support wireless interfaces for --net

author: netblue30 <netblue30@yahoo.com> 2018-06-09 07:57:32 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-06-09 07:57:32 -0400
commit: e62246a8a3e0e795a37535f9e41dffdfdfa9f77a (patch)
tree: 28b8c0b1667fd0170fa113c1bec90046a15ce6da /src/fnet/veth.c
parent: AppArmor: allow dbus access by default (diff)
download: firejail-e62246a8a3e0e795a37535f9e41dffdfdfa9f77a.tar.gz
firejail-e62246a8a3e0e795a37535f9e41dffdfdfa9f77a.tar.zst
firejail-e62246a8a3e0e795a37535f9e41dffdfdfa9f77a.zip
1 files changed, 60 insertions, 1 deletions
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index c971943a7..fb4f3dc31 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -165,8 +165,66 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) {
        addattr_l (&req.n, sizeof(req), IFLA_INFO_KIND, &macvlan_type, 4);
        data->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)data;
-//      req.n.nlmsg_len += sizeof(struct ifinfomsg);
+        linkinfo->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)linkinfo;
+        // send message
+        if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
+                exit(2);
+        rtnl_close(&rth);
+        return 0;
+}
+int net_create_ipvlan(const char *dev, const char *parent, unsigned pid) {
+        int len;
+        struct iplink_req req;
+        assert(dev);
+        assert(parent);
+        if (rtnl_open(&rth, 0) < 0) {
+                fprintf(stderr, "cannot open netlink\n");
+                exit(1);
+        }
+        memset(&req, 0, sizeof(req));
+        req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
+        req.n.nlmsg_flags = NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL;
+        req.n.nlmsg_type = RTM_NEWLINK;
+        req.i.ifi_family = 0;
+        // find parent ifindex
+        int parent_ifindex = if_nametoindex(parent);
+        if (parent_ifindex <= 0) {
+                fprintf(stderr, "Error: cannot find network device %s\n", parent);
+                exit(1);
+        }
+        // add parent
+        addattr_l(&req.n, sizeof(req), IFLA_LINK, &parent_ifindex, 4);
+        // add new interface name
+        len = strlen(dev) + 1;
+        addattr_l(&req.n, sizeof(req), IFLA_IFNAME, dev, len);
+        // place the interface in child namespace
+        addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4);
+        // add  link info for the new interface
+        struct rtattr *linkinfo = NLMSG_TAIL(&req.n);
+        addattr_l(&req.n, sizeof(req), IFLA_LINKINFO, NULL, 0);
+        addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, "ipvlan", strlen("ipvlan"));
+        // set macvlan bridge mode
+        struct rtattr * data = NLMSG_TAIL(&req.n);
+        addattr_l(&req.n, sizeof(req), IFLA_INFO_DATA, NULL, 0);
+        int macvlan_type = IPVLAN_MODE_L2;
+        addattr_l (&req.n, sizeof(req), IFLA_INFO_KIND, &macvlan_type, 2);
+        data->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)data;
+//      req.n.nlmsg_len += sizeof(struct ifinfomsg);
        data->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)data;
        linkinfo->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)linkinfo;
@@ -180,6 +238,7 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) {
        return 0;
 }
 // move the interface dev in namespace of program pid
 // when the interface is moved, netlink does not preserve interface configuration
 int net_move_interface(const char *dev, unsigned pid) {
author	netblue30 <netblue30@yahoo.com>	2018-06-09 07:57:32 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-06-09 07:57:32 -0400
commit	e62246a8a3e0e795a37535f9e41dffdfdfa9f77a (patch)
