Remove trailing whitespace from src/

author: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-05-24 14:13:52 -0500
committer: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-05-24 14:13:52 -0500
commit: 96c920e166b40bbe50f216e294f2efac154a1cb2 (patch)
tree: fa80a34e81863ab897f2f2b8ec4124b10d023516 /src/fnet
parent: remove trailing whitespace from etc/ (diff)
download: firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.gz
firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.zst
firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.zip
5 files changed, 45 insertions, 49 deletions
diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in
index 32f08882a..5932737ce 100644
--- a/src/fnet/Makefile.in
+++ b/src/fnet/Makefile.in
@@ -42,4 +42,3 @@ clean:; rm -f *.o fnet *.gcov *.gcda *.gcno
 distclean: clean
        rm -fr Makefile
diff --git a/src/fnet/arp.c b/src/fnet/arp.c
index a7f0a603a..4736f3509 100644
--- a/src/fnet/arp.c
+++ b/src/fnet/arp.c
@@ -48,12 +48,12 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
 //      printf("Scanning interface %s (%d.%d.%d.%d/%d)\n",
 //              dev, PRINT_IP(ifip & ifmask), mask2bits(ifmask));
-                        
        if (strlen(dev) > IFNAMSIZ) {
                fprintf(stderr, "Error: invalid network device name %s\n", dev);
                exit(1);
        }
-        
        // find interface mac address
        int sock;
        if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
@@ -70,7 +70,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
        // open layer2 socket
        if ((sock = socket(PF_PACKET, SOCK_RAW, htons (ETH_P_ALL))) < 0)
                errExit("socket");
-        
        // try all possible ip addresses in ascending order
        uint32_t range = ~ifmask + 1; // the number of potential addresses
        // this software is not supported for /31 networks
@@ -90,7 +90,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
        struct timeval ts;
        ts.tv_sec = 2; // 2 seconds receive timeout
        ts.tv_usec = 0;
-        
        while (1) {
                fd_set rfds;
                FD_ZERO(&rfds);
@@ -101,21 +101,21 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
                int maxfd = sock;
                uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc
-                memset(frame, 0, ETH_FRAME_LEN);        
+                memset(frame, 0, ETH_FRAME_LEN);
                int nready;
                if (dest < last)
                        nready = select(maxfd + 1,  &rfds, &wfds, (fd_set *) 0, NULL);
-                else            
+                else
                        nready = select(maxfd + 1,  &rfds,  (fd_set *) 0, (fd_set *) 0, &ts);
-                
                if (nready < 0)
                        errExit("select");
-                        
                if (nready == 0) { // timeout
                        break;
                }
-                
                if (FD_ISSET(sock, &wfds) && dest < last) {
                        // configure layer2 socket address information
                        struct sockaddr_ll addr;
@@ -125,7 +125,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
                        addr.sll_family = AF_PACKET;
                        memcpy (addr.sll_addr, mac, 6);
                        addr.sll_halen = htons(6);
-                
                        // build the arp packet header
                        ArpHdr hdr;
                        memset(&hdr, 0, sizeof(hdr));
@@ -138,7 +138,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
                        memcpy(hdr.sender_ip, (uint8_t *)&src, 4);
                        uint32_t dst = htonl(dest);
                        memcpy(hdr.target_ip, (uint8_t *)&dst, 4);
-                
                        // build ethernet frame
                        uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc
                        memset(frame, 0, sizeof(frame));
@@ -147,16 +147,16 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
                        frame[12] = ETH_P_ARP / 256;
