]> git.proxmox.com Git - mirror_iproute2.git/blob - ip/ipnetns.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
iproute2: Improve "ip netns add" failure error message
[mirror_iproute2.git] / ip / ipnetns.c
1 #define _ATFILE_SOURCE
2 #include <sys/types.h>
3 #include <sys/stat.h>
4 #include <sys/wait.h>
5 #include <sys/inotify.h>
6 #include <sys/mount.h>
7 #include <sys/param.h>
8 #include <sys/syscall.h>
9 #include <stdio.h>
10 #include <string.h>
11 #include <sched.h>
12 #include <fcntl.h>
13 #include <dirent.h>
14 #include <errno.h>
15 #include <unistd.h>
16
17 #include "utils.h"
18 #include "ip_common.h"
19
20 #define NETNS_RUN_DIR "/var/run/netns"
21 #define NETNS_ETC_DIR "/etc/netns"
22
23 #ifndef CLONE_NEWNET
24 #define CLONE_NEWNET 0x40000000 /* New network namespace (lo, device, names sockets, etc) */
25 #endif
26
27 #ifndef MNT_DETACH
28 #define MNT_DETACH 0x00000002 /* Just detach from the tree */
29 #endif /* MNT_DETACH */
30
31 #ifndef HAVE_SETNS
32 static int setns(int fd, int nstype)
33 {
34 #ifdef __NR_setns
35 return syscall(__NR_setns, fd, nstype);
36 #else
37 errno = ENOSYS;
38 return -1;
39 #endif
40 }
41 #endif /* HAVE_SETNS */
42
43 static int usage(void)
44 {
45 fprintf(stderr, "Usage: ip netns list\n");
46 fprintf(stderr, " ip netns add NAME\n");
47 fprintf(stderr, " ip netns delete NAME\n");
48 fprintf(stderr, " ip netns exec NAME cmd ...\n");
49 fprintf(stderr, " ip netns monitor\n");
50 return EXIT_FAILURE;
51 }
52
53 int get_netns_fd(const char *name)
54 {
55 char pathbuf[MAXPATHLEN];
56 const char *path, *ptr;
57
58 path = name;
59 ptr = strchr(name, '/');
60 if (!ptr) {
61 snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
62 NETNS_RUN_DIR, name );
63 path = pathbuf;
64 }
65 return open(path, O_RDONLY);
66 }
67
68 static int netns_list(int argc, char **argv)
69 {
70 struct dirent *entry;
71 DIR *dir;
72
73 dir = opendir(NETNS_RUN_DIR);
74 if (!dir)
75 return EXIT_SUCCESS;
76
77 while ((entry = readdir(dir)) != NULL) {
78 if (strcmp(entry->d_name, ".") == 0)
79 continue;
80 if (strcmp(entry->d_name, "..") == 0)
81 continue;
82 printf("%s\n", entry->d_name);
83 }
84 closedir(dir);
85 return EXIT_SUCCESS;
86 }
87
88 static void bind_etc(const char *name)
89 {
90 char etc_netns_path[MAXPATHLEN];
91 char netns_name[MAXPATHLEN];
92 char etc_name[MAXPATHLEN];
93 struct dirent *entry;
94 DIR *dir;
95
96 snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name);
97 dir = opendir(etc_netns_path);
98 if (!dir)
99 return;
100
101 while ((entry = readdir(dir)) != NULL) {
102 if (strcmp(entry->d_name, ".") == 0)
103 continue;
104 if (strcmp(entry->d_name, "..") == 0)
105 continue;
106 snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name);
107 snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name);
108 if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) {
109 fprintf(stderr, "Bind %s -> %s failed: %s\n",
110 netns_name, etc_name, strerror(errno));
111 }
112 }
113 closedir(dir);
114 }
115
116 static int netns_exec(int argc, char **argv)
117 {
118 /* Setup the proper environment for apps that are not netns
119 * aware, and execute a program in that environment.
