounts to propogate between |
367 | * mount namespaces. This makes it likely that a unmounting a network | |
368 | * namespace file in one namespace will unmount the network namespace | |
369 | * file in all namespaces allowing the network namespace to be freed | |
370 | * sooner. | |
371 | */ | |
372 | while (mount("", NETNS_RUN_DIR, "none", MS_SHARED | MS_REC, NULL)) { | |
373 | /* Fail unless we need to make the mount point */ | |
374 | if (errno != EINVAL || made_netns_run_dir_mount) { | |
375 | fprintf(stderr, "mount --make-shared %s failed: %s\n", | |
376 | NETNS_RUN_DIR, strerror(errno)); | |
377 | return EXIT_FAILURE; | |
378 | } | |
379 | ||
380 | /* Upgrade NETNS_RUN_DIR to a mount point */ | |
381 | if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) { | |
382 | fprintf(stderr, "mount --bind %s %s failed: %s\n", | |
383 | NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno)); | |
384 | return EXIT_FAILURE; | |
385 | } | |
386 | made_netns_run_dir_mount = 1; | |
387 | } | |
388 | ||
0dc34c77 | 389 | /* Create the filesystem state */ |
223f4d8e EB |
390 | fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0); |
391 | if (fd < 0) { | |
0dc34c77 EB |
392 | fprintf(stderr, "Could not create %s: %s\n", |
393 | netns_path, strerror(errno)); | |
8e2d47dc | 394 | return EXIT_FAILURE; |
0dc34c77 | 395 | } |
223f4d8e | 396 | close(fd); |
0dc34c77 EB |
397 | if (unshare(CLONE_NEWNET) < 0) { |
398 | fprintf(stderr, "Failed to create a new network namespace: %s\n", | |
399 | strerror(errno)); | |
400 | goto out_delete; | |
401 | } | |
402 | ||
403 | /* Bind the netns last so I can watch for it */ | |
404 | if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) { | |
405 | fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n", | |
406 | netns_path, strerror(errno)); | |
407 | goto out_delete; | |
408 | } | |
8e2d47dc | 409 | return EXIT_SUCCESS; |
0dc34c77 EB |
410 | out_delete: |
411 | netns_delete(argc, argv); | |
8e2d47dc | 412 | return EXIT_FAILURE; |
0dc34c77 EB |
413 | } |
414 | ||
415 | ||
416 | static int netns_monitor(int argc, char **argv) | |
417 | { | |
418 | char buf[4096]; | |
419 | struct inotify_event *event; | |
420 | int fd; | |
421 | fd = inotify_init(); | |
422 | if (fd < 0) { | |
423 | fprintf(stderr, "inotify_init failed: %s\n", | |
424 | strerror(errno)); | |
8e2d47dc | 425 | return EXIT_FAILURE; |
0dc34c77 EB |
426 | } |
427 | if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE | IN_DELETE) < 0) { | |
428 | fprintf(stderr, "inotify_add_watch failed: %s\n", | |
429 | strerror(errno)); | |
8e2d47dc | 430 | return EXIT_FAILURE; |
0dc34c77 EB |
431 | } |
432 | for(;;) { | |
433 | ssize_t len = read(fd, buf, sizeof(buf)); | |
434 | if (len < 0) { | |
435 | fprintf(stderr, "read failed: %s\n", | |
436 | strerror(errno)); | |
8e2d47dc | 437 | return EXIT_FAILURE; |
0dc34c77 EB |
438 | } |
439 | for (event = (struct inotify_event *)buf; | |
440 | (char *)event < &buf[len]; | |
441 | event = (struct inotify_event *)((char *)event + sizeof(*event) + event->len)) { | |
442 | if (event->mask & IN_CREATE) | |
443 | printf("add %s\n", event->name); | |
444 | if (event->mask & IN_DELETE) | |
445 | printf("delete %s\n", event->name); | |
446 | } | |
447 | } | |
8e2d47dc | 448 | return EXIT_SUCCESS; |
0dc34c77 EB |
449 | } |
450 | ||
451 | int do_netns(int argc, char **argv) | |
452 | { | |
453 | if (argc < 1) | |
454 | return netns_list(0, NULL); | |
455 | ||
456 | if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) || | |
457 | (matches(*argv, "lst") == 0)) | |
458 | return netns_list(argc-1, argv+1); | |
459 | ||
460 | if (matches(*argv, "help") == 0) | |
8e2d47dc | 461 | return usage(); |
0dc34c77 EB |
462 | |
463 | if (matches(*argv, "add") == 0) | |
464 | return netns_add(argc-1, argv+1); | |
465 | ||
466 | if (matches(*argv, "delete") == 0) | |
467 | return netns_delete(argc-1, argv+1); | |
468 | ||
9a7b3d91 EB |
469 | if (matches(*argv, "identify") == 0) |
470 | return netns_identify(argc-1, argv+1); | |
471 | ||
472 | if (matches(*argv, "pids") == 0) | |
473 | return netns_pids(argc-1, argv+1); | |
474 | ||
0dc34c77 EB |
475 | if (matches(*argv, "exec") == 0) |
476 | return netns_exec(argc-1, argv+1); | |
477 | ||
478 | if (matches(*argv, "monitor") == 0) | |
479 | return netns_monitor(argc-1, argv+1); | |
480 | ||
481 | fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv); | |
8e2d47dc | 482 | return EXIT_FAILURE; |
0dc34c77 | 483 | } |