                        frame[13] = ETH_P_ARP % 256;
                        memcpy (frame + 14, &hdr, sizeof(hdr));
-                
                        // send packet
                        int len;
                        if ((len = sendto (sock, frame, 14 + sizeof(ArpHdr), 0, (struct sockaddr *) &addr, sizeof (addr))) <= 0)
                                errExit("send");
-//printf("send %d bytes to %d.%d.%d.%d\n", len, PRINT_IP(dest));                
+//printf("send %d bytes to %d.%d.%d.%d\n", len, PRINT_IP(dest));
                        fflush(0);
                        dest++;
                }
-                
                if (FD_ISSET(sock, &rfds)) {
                        // read the incoming packet
                        int len = recvfrom(sock, frame, ETH_FRAME_LEN, 0, NULL, NULL);
@@ -185,24 +185,21 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
                                        continue;
                                memcpy(&ip, hdr.sender_ip, 4);
                                ip = ntohl(ip);
-                                
                                if (ip == last_ip) // filter duplicates
                                        continue;
                                last_ip = ip;
-                                        
                                // printing
                                if (header_printed == 0) {
                                        printf("   Network scan:\n");
                                        header_printed = 1;
                                }
                                printf("   %02x:%02x:%02x:%02x:%02x:%02x\t%d.%d.%d.%d\n",
-                                        PRINT_MAC(hdr.sender_mac), PRINT_IP(ip));                                                                       
+                                        PRINT_MAC(hdr.sender_mac), PRINT_IP(ip));
                        }
                }
        }
-        
        close(sock);
 }
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index 33ad766ec..8c1fd6ca4 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -40,7 +40,7 @@ static void check_if_name(const char *ifname) {
 void net_bridge_add_interface(const char *bridge, const char *dev) {
        check_if_name(bridge);
        check_if_name(dev);
-        
        // somehow adding the interface to the bridge resets MTU on bridge device!!!
        // workaround: restore MTU on the bridge device
        // todo: put a real fix in
@@ -82,7 +82,7 @@ void net_bridge_add_interface(const char *bridge, const char *dev) {
 // bring interface up
 void net_if_up(const char *ifname) {
        check_if_name(ifname);
-        
        int sock = socket(AF_INET,SOCK_DGRAM,0);
        if (sock < 0)
                errExit("socket");
@@ -139,8 +139,8 @@ int net_get_mtu(const char *ifname) {
        if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) == 0)
                mtu = ifr.ifr_mtu;
        close(s);
-        
-        
        return mtu;
 }
@@ -197,7 +197,7 @@ void net_ifprint(int scan) {
                        sprintf(ipstr, "%d.%d.%d.%d", PRINT_IP(ip));
                        char maskstr[30];
                        sprintf(maskstr, "%d.%d.%d.%d", PRINT_IP(mask));
-                        
                        // mac address
                        unsigned char mac[6];
                        net_get_mac(ifa->ifa_name, mac);
@@ -207,7 +207,7 @@ void net_ifprint(int scan) {
                        else
                                sprintf(macstr, "%02x:%02x:%02x:%02x:%02x:%02x", PRINT_MAC(mac));
-                        // print                                
+                        // print
                        printf("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n",
                                ifa->ifa_name, macstr, ipstr, maskstr, status);
@@ -240,7 +240,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
        memset(&ifr, 0, sizeof(ifr));
        strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
        ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
-        
        if (ioctl(sock, SIOCGIFHWADDR, &ifr) == -1)
