[mirror_iproute2.git] / ip / ipnetns.c

#define _ATFILE_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/inotify.h>
#include <sys/mount.h>
#include <sys/param.h>
#include <sys/syscall.h>
#include <stdio.h>
#include <string.h>
#include <sched.h>
#include <fcntl.h>
#include <dirent.h>
#include <errno.h>
#include <unistd.h>
#include <ctype.h>

#include "utils.h"
#include "ip_common.h"

#define NETNS_RUN_DIR "/var/run/netns"
#define NETNS_ETC_DIR "/etc/netns"

#ifndef CLONE_NEWNET
#define CLONE_NEWNET 0x40000000	/* New network namespace (lo, device, names sockets, etc) */
#endif

#ifndef MNT_DETACH
#define MNT_DETACH	0x00000002	/* Just detach from the tree */
#endif /* MNT_DETACH */

#ifndef HAVE_SETNS
static int setns(int fd, int nstype)
{
#ifdef __NR_setns
	return syscall(__NR_setns, fd, nstype);
#else
	errno = ENOSYS;
	return -1;
#endif
}
#endif /* HAVE_SETNS */

static int usage(void)
{
	fprintf(stderr, "Usage: ip netns list\n");
	fprintf(stderr, "       ip netns add NAME\n");
	fprintf(stderr, "       ip netns delete NAME\n");
	fprintf(stderr, "       ip netns identify PID\n");
	fprintf(stderr, "       ip netns pids NAME\n");
	fprintf(stderr, "       ip netns exec NAME cmd ...\n");
	fprintf(stderr, "       ip netns monitor\n");
	return EXIT_FAILURE;
}

int get_netns_fd(const char *name)
{
	char pathbuf[MAXPATHLEN];
	const char *path, *ptr;

	path = name;
	ptr = strchr(name, '/');
	if (!ptr) {
		snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
			NETNS_RUN_DIR, name );
		path = pathbuf;
	}
	return open(path, O_RDONLY);
}

static int netns_list(int argc, char **argv)
{
	struct dirent *entry;
	DIR *dir;

	dir = opendir(NETNS_RUN_DIR);
	if (!dir)
		return EXIT_SUCCESS;

	while ((entry = readdir(dir)) != NULL) {
		if (strcmp(entry->d_name, ".") == 0)
			continue;
		if (strcmp(entry->d_name, "..") == 0)
			continue;
		printf("%s\n", entry->d_name);
	}
	closedir(dir);
	return EXIT_SUCCESS;
}

static void bind_etc(const char *name)
{
	char etc_netns_path[MAXPATHLEN];
	char netns_name[MAXPATHLEN];
	char etc_name[MAXPATHLEN];
	struct dirent *entry;
	DIR *dir;

	snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name);
	dir = opendir(etc_netns_path);
	if (!dir)
		return;

	while ((entry = readdir(dir)) != NULL) {
		if (strcmp(entry->d_name, ".") == 0)
			continue;
		if (strcmp(entry->d_name, "..") == 0)
			continue;
		snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name);
		snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name);
		if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) {
			fprintf(stderr, "Bind %s -> %s failed: %s\n",
				netns_name, etc_name, strerror(errno));
		}
	}
	closedir(dir);
}

static int netns_exec(int argc, char **argv)
{
	/* Setup the proper environment for apps that are not netns
	 * aware, and execute a program in that environment.
	 */
	const char *name, *cmd;
	char net_path[MAXPATHLEN];
	int netns;

	if (argc < 1) {
		fprintf(stderr, "No netns name specified\n");
		return EXIT_FAILURE;
	}
	if (argc < 2) {
		fprintf(stderr, "No cmd specified\n");
		return EXIT_FAILURE;
	}
	name = argv[0];
	cmd = argv[1];
	snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
	netns = open(net_path, O_RDONLY);
	if (netns < 0) {
		fprintf(stderr, "Cannot open network namespace %s: %s\n",
			name, strerror(errno));
		return EXIT_FAILURE;
	}
	if (setns(netns, CLONE_NEWNET) < 0) {
		fprintf(stderr, "seting the network namespace failed: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}