tree	28b8c0b1667fd0170fa113c1bec90046a15ce6da /src/fnet/veth.c
parent	AppArmor: allow dbus access by default (diff)
download	firejail-e62246a8a3e0e795a37535f9e41dffdfdfa9f77a.tar.gz firejail-e62246a8a3e0e795a37535f9e41dffdfdfa9f77a.tar.zst firejail-e62246a8a3e0e795a37535f9e41dffdfdfa9f77a.zip

diff --git a/src/fnet/veth.c b/src/fnet/veth.c index c971943a7..fb4f3dc31 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c
@@ -165,8 +165,66 @@ int net_create_macvlan(const char dev, const char parent, unsigned pid) {
165	addattr_l (&req.n, sizeof(req), IFLA_INFO_KIND, &macvlan_type, 4);	165	addattr_l (&req.n, sizeof(req), IFLA_INFO_KIND, &macvlan_type, 4);
166		166
167	data->rta_len = (void )NLMSG_TAIL(&req.n) - (void )data;	167	data->rta_len = (void )NLMSG_TAIL(&req.n) - (void )data;
168	// req.n.nlmsg_len += sizeof(struct ifinfomsg);	168	linkinfo->rta_len = (void )NLMSG_TAIL(&req.n) - (void )linkinfo;
		169
		170	// send message
		171	if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
		172	exit(2);
		173
		174	rtnl_close(&rth);
169		175
		176	return 0;
		177	}
		178
		179	int net_create_ipvlan(const char dev, const char parent, unsigned pid) {
		180	int len;
		181	struct iplink_req req;
		182	assert(dev);
		183	assert(parent);
		184
		185	if (rtnl_open(&rth, 0) < 0) {
		186	fprintf(stderr, "cannot open netlink\n");
		187	exit(1);
		188	}
		189
		190	memset(&req, 0, sizeof(req));
		191
		192	req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
		193	req.n.nlmsg_flags = NLM_F_REQUEST\|NLM_F_CREATE\|NLM_F_EXCL;
		194	req.n.nlmsg_type = RTM_NEWLINK;
		195	req.i.ifi_family = 0;
		196
		197	// find parent ifindex
		198	int parent_ifindex = if_nametoindex(parent);
		199	if (parent_ifindex <= 0) {
		200	fprintf(stderr, "Error: cannot find network device %s\n", parent);
		201	exit(1);
		202	}
		203
		204	// add parent
		205	addattr_l(&req.n, sizeof(req), IFLA_LINK, &parent_ifindex, 4);
		206
		207	// add new interface name
		208	len = strlen(dev) + 1;
		209	addattr_l(&req.n, sizeof(req), IFLA_IFNAME, dev, len);
		210
		211	// place the interface in child namespace
		212	addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4);
		213
		214
		215	// add link info for the new interface
		216	struct rtattr *linkinfo = NLMSG_TAIL(&req.n);
		217	addattr_l(&req.n, sizeof(req), IFLA_LINKINFO, NULL, 0);
		218	addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, "ipvlan", strlen("ipvlan"));
		219
		220	// set macvlan bridge mode
		221	struct rtattr * data = NLMSG_TAIL(&req.n);
		222	addattr_l(&req.n, sizeof(req), IFLA_INFO_DATA, NULL, 0);
		223	int macvlan_type = IPVLAN_MODE_L2;
		224	addattr_l (&req.n, sizeof(req), IFLA_INFO_KIND, &macvlan_type, 2);
		225
		226	data->rta_len = (void )NLMSG_TAIL(&req.n) - (void )data;
		227	// req.n.nlmsg_len += sizeof(struct ifinfomsg);
170		228
171	data->rta_len = (void )NLMSG_TAIL(&req.n) - (void )data;	229	data->rta_len = (void )NLMSG_TAIL(&req.n) - (void )data;
172	linkinfo->rta_len = (void )NLMSG_TAIL(&req.n) - (void )linkinfo;	230	linkinfo->rta_len = (void )NLMSG_TAIL(&req.n) - (void )linkinfo;
@@ -180,6 +238,7 @@ int net_create_macvlan(const char dev, const char parent, unsigned pid) {
180	return 0;	238	return 0;
181	}	239	}
182		240
		241
183	// move the interface dev in namespace of program pid	242	// move the interface dev in namespace of program pid
184	// when the interface is moved, netlink does not preserve interface configuration	243	// when the interface is moved, netlink does not preserve interface configuration
185	int net_move_interface(const char *dev, unsigned pid) {	244	int net_move_interface(const char *dev, unsigned pid) {