                errExit("ioctl");
        memcpy(mac, ifr.ifr_hwaddr.sa_data, 6);
@@ -262,7 +262,7 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) {
        ifr.ifr_addr.sa_family = AF_INET;
        ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip);
-        if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) 
+        if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0)
                errExit("ioctl");
        if (ip != 0) {
@@ -270,7 +270,7 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) {
                if (ioctl( sock, SIOCSIFNETMASK, &ifr ) < 0)
                        errExit("ioctl");
        }
-        
        // configure mtu
        if (mtu > 0) {
                ifr.ifr_mtu = mtu;
@@ -295,7 +295,7 @@ int net_if_mac(const char *ifname, const unsigned char mac[6]) {
        strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
        ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
        memcpy(ifr.ifr_hwaddr.sa_data, mac, 6);
-        
        if (ioctl(sock, SIOCSIFHWADDR, &ifr) == -1)
                errExit("ioctl");
        close(sock);
@@ -315,7 +315,7 @@ void net_if_ip6(const char *ifname, const char *addr6) {
                fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6);
                exit(1);
        }
-        
        // extract prefix
        unsigned long prefix;
        char *ptr;
@@ -367,6 +367,6 @@ void net_if_ip6(const char *ifname, const char *addr6) {
                perror("ioctl SIOCSIFADDR");
                exit(1);
        }
-        
        close(sock);
 }
diff --git a/src/fnet/main.c b/src/fnet/main.c
index 0c55f3141..f44760b5c 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -41,7 +41,7 @@ int i;
 for (i = 0; i < argc; i++)
        printf("*%s* ", argv[i]);
 printf("\n");
-}       
+}
 #endif
        if (argc < 2) {
                usage();
@@ -51,7 +51,7 @@ printf("\n");
        char *quiet = getenv("FIREJAIL_QUIET");
        if (quiet && strcmp(quiet, "yes") == 0)
                arg_quiet = 1;
-                
        if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) {
                usage();
                return 0;
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index 86d9d5190..d37c93a19 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -1,16 +1,16 @@
 /* code based on iproute2 ip/iplink.c, modified to be included in firejail project
 *
 * Original source code:
- * 
+ *
 * Information:
 *     http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
- * 
+ *
 * Download:
 *     http://www.kernel.org/pub/linux/utils/net/iproute2/
- * 
+ *
 * Repository:
 *     git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
- * 
+ *
 * License: GPL v2
 *
 * Original copyright header
@@ -112,7 +112,7 @@ int net_create_veth(const char *dev, const char *nsdev, unsigned pid) {
                exit(2);
        rtnl_close(&rth);
-        
        return 0;
 }
@@ -134,13 +134,13 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) {
        req.n.nlmsg_flags = NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL;
        req.n.nlmsg_type = RTM_NEWLINK;
        req.i.ifi_family = 0;
-        
        // find parent ifindex
        int parent_ifindex = if_nametoindex(parent);
        if (parent_ifindex <= 0) {
                fprintf(stderr, "Error: cannot find network device %s\n", parent);
                exit(1);
-        }                       
+        }
        // add parent
        addattr_l(&req.n, sizeof(req), IFLA_LINK, &parent_ifindex, 4);
@@ -148,7 +148,7 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) {
        // add new interface name
        len = strlen(dev) + 1;
        addattr_l(&req.n, sizeof(req), IFLA_IFNAME, dev, len);
-        
        // place the interface in child namespace
        addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4);
@@ -176,7 +176,7 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) {
                exit(2);
        rtnl_close(&rth);
-        
        return 0;
 }
@@ -197,7 +197,7 @@ int net_move_interface(const char *dev, unsigned pid) {
        req.n.nlmsg_flags = NLM_F_REQUEST;