	if (unshare(CLONE_NEWNS) < 0) {
		fprintf(stderr, "unshare failed: %s\n", strerror(errno));
		return EXIT_FAILURE;
	}
	/* Don't let any mounts propogate back to the parent */
	if (mount("", "/", "none", MS_SLAVE | MS_REC, NULL)) {
		fprintf(stderr, "mount --make-rslave / failed: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}
	/* Mount a version of /sys that describes the network namespace */
	if (umount2("/sys", MNT_DETACH) < 0) {
		fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno));
		return EXIT_FAILURE;
	}
	if (mount(name, "/sys", "sysfs", 0, NULL) < 0) {
		fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno));
		return EXIT_FAILURE;
	}

	/* Setup bind mounts for config files in /etc */
	bind_etc(name);

	if (execvp(cmd, argv + 1)  < 0)
		fprintf(stderr, "exec of %s failed: %s\n",
			cmd, strerror(errno));
	return EXIT_FAILURE;
}

static int is_pid(const char *str)
{
	int ch;
	for (; (ch = *str); str++) {
		if (!isdigit(ch))
			return 0;
	}
	return 1;
}

static int netns_pids(int argc, char **argv)
{
	const char *name;
	char net_path[MAXPATHLEN];
	int netns;
	struct stat netst;
	DIR *dir;
	struct dirent *entry;

	if (argc < 1) {
		fprintf(stderr, "No netns name specified\n");
		return EXIT_FAILURE;
	}
	if (argc > 1) {
		fprintf(stderr, "extra arguments specified\n");
		return EXIT_FAILURE;
	}

	name = argv[0];
	snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
	netns = open(net_path, O_RDONLY);
	if (netns < 0) {
		fprintf(stderr, "Cannot open network namespace: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}
	if (fstat(netns, &netst) < 0) {
		fprintf(stderr, "Stat of netns failed: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}
	dir = opendir("/proc/");
	if (!dir) {
		fprintf(stderr, "Open of /proc failed: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}
	while((entry = readdir(dir))) {
		char pid_net_path[MAXPATHLEN];
		struct stat st;
		if (!is_pid(entry->d_name))
			continue;
		snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%s/ns/net",
			entry->d_name);
		if (stat(pid_net_path, &st) != 0)
			continue;
		if ((st.st_dev == netst.st_dev) &&
		    (st.st_ino == netst.st_ino)) {
			printf("%s\n", entry->d_name);
		}
	}
	closedir(dir);
	return EXIT_SUCCESS;
	
}

static int netns_identify(int argc, char **argv)
{
	const char *pidstr;
	char net_path[MAXPATHLEN];
	int netns;
	struct stat netst;
	DIR *dir;
	struct dirent *entry;

	if (argc < 1) {
		fprintf(stderr, "No pid specified\n");
		return EXIT_FAILURE;
	}
	if (argc > 1) {
		fprintf(stderr, "extra arguments specified\n");
		return EXIT_FAILURE;
	}
	pidstr = argv[0];

	if (!is_pid(pidstr)) {
		fprintf(stderr, "Specified string '%s' is not a pid\n",
			pidstr);
		return EXIT_FAILURE;
	}

	snprintf(net_path, sizeof(net_path), "/proc/%s/ns/net", pidstr);
	netns = open(net_path, O_RDONLY);
	if (netns < 0) {
		fprintf(stderr, "Cannot open network namespace: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}
	if (fstat(netns, &netst) < 0) {
		fprintf(stderr, "Stat of netns failed: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}
	dir = opendir(NETNS_RUN_DIR);
	if (!dir) {
		/* Succeed treat a missing directory as an empty directory */
		if (errno == ENOENT)
			return EXIT_SUCCESS;

		fprintf(stderr, "Failed to open directory %s:%s\n",
			NETNS_RUN_DIR, strerror(errno));
		return EXIT_FAILURE;
	}