120 */
121 const char *name, *cmd;
122 char net_path[MAXPATHLEN];
123 int netns;
124
125 if (argc < 1) {
126 fprintf(stderr, "No netns name specified\n");
127 return EXIT_FAILURE;
128 }
129 if (argc < 2) {
130 fprintf(stderr, "No cmd specified\n");
131 return EXIT_FAILURE;
132 }
133 name = argv[0];
134 cmd = argv[1];
135 snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
136 netns = open(net_path, O_RDONLY);
137 if (netns < 0) {
138 fprintf(stderr, "Cannot open network namespace %s: %s\n",
139 name, strerror(errno));
140 return EXIT_FAILURE;
141 }
142 if (setns(netns, CLONE_NEWNET) < 0) {
143 fprintf(stderr, "seting the network namespace failed: %s\n",
144 strerror(errno));
145 return EXIT_FAILURE;
146 }
147
148 if (unshare(CLONE_NEWNS) < 0) {
149 fprintf(stderr, "unshare failed: %s\n", strerror(errno));
150 return EXIT_FAILURE;
151 }
152 /* Don't let any mounts propogate back to the parent */
153 if (mount("", "/", "none", MS_SLAVE | MS_REC, NULL)) {
154 fprintf(stderr, "mount --make-rslave / failed: %s\n",
155 strerror(errno));
156 return EXIT_FAILURE;
157 }
158 /* Mount a version of /sys that describes the network namespace */
159 if (umount2("/sys", MNT_DETACH) < 0) {
160 fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno));
161 return EXIT_FAILURE;
162 }
163 if (mount(name, "/sys", "sysfs", 0, NULL) < 0) {
164 fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno));
165 return EXIT_FAILURE;
166 }
167
168 /* Setup bind mounts for config files in /etc */
169 bind_etc(name);
170
171 if (execvp(cmd, argv + 1) < 0)
172 fprintf(stderr, "exec of %s failed: %s\n",
173 cmd, strerror(errno));
174 return EXIT_FAILURE;
175 }
176
177 static int netns_delete(int argc, char **argv)
178 {
179 const char *name;
180 char netns_path[MAXPATHLEN];
181
182 if (argc < 1) {
183 fprintf(stderr, "No netns name specified\n");
184 return EXIT_FAILURE;
185 }
186
187 name = argv[0];
188 snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
189 umount2(netns_path, MNT_DETACH);
190 if (unlink(netns_path) < 0) {
191 fprintf(stderr, "Cannot remove %s: %s\n",
192 netns_path, strerror(errno));
193 return EXIT_FAILURE;
194 }
195 return EXIT_SUCCESS;
196 }
197
198 static int netns_add(int argc, char **argv)
199 {
200 /* This function creates a new network namespace and
201 * a new mount namespace and bind them into a well known
202 * location in the filesystem based on the name provided.
203 *
204 * The mount namespace is created so that any necessary
205 * userspace tweaks like remounting /sys, or bind mounting
206 * a new /etc/resolv.conf can be shared between uers.
207 */
208 char netns_path[MAXPATHLEN];
209 const char *name;
210 int fd;
211
212 if (argc < 1) {
213 fprintf(stderr, "No netns name specified\n");
214 return EXIT_FAILURE;
215 }
216 name = argv[0];
217
218 snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
219
220 /* Create the base netns directory if it doesn't exist */
221 mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
222
223 /* Create the filesystem state */
224 fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0);
225 if (fd < 0) {
226 fprintf(stderr, "Could not create %s: %s\n",
227 netns_path, strerror(errno));
228 return EXIT_FAILURE;
229 }
230 close(fd);
231 if (unshare(CLONE_NEWNET) < 0) {
232 fprintf(stderr, "Failed to create a new network namespace: %s\n",
233 strerror(errno));
234 goto out_delete;
235 }
236
237 /* Bind the netns last so I can watch for it */
238 if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) {
239 fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n",
240 netns_path, strerror(errno));
241 goto out_delete;
242 }
243 return EXIT_SUCCESS;
244 out_delete:
245 netns_delete(argc, argv);
246 return EXIT_FAILURE;
247 }
248
249
250 static int netns_monitor(int argc, char **argv)
251 {
252 char buf[4096];
253 struct inotify_event *event;
254 int fd;
255 fd = inotify_init();
256 if (fd < 0) {
257 fprintf(stderr, "inotify_init failed: %s\n",
258 strerror(errno));
259 return EXIT_FAILURE;
260 }
261 if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE | IN_DELETE) < 0) {
262 fprintf(stderr, "inotify_add_watch failed: %s\n",
263 strerror(errno));
264 return EXIT_FAILURE;
265 }
266 for(;;) {
267 ssize_t len = read(fd, buf, sizeof(buf));
268 if (len < 0) {
269 fprintf(stderr, "read failed: %s\n",
270 strerror(errno));
271 return EXIT_FAILURE;
272 }
273 for (event = (struct inotify_event *)buf;
274 (char *)event < &buf[len];
275 event = (struct inotify_event *)((char *)event + sizeof(*event) + event->len)) {
276 if (event->mask & IN_CREATE)
277 printf("add %s\n", event->name);
278 if (event->mask & IN_DELETE)
279 printf("delete %s\n", event->name);
280 }
281 }
282 return EXIT_SUCCESS;
283 }
284
285 int do_netns(int argc, char **argv)
286 {
287 if (argc < 1)
288 return netns_list(0, NULL);
289
290 if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) ||
291 (matches(*argv, "lst") == 0))
292 return netns_list(argc-1, argv+1);
293
294 if (matches(*argv, "help") == 0)
295 return usage();
296
297 if (matches(*argv, "add") == 0)
298 return netns_add(argc-1, argv+1);
299
300 if (matches(*argv, "delete") == 0)
301 return netns_delete(argc-1, argv+1);
302
303 if (matches(*argv, "exec") == 0)
304 return netns_exec(argc-1, argv+1);
305
306 if (matches(*argv, "monitor") == 0)
307 return netns_monitor(argc-1, argv+1);
308
309 fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv);
310 return EXIT_FAILURE;
311 }
Upstream mirror of iproute2