        req.n.nlmsg_type = RTM_NEWLINK;
        req.i.ifi_family = 0;
-        
        // find ifindex
        int ifindex = if_nametoindex(dev);
        if (ifindex <= 0) {
@@ -205,7 +205,7 @@ int net_move_interface(const char *dev, unsigned pid) {
                exit(1);
        }
        req.i.ifi_index = ifindex;
-                                
        // place the interface in child namespace
        addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4);
@@ -214,7 +214,7 @@ int net_move_interface(const char *dev, unsigned pid) {
                exit(2);
        rtnl_close(&rth);
-        
        return 0;
 }
@@ -233,4 +233,4 @@ int main(int argc, char **argv) {
        return 0;
 }
-*/
-\ No newline at end of file
+*/
author	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-05-24 14:13:52 -0500
committer	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-05-24 14:13:52 -0500
commit	96c920e166b40bbe50f216e294f2efac154a1cb2 (patch)
tree	fa80a34e81863ab897f2f2b8ec4124b10d023516 /src/fnet
parent	remove trailing whitespace from etc/ (diff)
download	firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.gz firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.zst firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.zip

diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in index 32f08882a..5932737ce 100644 --- a/src/fnet/Makefile.in +++ b/src/fnet/Makefile.in
@@ -42,4 +42,3 @@ clean:; rm -f .o fnet .gcov .gcda .gcno
42		42
43	distclean: clean	43	distclean: clean
44	rm -fr Makefile	44	rm -fr Makefile
45


diff --git a/src/fnet/arp.c b/src/fnet/arp.c index a7f0a603a..4736f3509 100644 --- a/src/fnet/arp.c +++ b/src/fnet/arp.c
@@ -48,12 +48,12 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
48		48
49	// printf("Scanning interface %s (%d.%d.%d.%d/%d)\n",	49	// printf("Scanning interface %s (%d.%d.%d.%d/%d)\n",
50	// dev, PRINT_IP(ifip & ifmask), mask2bits(ifmask));	50	// dev, PRINT_IP(ifip & ifmask), mask2bits(ifmask));
51		51
52	if (strlen(dev) > IFNAMSIZ) {	52	if (strlen(dev) > IFNAMSIZ) {
53	fprintf(stderr, "Error: invalid network device name %s\n", dev);	53	fprintf(stderr, "Error: invalid network device name %s\n", dev);
54	exit(1);	54	exit(1);
55	}	55	}
56		56
57	// find interface mac address	57	// find interface mac address
58	int sock;	58	int sock;
59	if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)	59	if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
@@ -70,7 +70,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
70	// open layer2 socket	70	// open layer2 socket
71	if ((sock = socket(PF_PACKET, SOCK_RAW, htons (ETH_P_ALL))) < 0)	71	if ((sock = socket(PF_PACKET, SOCK_RAW, htons (ETH_P_ALL))) < 0)
72	errExit("socket");	72	errExit("socket");
73		73
74	// try all possible ip addresses in ascending order	74	// try all possible ip addresses in ascending order
75	uint32_t range = ~ifmask + 1; // the number of potential addresses	75	uint32_t range = ~ifmask + 1; // the number of potential addresses
76	// this software is not supported for /31 networks	76	// this software is not supported for /31 networks
@@ -90,7 +90,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
90	struct timeval ts;	90	struct timeval ts;
91	ts.tv_sec = 2; // 2 seconds receive timeout	91	ts.tv_sec = 2; // 2 seconds receive timeout
92	ts.tv_usec = 0;	92	ts.tv_usec = 0;
93		93
94	while (1) {	94	while (1) {
95	fd_set rfds;	95	fd_set rfds;
96	FD_ZERO(&rfds);	96	FD_ZERO(&rfds);
@@ -101,21 +101,21 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
101	int maxfd = sock;	101	int maxfd = sock;
102		102
103	uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc	103	uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc
104	memset(frame, 0, ETH_FRAME_LEN);	104	memset(frame, 0, ETH_FRAME_LEN);
105		105
106	int nready;	106	int nready;
107	if (dest < last)	107	if (dest < last)
108	nready = select(maxfd + 1, &rfds, &wfds, (fd_set *) 0, NULL);	108	nready = select(maxfd + 1, &rfds, &wfds, (fd_set *) 0, NULL);
109	else	109	else
110	nready = select(maxfd + 1, &rfds, (fd_set ) 0, (fd_set ) 0, &ts);	110	nready = select(maxfd + 1, &rfds, (fd_set ) 0, (fd_set ) 0, &ts);