	while((entry = readdir(dir))) {
		char name_path[MAXPATHLEN];
		struct stat st;

		if (strcmp(entry->d_name, ".") == 0)
			continue;
		if (strcmp(entry->d_name, "..") == 0)
			continue;

		snprintf(name_path, sizeof(name_path), "%s/%s",	NETNS_RUN_DIR,
			entry->d_name);

		if (stat(name_path, &st) != 0)
			continue;

		if ((st.st_dev == netst.st_dev) &&
		    (st.st_ino == netst.st_ino)) {
			printf("%s\n", entry->d_name);
		}
	}
	closedir(dir);
	return EXIT_SUCCESS;
	
}

static int netns_delete(int argc, char **argv)
{
	const char *name;
	char netns_path[MAXPATHLEN];

	if (argc < 1) {
		fprintf(stderr, "No netns name specified\n");
		return EXIT_FAILURE;
	}

	name = argv[0];
	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
	umount2(netns_path, MNT_DETACH);
	if (unlink(netns_path) < 0) {
		fprintf(stderr, "Cannot remove %s: %s\n",
			netns_path, strerror(errno));
		return EXIT_FAILURE;
	}
	return EXIT_SUCCESS;
}

static int netns_add(int argc, char **argv)
{
	/* This function creates a new network namespace and
	 * a new mount namespace and bind them into a well known
	 * location in the filesystem based on the name provided.
	 *
	 * The mount namespace is created so that any necessary
	 * userspace tweaks like remounting /sys, or bind mounting
	 * a new /etc/resolv.conf can be shared between uers.
	 */
	char netns_path[MAXPATHLEN];
	const char *name;
	int fd;
	int made_netns_run_dir_mount = 0;

	if (argc < 1) {
		fprintf(stderr, "No netns name specified\n");
		return EXIT_FAILURE;
	}
	name = argv[0];

	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);

	/* Create the base netns directory if it doesn't exist */
	mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);

	/* Make it possible for network namespace mounts to propogate between
	 * mount namespaces.  This makes it likely that a unmounting a network
	 * namespace file in one namespace will unmount the network namespace
	 * file in all namespaces allowing the network namespace to be freed
	 * sooner.
	 */
	while (mount("", NETNS_RUN_DIR, "none", MS_SHARED | MS_REC, NULL)) {
		/* Fail unless we need to make the mount point */
		if (errno != EINVAL || made_netns_run_dir_mount) {
			fprintf(stderr, "mount --make-shared %s failed: %s\n",
				NETNS_RUN_DIR, strerror(errno));
			return EXIT_FAILURE;
		}

		/* Upgrade NETNS_RUN_DIR to a mount point */
		if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) {
			fprintf(stderr, "mount --bind %s %s failed: %s\n",
				NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno));
			return EXIT_FAILURE;
		}
		made_netns_run_dir_mount = 1;
	}

	/* Create the filesystem state */
	fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0);
	if (fd < 0) {
		fprintf(stderr, "Could not create %s: %s\n",
			netns_path, strerror(errno));
		return EXIT_FAILURE;
	}
	close(fd);
	if (unshare(CLONE_NEWNET) < 0) {
		fprintf(stderr, "Failed to create a new network namespace: %s\n",
			strerror(errno));
		goto out_delete;
	}

	/* Bind the netns last so I can watch for it */
	if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) {
		fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n",
			netns_path, strerror(errno));
		goto out_delete;
	}
	return EXIT_SUCCESS;
out_delete:
	netns_delete(argc, argv);
	return EXIT_FAILURE;
}


static int netns_monitor(int argc, char **argv)
{
	char buf[4096];
	struct inotify_event *event;
	int fd;
	fd = inotify_init();
	if (fd < 0) {
		fprintf(stderr, "inotify_init failed: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}
	if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE | IN_DELETE) < 0) {
		fprintf(stderr, "inotify_add_watch failed: %s\n",
			strerror(errno));
		return EXIT_FAILURE;
	}
	for(;;) {
		ssize_t len = read(fd, buf, sizeof(buf));
		if (len < 0) {
			fprintf(stderr, "read failed: %s\n",
				strerror(errno));
			return EXIT_FAILURE;
		}
		for (event = (struct inotify_event *)buf;
		     (char *)event < &buf[len];
		     event = (struct inotify_event *)((char *)event + sizeof(*event) + event->len)) {
			if (event->mask & IN_CREATE)
				printf("add %s\n", event->name);
			if (event->mask & IN_DELETE)
				printf("delete %s\n", event->name);
		}
	}
	return EXIT_SUCCESS;
}

int do_netns(int argc, char **argv)
{
	if (argc < 1)
		return netns_list(0, NULL);

	if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) ||
	    (matches(*argv, "lst") == 0))
		return netns_list(argc-1, argv+1);

	if (matches(*argv, "help") == 0)
		return usage();

	if (matches(*argv, "add") == 0)
		return netns_add(argc-1, argv+1);

	if (matches(*argv, "delete") == 0)
		return netns_delete(argc-1, argv+1);

	if (matches(*argv, "identify") == 0)
		return netns_identify(argc-1, argv+1);

	if (matches(*argv, "pids") == 0)
		return netns_pids(argc-1, argv+1);

	if (matches(*argv, "exec") == 0)
		return netns_exec(argc-1, argv+1);

	if (matches(*argv, "monitor") == 0)
		return netns_monitor(argc-1, argv+1);

	fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv);
	return EXIT_FAILURE;
}
Commit	Line	Data
0dc34c77 EB	1	#define _ATFILE_SOURCE
	2	#include <sys/types.h>
	3	#include <sys/stat.h>
	4	#include <sys/wait.h>
	5	#include <sys/inotify.h>
	6	#include <sys/mount.h>
	7	#include <sys/param.h>
	8	#include <sys/syscall.h>
	9	#include <stdio.h>
	10	#include <string.h>
	11	#include <sched.h>
	12	#include <fcntl.h>
	13	#include <dirent.h>
	14	#include <errno.h>
	15	#include <unistd.h>
9a7b3d91	16	#include <ctype.h>
0dc34c77 EB	17
	18	#include "utils.h"
	19	#include "ip_common.h"
	20
	21	#define NETNS_RUN_DIR "/var/run/netns"
	22	#define NETNS_ETC_DIR "/etc/netns"
	23
	24	#ifndef CLONE_NEWNET
	25	#define CLONE_NEWNET 0x40000000 /* New network namespace (lo, device, names sockets, etc) */
	26	#endif
	27
	28	#ifndef MNT_DETACH
	29	#define MNT_DETACH 0x00000002 /* Just detach from the tree */
	30	#endif /* MNT_DETACH */
	31
2e8a07f5	32	#ifndef HAVE_SETNS
0dc34c77 EB	33	static int setns(int fd, int nstype)
	34	{
	35	#ifdef __NR_setns
	36	return syscall(__NR_setns, fd, nstype);
	37	#else
	38	errno = ENOSYS;
	39	return -1;
	40	#endif
	41	}
2e8a07f5	42	#endif /* HAVE_SETNS */
0dc34c77	43
8e2d47dc	44	static int usage(void)
0dc34c77 EB	45	{
	46	fprintf(stderr, "Usage: ip netns list\n");
	47	fprintf(stderr, " ip netns add NAME\n");
	48	fprintf(stderr, " ip netns delete NAME\n");
9a7b3d91 EB	49	fprintf(stderr, " ip netns identify PID\n");
9a7b3d91 EB	50	fprintf(stderr, " ip netns pids NAME\n");
0dc34c77 EB	51	fprintf(stderr, " ip netns exec NAME cmd ...\n");
0dc34c77 EB	52	fprintf(stderr, " ip netns monitor\n");
8e2d47dc	53	return EXIT_FAILURE;
0dc34c77 EB	54	}
	55
	56	int get_netns_fd(const char *name)
	57	{
	58	char pathbuf[MAXPATHLEN];
	59	const char path, ptr;
	60
	61	path = name;
	62	ptr = strchr(name, '/');
	63	if (!ptr) {
	64	snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
	65	NETNS_RUN_DIR, name );
	66	path = pathbuf;
	67	}
	68	return open(path, O_RDONLY);
	69	}
	70
	71	static int netns_list(int argc, char **argv)
	72	{
	73	struct dirent *entry;
	74	DIR *dir;
	75
	76	dir = opendir(NETNS_RUN_DIR);
	77	if (!dir)
8e2d47dc	78	return EXIT_SUCCESS;
0dc34c77 EB	79
	80	while ((entry = readdir(dir)) != NULL) {
	81	if (strcmp(entry->d_name, ".") == 0)
	82	continue;
	83	if (strcmp(entry->d_name, "..") == 0)
	84	continue;
	85	printf("%s\n", entry->d_name);
	86	}
	87	closedir(dir);
8e2d47dc	88	return EXIT_SUCCESS;
0dc34c77 EB	89	}
	90
	91	static void bind_etc(const char *name)
	92	{
	93	char etc_netns_path[MAXPATHLEN];
	94	char netns_name[MAXPATHLEN];
	95	char etc_name[MAXPATHLEN];
	96	struct dirent *entry;
	97	DIR *dir;
	98
	99	snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name);
	100	dir = opendir(etc_netns_path);
	101	if (!dir)
	102	return;
	103
	104	while ((entry = readdir(dir)) != NULL) {
	105	if (strcmp(entry->d_name, ".") == 0)
	106	continue;
	107	if (strcmp(entry->d_name, "..") == 0)
	108	continue;
	109	snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name);
	110	snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name);
	111	if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) {
	112	fprintf(stderr, "Bind %s -> %s failed: %s\n",
	113	netns_name, etc_name, strerror(errno));
	114	}
	115	}
	116	closedir(dir);
	117	}
	118
	119	static int netns_exec(int argc, char **argv)
	120	{
	121	/* Setup the proper environment for apps that are not netns
	122	* aware, and execute a program in that environment.
	123	*/
	124	const char name, cmd;
	125	char net_path[MAXPATHLEN];
	126	int netns;
	127
	128	if (argc < 1) {