111		111
112	if (nready < 0)	112	if (nready < 0)
113	errExit("select");	113	errExit("select");
114		114
115	if (nready == 0) { // timeout	115	if (nready == 0) { // timeout
116	break;	116	break;
117	}	117	}
118		118
119	if (FD_ISSET(sock, &wfds) && dest < last) {	119	if (FD_ISSET(sock, &wfds) && dest < last) {
120	// configure layer2 socket address information	120	// configure layer2 socket address information
121	struct sockaddr_ll addr;	121	struct sockaddr_ll addr;
@@ -125,7 +125,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
125	addr.sll_family = AF_PACKET;	125	addr.sll_family = AF_PACKET;
126	memcpy (addr.sll_addr, mac, 6);	126	memcpy (addr.sll_addr, mac, 6);
127	addr.sll_halen = htons(6);	127	addr.sll_halen = htons(6);
128		128
129	// build the arp packet header	129	// build the arp packet header
130	ArpHdr hdr;	130	ArpHdr hdr;
131	memset(&hdr, 0, sizeof(hdr));	131	memset(&hdr, 0, sizeof(hdr));
@@ -138,7 +138,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
138	memcpy(hdr.sender_ip, (uint8_t *)&src, 4);	138	memcpy(hdr.sender_ip, (uint8_t *)&src, 4);
139	uint32_t dst = htonl(dest);	139	uint32_t dst = htonl(dest);
140	memcpy(hdr.target_ip, (uint8_t *)&dst, 4);	140	memcpy(hdr.target_ip, (uint8_t *)&dst, 4);
141		141
142	// build ethernet frame	142	// build ethernet frame
143	uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc	143	uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc
144	memset(frame, 0, sizeof(frame));	144	memset(frame, 0, sizeof(frame));
@@ -147,16 +147,16 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
147	frame[12] = ETH_P_ARP / 256;	147	frame[12] = ETH_P_ARP / 256;
148	frame[13] = ETH_P_ARP % 256;	148	frame[13] = ETH_P_ARP % 256;
149	memcpy (frame + 14, &hdr, sizeof(hdr));	149	memcpy (frame + 14, &hdr, sizeof(hdr));
150		150
151	// send packet	151	// send packet
152	int len;	152	int len;
153	if ((len = sendto (sock, frame, 14 + sizeof(ArpHdr), 0, (struct sockaddr *) &addr, sizeof (addr))) <= 0)	153	if ((len = sendto (sock, frame, 14 + sizeof(ArpHdr), 0, (struct sockaddr *) &addr, sizeof (addr))) <= 0)
154	errExit("send");	154	errExit("send");
155	//printf("send %d bytes to %d.%d.%d.%d\n", len, PRINT_IP(dest));	155	//printf("send %d bytes to %d.%d.%d.%d\n", len, PRINT_IP(dest));
156	fflush(0);	156	fflush(0);
157	dest++;	157	dest++;
158	}	158	}
159		159
160	if (FD_ISSET(sock, &rfds)) {	160	if (FD_ISSET(sock, &rfds)) {
161	// read the incoming packet	161	// read the incoming packet
162	int len = recvfrom(sock, frame, ETH_FRAME_LEN, 0, NULL, NULL);	162	int len = recvfrom(sock, frame, ETH_FRAME_LEN, 0, NULL, NULL);
@@ -185,24 +185,21 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) {
185	continue;	185	continue;
186	memcpy(&ip, hdr.sender_ip, 4);	186	memcpy(&ip, hdr.sender_ip, 4);
187	ip = ntohl(ip);	187	ip = ntohl(ip);
188		188
189	if (ip == last_ip) // filter duplicates	189	if (ip == last_ip) // filter duplicates
190	continue;	190	continue;
191	last_ip = ip;	191	last_ip = ip;
192		192
193	// printing	193	// printing
194	if (header_printed == 0) {	194	if (header_printed == 0) {
195	printf(" Network scan:\n");	195	printf(" Network scan:\n");
196	header_printed = 1;	196	header_printed = 1;
197	}	197	}
198	printf(" %02x:%02x:%02x:%02x:%02x:%02x\t%d.%d.%d.%d\n",	198	printf(" %02x:%02x:%02x:%02x:%02x:%02x\t%d.%d.%d.%d\n",
199	PRINT_MAC(hdr.sender_mac), PRINT_IP(ip));	199	PRINT_MAC(hdr.sender_mac), PRINT_IP(ip));
200	}	200	}
201	}	201	}
202	}	202	}
203		203
204	close(sock);	204	close(sock);
205	}	205	}
206
207
208


diff --git a/src/fnet/interface.c b/src/fnet/interface.c index 33ad766ec..8c1fd6ca4 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c
@@ -40,7 +40,7 @@ static void check_if_name(const char *ifname) {
40	void net_bridge_add_interface(const char bridge, const char dev) {	40	void net_bridge_add_interface(const char bridge, const char dev) {
41	check_if_name(bridge);	41	check_if_name(bridge);
42	check_if_name(dev);	42	check_if_name(dev);
43		43
44	// somehow adding the interface to the bridge resets MTU on bridge device!!!	44	// somehow adding the interface to the bridge resets MTU on bridge device!!!
45	// workaround: restore MTU on the bridge device	45	// workaround: restore MTU on the bridge device
46	// todo: put a real fix in	46	// todo: put a real fix in
@@ -82,7 +82,7 @@ void net_bridge_add_interface(const char bridge, const char dev) {
82	// bring interface up	82	// bring interface up
83	void net_if_up(const char *ifname) {	83	void net_if_up(const char *ifname) {
84	check_if_name(ifname);	84	check_if_name(ifname);
85		85
86	int sock = socket(AF_INET,SOCK_DGRAM,0);	86	int sock = socket(AF_INET,SOCK_DGRAM,0);
87	if (sock < 0)	87	if (sock < 0)
88	errExit("socket");	88	errExit("socket");
@@ -139,8 +139,8 @@ int net_get_mtu(const char *ifname) {
139	if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) == 0)	139	if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) == 0)
140	mtu = ifr.ifr_mtu;	140	mtu = ifr.ifr_mtu;
141	close(s);	141	close(s);
142		142
143		143
144	return mtu;	144	return mtu;
145	}	145	}
146		146
@@ -197,7 +197,7 @@ void net_ifprint(int scan) {
197	sprintf(ipstr, "%d.%d.%d.%d", PRINT_IP(ip));	197	sprintf(ipstr, "%d.%d.%d.%d", PRINT_IP(ip));
198	char maskstr[30];	198	char maskstr[30];
199	sprintf(maskstr, "%d.%d.%d.%d", PRINT_IP(mask));	199	sprintf(maskstr, "%d.%d.%d.%d", PRINT_IP(mask));
200		200
201	// mac address	201	// mac address
202	unsigned char mac[6];	202	unsigned char mac[6];
203	net_get_mac(ifa->ifa_name, mac);	203	net_get_mac(ifa->ifa_name, mac);
@@ -207,7 +207,7 @@ void net_ifprint(int scan) {
207	else	207	else
208	sprintf(macstr, "%02x:%02x:%02x:%02x:%02x:%02x", PRINT_MAC(mac));	208	sprintf(macstr, "%02x:%02x:%02x:%02x:%02x:%02x", PRINT_MAC(mac));
209		209
210	// print	210	// print
211	printf("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n",	211	printf("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n",
212	ifa->ifa_name, macstr, ipstr, maskstr, status);	212	ifa->ifa_name, macstr, ipstr, maskstr, status);
213		213
@@ -240,7 +240,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
240	memset(&ifr, 0, sizeof(ifr));	240	memset(&ifr, 0, sizeof(ifr));
241	strncpy(ifr.ifr_name, ifname, IFNAMSIZ);	241	strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
242	ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;	242	ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
243		243
244	if (ioctl(sock, SIOCGIFHWADDR, &ifr) == -1)	244	if (ioctl(sock, SIOCGIFHWADDR, &ifr) == -1)
245	errExit("ioctl");	245	errExit("ioctl");
246	memcpy(mac, ifr.ifr_hwaddr.sa_data, 6);	246	memcpy(mac, ifr.ifr_hwaddr.sa_data, 6);
@@ -262,7 +262,7 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) {
262	ifr.ifr_addr.sa_family = AF_INET;	262	ifr.ifr_addr.sa_family = AF_INET;
263		263
264	((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip);	264	((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip);
265	if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0)	265	if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0)
266	errExit("ioctl");	266	errExit("ioctl");
267		267
268	if (ip != 0) {	268	if (ip != 0) {
@@ -270,7 +270,7 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) {
270	if (ioctl( sock, SIOCSIFNETMASK, &ifr ) < 0)	270	if (ioctl( sock, SIOCSIFNETMASK, &ifr ) < 0)
271	errExit("ioctl");	271	errExit("ioctl");