	129	fprintf(stderr, "No netns name specified\n");
8e2d47dc	130	return EXIT_FAILURE;
0dc34c77 EB	131	}
	132	if (argc < 2) {
	133	fprintf(stderr, "No cmd specified\n");
8e2d47dc	134	return EXIT_FAILURE;
0dc34c77 EB	135	}
	136	name = argv[0];
	137	cmd = argv[1];
	138	snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
	139	netns = open(net_path, O_RDONLY);
	140	if (netns < 0) {
4395d48c EB	141	fprintf(stderr, "Cannot open network namespace %s: %s\n",
4395d48c EB	142	name, strerror(errno));
8e2d47dc	143	return EXIT_FAILURE;
0dc34c77 EB	144	}
	145	if (setns(netns, CLONE_NEWNET) < 0) {
	146	fprintf(stderr, "seting the network namespace failed: %s\n",
	147	strerror(errno));
8e2d47dc	148	return EXIT_FAILURE;
0dc34c77 EB	149	}
	150
	151	if (unshare(CLONE_NEWNS) < 0) {
	152	fprintf(stderr, "unshare failed: %s\n", strerror(errno));
8e2d47dc	153	return EXIT_FAILURE;
0dc34c77	154	}
144e6ce1 EB	155	/* Don't let any mounts propogate back to the parent */
	156	if (mount("", "/", "none", MS_SLAVE \| MS_REC, NULL)) {
	157	fprintf(stderr, "mount --make-rslave / failed: %s\n",
	158	strerror(errno));
8e2d47dc	159	return EXIT_FAILURE;
144e6ce1	160	}
0dc34c77 EB	161	/* Mount a version of /sys that describes the network namespace */
	162	if (umount2("/sys", MNT_DETACH) < 0) {
	163	fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno));
8e2d47dc	164	return EXIT_FAILURE;
0dc34c77 EB	165	}
	166	if (mount(name, "/sys", "sysfs", 0, NULL) < 0) {
	167	fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno));
8e2d47dc	168	return EXIT_FAILURE;
0dc34c77 EB	169	}
	170
	171	/* Setup bind mounts for config files in /etc */
	172	bind_etc(name);
	173
	174	if (execvp(cmd, argv + 1) < 0)
	175	fprintf(stderr, "exec of %s failed: %s\n",
	176	cmd, strerror(errno));
8e2d47dc	177	return EXIT_FAILURE;
0dc34c77 EB	178	}
0dc34c77 EB	179
9a7b3d91 EB	180	static int is_pid(const char *str)
	181	{
	182	int ch;
	183	for (; (ch = *str); str++) {
	184	if (!isdigit(ch))
	185	return 0;
	186	}
	187	return 1;
	188	}
	189
	190	static int netns_pids(int argc, char **argv)
	191	{
	192	const char *name;
	193	char net_path[MAXPATHLEN];
	194	int netns;
	195	struct stat netst;
	196	DIR *dir;
	197	struct dirent *entry;
	198
	199	if (argc < 1) {
	200	fprintf(stderr, "No netns name specified\n");
	201	return EXIT_FAILURE;
	202	}
	203	if (argc > 1) {
	204	fprintf(stderr, "extra arguments specified\n");
	205	return EXIT_FAILURE;
	206	}
	207
	208	name = argv[0];
	209	snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
	210	netns = open(net_path, O_RDONLY);
	211	if (netns < 0) {
	212	fprintf(stderr, "Cannot open network namespace: %s\n",
	213	strerror(errno));
	214	return EXIT_FAILURE;
	215	}
	216	if (fstat(netns, &netst) < 0) {
	217	fprintf(stderr, "Stat of netns failed: %s\n",
	218	strerror(errno));
	219	return EXIT_FAILURE;
	220	}
	221	dir = opendir("/proc/");
	222	if (!dir) {
	223	fprintf(stderr, "Open of /proc failed: %s\n",
	224	strerror(errno));
	225	return EXIT_FAILURE;
	226	}
	227	while((entry = readdir(dir))) {
	228	char pid_net_path[MAXPATHLEN];
	229	struct stat st;
	230	if (!is_pid(entry->d_name))
	231	continue;
	232	snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%s/ns/net",
	233	entry->d_name);
	234	if (stat(pid_net_path, &st) != 0)
	235	continue;
	236	if ((st.st_dev == netst.st_dev) &&
	237	(st.st_ino == netst.st_ino)) {
	238	printf("%s\n", entry->d_name);
	239	}
	240	}
	241	closedir(dir);
	242	return EXIT_SUCCESS;
	243
244	}
245
246	static int netns_identify(int argc, char **argv)
247	{
248	const char *pidstr;
249	char net_path[MAXPATHLEN];
250	int netns;
251	struct stat netst;
252	DIR *dir;
253	struct dirent *entry;
254
255	if (argc < 1) {
256	fprintf(stderr, "No pid specified\n");
257	return EXIT_FAILURE;
258	}
259	if (argc > 1) {
260	fprintf(stderr, "extra arguments specified\n");
261	return EXIT_FAILURE;
262	}
263	pidstr = argv[0];
264
265	if (!is_pid(pidstr)) {
266	fprintf(stderr, "Specified string '%s' is not a pid\n",
267	pidstr);
268	return EXIT_FAILURE;
269	}
270
271	snprintf(net_path, sizeof(net_path), "/proc/%s/ns/net", pidstr);
272	netns = open(net_path, O_RDONLY);
273	if (netns < 0) {
274	fprintf(stderr, "Cannot open network namespace: %s\n",
275	strerror(errno));
276	return EXIT_FAILURE;
277	}
278	if (fstat(netns, &netst) < 0) {
279	fprintf(stderr, "Stat of netns failed: %s\n",
280	strerror(errno));
281	return EXIT_FAILURE;
282	}
283	dir = opendir(NETNS_RUN_DIR);
284	if (!dir) {
285	/* Succeed treat a missing directory as an empty directory */
286	if (errno == ENOENT)
287	return EXIT_SUCCESS;
288
289	fprintf(stderr, "Failed to open directory %s:%s\n",
290	NETNS_RUN_DIR, strerror(errno));
291	return EXIT_FAILURE;
292	}
293
294	while((entry = readdir(dir))) {
295	char name_path[MAXPATHLEN];
296	struct stat st;
297
298	if (strcmp(entry->d_name, ".") == 0)
299	continue;
300	if (strcmp(entry->d_name, "..") == 0)
301	continue;
302
303	snprintf(name_path, sizeof(name_path), "%s/%s", NETNS_RUN_DIR,
304	entry->d_name);
305
306	if (stat(name_path, &st) != 0)
307	continue;
308
309	if ((st.st_dev == netst.st_dev) &&
310	(st.st_ino == netst.st_ino)) {
311	printf("%s\n", entry->d_name);
312	}
313	}
314	closedir(dir);
315	return EXIT_SUCCESS;
316
317	}
318
0dc34c77 EB	319	static int netns_delete(int argc, char **argv)
	320	{
	321	const char *name;
	322	char netns_path[MAXPATHLEN];
	323
	324	if (argc < 1) {
	325	fprintf(stderr, "No netns name specified\n");
8e2d47dc	326	return EXIT_FAILURE;
0dc34c77 EB	327	}
	328
	329	name = argv[0];
	330	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
	331	umount2(netns_path, MNT_DETACH);
	332	if (unlink(netns_path) < 0) {
	333	fprintf(stderr, "Cannot remove %s: %s\n",
	334	netns_path, strerror(errno));
8e2d47dc	335	return EXIT_FAILURE;
0dc34c77	336	}
8e2d47dc	337	return EXIT_SUCCESS;
0dc34c77 EB	338	}
	339
	340	static int netns_add(int argc, char **argv)
	341	{
	342	/* This function creates a new network namespace and
	343	* a new mount namespace and bind them into a well known
	344	* location in the filesystem based on the name provided.
	345	*
	346	* The mount namespace is created so that any necessary
	347	* userspace tweaks like remounting /sys, or bind mounting
	348	* a new /etc/resolv.conf can be shared between uers.
	349	*/
	350	char netns_path[MAXPATHLEN];
	351	const char *name;
223f4d8e	352	int fd;
58a3e827	353	int made_netns_run_dir_mount = 0;
0dc34c77 EB	354
	355	if (argc < 1) {
	356	fprintf(stderr, "No netns name specified\n");
8e2d47dc	357	return EXIT_FAILURE;
0dc34c77 EB	358	}
	359	name = argv[0];
	360
	361	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
	362
	363	/* Create the base netns directory if it doesn't exist */
	364	mkdir(NETNS_RUN_DIR, S_IRWXU\|S_IRGRP\|S_IXGRP\|S_IROTH\|S_IXOTH);
	365
58a3e827 EB	366	/* Make it possible for network namespace mounts to propogate between
	367	* mount namespaces. This makes it likely that a unmounting a network
	368	* namespace file in one namespace will unmount the network namespace
	369	* file in all namespaces allowing the network namespace to be freed
	370	* sooner.
	371	*/
	372	while (mount("", NETNS_RUN_DIR, "none", MS_SHARED \| MS_REC, NULL)) {