272	}	272	}
273		273
274	// configure mtu	274	// configure mtu
275	if (mtu > 0) {	275	if (mtu > 0) {
276	ifr.ifr_mtu = mtu;	276	ifr.ifr_mtu = mtu;
@@ -295,7 +295,7 @@ int net_if_mac(const char *ifname, const unsigned char mac[6]) {
295	strncpy(ifr.ifr_name, ifname, IFNAMSIZ);	295	strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
296	ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;	296	ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
297	memcpy(ifr.ifr_hwaddr.sa_data, mac, 6);	297	memcpy(ifr.ifr_hwaddr.sa_data, mac, 6);
298		298
299	if (ioctl(sock, SIOCSIFHWADDR, &ifr) == -1)	299	if (ioctl(sock, SIOCSIFHWADDR, &ifr) == -1)
300	errExit("ioctl");	300	errExit("ioctl");
301	close(sock);	301	close(sock);
@@ -315,7 +315,7 @@ void net_if_ip6(const char ifname, const char addr6) {
315	fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6);	315	fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6);
316	exit(1);	316	exit(1);
317	}	317	}
318		318
319	// extract prefix	319	// extract prefix
320	unsigned long prefix;	320	unsigned long prefix;
321	char *ptr;	321	char *ptr;
@@ -367,6 +367,6 @@ void net_if_ip6(const char ifname, const char addr6) {
367	perror("ioctl SIOCSIFADDR");	367	perror("ioctl SIOCSIFADDR");
368	exit(1);	368	exit(1);
369	}	369	}
370		370
371	close(sock);	371	close(sock);
372	}	372	}


diff --git a/src/fnet/main.c b/src/fnet/main.c index 0c55f3141..f44760b5c 100644 --- a/src/fnet/main.c +++ b/src/fnet/main.c
@@ -41,7 +41,7 @@ int i;
41	for (i = 0; i < argc; i++)	41	for (i = 0; i < argc; i++)
42	printf("%s ", argv[i]);	42	printf("%s ", argv[i]);
43	printf("\n");	43	printf("\n");
44	}	44	}
45	#endif	45	#endif
46	if (argc < 2) {	46	if (argc < 2) {
47	usage();	47	usage();
@@ -51,7 +51,7 @@ printf("\n");
51	char *quiet = getenv("FIREJAIL_QUIET");	51	char *quiet = getenv("FIREJAIL_QUIET");
52	if (quiet && strcmp(quiet, "yes") == 0)	52	if (quiet && strcmp(quiet, "yes") == 0)
53	arg_quiet = 1;	53	arg_quiet = 1;
54		54
55	if (strcmp(argv[1], "-h") == 0 \|\| strcmp(argv[1], "--help") == 0 \|\| strcmp(argv[1], "-?") ==0) {	55	if (strcmp(argv[1], "-h") == 0 \|\| strcmp(argv[1], "--help") == 0 \|\| strcmp(argv[1], "-?") ==0) {
56	usage();	56	usage();
57	return 0;	57	return 0;


diff --git a/src/fnet/veth.c b/src/fnet/veth.c index 86d9d5190..d37c93a19 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c
@@ -1,16 +1,16 @@
1	/* code based on iproute2 ip/iplink.c, modified to be included in firejail project	1	/* code based on iproute2 ip/iplink.c, modified to be included in firejail project
2	*	2	*
3	* Original source code:	3	* Original source code:
4	*	4	*
5	* Information:	5	* Information:
6	* http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2	6	* http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
7	*	7	*
8	* Download:	8	* Download:
9	* http://www.kernel.org/pub/linux/utils/net/iproute2/	9	* http://www.kernel.org/pub/linux/utils/net/iproute2/
10	*	10	*
11	* Repository:	11	* Repository:
12	* git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git	12	* git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
13	*	13	*
14	* License: GPL v2	14	* License: GPL v2
15	*	15	*
16	* Original copyright header	16	* Original copyright header
@@ -112,7 +112,7 @@ int net_create_veth(const char dev, const char nsdev, unsigned pid) {
112	exit(2);	112	exit(2);
113		113
114	rtnl_close(&rth);	114	rtnl_close(&rth);
115		115
116	return 0;	116	return 0;
117	}	117	}
118		118
@@ -134,13 +134,13 @@ int net_create_macvlan(const char dev, const char parent, unsigned pid) {
134	req.n.nlmsg_flags = NLM_F_REQUEST\|NLM_F_CREATE\|NLM_F_EXCL;	134	req.n.nlmsg_flags = NLM_F_REQUEST\|NLM_F_CREATE\|NLM_F_EXCL;
135	req.n.nlmsg_type = RTM_NEWLINK;	135	req.n.nlmsg_type = RTM_NEWLINK;
136	req.i.ifi_family = 0;	136	req.i.ifi_family = 0;
137		137
138	// find parent ifindex	138	// find parent ifindex
139	int parent_ifindex = if_nametoindex(parent);	139	int parent_ifindex = if_nametoindex(parent);
140	if (parent_ifindex <= 0) {	140	if (parent_ifindex <= 0) {
141	fprintf(stderr, "Error: cannot find network device %s\n", parent);	141	fprintf(stderr, "Error: cannot find network device %s\n", parent);
142	exit(1);	142	exit(1);
143	}	143	}
144		144
145	// add parent	145	// add parent
146	addattr_l(&req.n, sizeof(req), IFLA_LINK, &parent_ifindex, 4);	146	addattr_l(&req.n, sizeof(req), IFLA_LINK, &parent_ifindex, 4);
@@ -148,7 +148,7 @@ int net_create_macvlan(const char dev, const char parent, unsigned pid) {
148	// add new interface name	148	// add new interface name
149	len = strlen(dev) + 1;	149	len = strlen(dev) + 1;
150	addattr_l(&req.n, sizeof(req), IFLA_IFNAME, dev, len);	150	addattr_l(&req.n, sizeof(req), IFLA_IFNAME, dev, len);
151		151
152	// place the interface in child namespace	152	// place the interface in child namespace
153	addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4);	153	addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4);
154		154
@@ -176,7 +176,7 @@ int net_create_macvlan(const char dev, const char parent, unsigned pid) {
176	exit(2);	176	exit(2);
177		177
178	rtnl_close(&rth);	178	rtnl_close(&rth);
179		179
180	return 0;	180	return 0;
181	}	181	}
182		182
@@ -197,7 +197,7 @@ int net_move_interface(const char *dev, unsigned pid) {
197	req.n.nlmsg_flags = NLM_F_REQUEST;	197	req.n.nlmsg_flags = NLM_F_REQUEST;
198	req.n.nlmsg_type = RTM_NEWLINK;	198	req.n.nlmsg_type = RTM_NEWLINK;
199	req.i.ifi_family = 0;	199	req.i.ifi_family = 0;
200		200
201	// find ifindex	201	// find ifindex
202	int ifindex = if_nametoindex(dev);	202	int ifindex = if_nametoindex(dev);
203	if (ifindex <= 0) {	203	if (ifindex <= 0) {
@@ -205,7 +205,7 @@ int net_move_interface(const char *dev, unsigned pid) {
205	exit(1);	205	exit(1);
206	}	206	}
207	req.i.ifi_index = ifindex;	207	req.i.ifi_index = ifindex;
208		208
209	// place the interface in child namespace	209	// place the interface in child namespace
210	addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4);	210	addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4);
211		211
@@ -214,7 +214,7 @@ int net_move_interface(const char *dev, unsigned pid) {
214	exit(2);	214	exit(2);
215		215
216	rtnl_close(&rth);	216	rtnl_close(&rth);
217		217
218	return 0;	218	return 0;
219	}	219	}
220		220
@@ -233,4 +233,4 @@ int main(int argc, char **argv) {
233		233
234	return 0;	234	return 0;
235	}	235	}
236	*/ \ No newline at end of file	236	*/