	373	/* Fail unless we need to make the mount point */
	374	if (errno != EINVAL \|\| made_netns_run_dir_mount) {
	375	fprintf(stderr, "mount --make-shared %s failed: %s\n",
	376	NETNS_RUN_DIR, strerror(errno));
	377	return EXIT_FAILURE;
	378	}
	379
	380	/* Upgrade NETNS_RUN_DIR to a mount point */
	381	if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) {
	382	fprintf(stderr, "mount --bind %s %s failed: %s\n",
	383	NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno));
	384	return EXIT_FAILURE;
	385	}
	386	made_netns_run_dir_mount = 1;
	387	}
	388
0dc34c77	389	/* Create the filesystem state */
223f4d8e EB	390	fd = open(netns_path, O_RDONLY\|O_CREAT\|O_EXCL, 0);
223f4d8e EB	391	if (fd < 0) {
0dc34c77 EB	392	fprintf(stderr, "Could not create %s: %s\n",
0dc34c77 EB	393	netns_path, strerror(errno));
8e2d47dc	394	return EXIT_FAILURE;
0dc34c77	395	}
223f4d8e	396	close(fd);
0dc34c77 EB	397	if (unshare(CLONE_NEWNET) < 0) {
	398	fprintf(stderr, "Failed to create a new network namespace: %s\n",
	399	strerror(errno));
	400	goto out_delete;
	401	}
	402
	403	/* Bind the netns last so I can watch for it */
	404	if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) {
	405	fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n",
	406	netns_path, strerror(errno));
	407	goto out_delete;
	408	}
8e2d47dc	409	return EXIT_SUCCESS;
0dc34c77 EB	410	out_delete:
0dc34c77 EB	411	netns_delete(argc, argv);
8e2d47dc	412	return EXIT_FAILURE;
0dc34c77 EB	413	}
	414
	415
	416	static int netns_monitor(int argc, char **argv)
	417	{
	418	char buf[4096];
	419	struct inotify_event *event;
	420	int fd;
	421	fd = inotify_init();
	422	if (fd < 0) {
	423	fprintf(stderr, "inotify_init failed: %s\n",
	424	strerror(errno));
8e2d47dc	425	return EXIT_FAILURE;
0dc34c77 EB	426	}
	427	if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE \| IN_DELETE) < 0) {
	428	fprintf(stderr, "inotify_add_watch failed: %s\n",
	429	strerror(errno));
8e2d47dc	430	return EXIT_FAILURE;
0dc34c77 EB	431	}
	432	for(;;) {
	433	ssize_t len = read(fd, buf, sizeof(buf));
	434	if (len < 0) {
	435	fprintf(stderr, "read failed: %s\n",
	436	strerror(errno));
8e2d47dc	437	return EXIT_FAILURE;
0dc34c77 EB	438	}
	439	for (event = (struct inotify_event *)buf;
	440	(char *)event < &buf[len];
	441	event = (struct inotify_event )((char )event + sizeof(*event) + event->len)) {
	442	if (event->mask & IN_CREATE)
	443	printf("add %s\n", event->name);
	444	if (event->mask & IN_DELETE)
	445	printf("delete %s\n", event->name);
	446	}
	447	}
8e2d47dc	448	return EXIT_SUCCESS;
0dc34c77 EB	449	}
	450
	451	int do_netns(int argc, char **argv)
	452	{
	453	if (argc < 1)
	454	return netns_list(0, NULL);
	455
	456	if ((matches(argv, "list") == 0) \|\| (matches(argv, "show") == 0) \|\|
	457	(matches(*argv, "lst") == 0))
	458	return netns_list(argc-1, argv+1);
	459
	460	if (matches(*argv, "help") == 0)
8e2d47dc	461	return usage();
0dc34c77 EB	462
	463	if (matches(*argv, "add") == 0)
	464	return netns_add(argc-1, argv+1);
	465
	466	if (matches(*argv, "delete") == 0)
	467	return netns_delete(argc-1, argv+1);
	468
9a7b3d91 EB	469	if (matches(*argv, "identify") == 0)
	470	return netns_identify(argc-1, argv+1);
	471
	472	if (matches(*argv, "pids") == 0)
	473	return netns_pids(argc-1, argv+1);
	474
0dc34c77 EB	475	if (matches(*argv, "exec") == 0)
	476	return netns_exec(argc-1, argv+1);
	477
	478	if (matches(*argv, "monitor") == 0)
	479	return netns_monitor(argc-1, argv+1);
	480
	481	fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv);
8e2d47dc	482	return EXIT_FAILURE;
0dc34c77	483	}