diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-11 07:47:46 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-11 07:47:46 -0500 |
commit | a8b23c83998c7964f8898c39784ac186a0216c3f (patch) | |
tree | eeccf98bab92b5b3818f0b30af688d736a92a599 /src/fnet | |
parent | testing (diff) | |
download | firejail-a8b23c83998c7964f8898c39784ac186a0216c3f.tar.gz firejail-a8b23c83998c7964f8898c39784ac186a0216c3f.tar.zst firejail-a8b23c83998c7964f8898c39784ac186a0216c3f.zip |
testing
Diffstat (limited to 'src/fnet')
-rw-r--r-- | src/fnet/interface.c | 76 |
1 files changed, 25 insertions, 51 deletions
diff --git a/src/fnet/interface.c b/src/fnet/interface.c index 046b2c972..3958efddd 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c | |||
@@ -29,13 +29,18 @@ | |||
29 | #include <net/route.h> | 29 | #include <net/route.h> |
30 | #include <linux/if_bridge.h> | 30 | #include <linux/if_bridge.h> |
31 | 31 | ||
32 | // add a veth device to a bridge | 32 | static void check_if_name(const char *ifname) { |
33 | void net_bridge_add_interface(const char *bridge, const char *dev) { | 33 | if (strlen(ifname) > IFNAMSIZ) { |
34 | if (strlen(bridge) > IFNAMSIZ) { | 34 | fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname); |
35 | fprintf(stderr, "Error fnet: invalid network device name %s\n", bridge); | ||
36 | exit(1); | 35 | exit(1); |
37 | } | 36 | } |
37 | } | ||
38 | 38 | ||
39 | // add a veth device to a bridge | ||
40 | void net_bridge_add_interface(const char *bridge, const char *dev) { | ||
41 | check_if_name(bridge); | ||
42 | check_if_name(dev); | ||
43 | |||
39 | // somehow adding the interface to the bridge resets MTU on bridge device!!! | 44 | // somehow adding the interface to the bridge resets MTU on bridge device!!! |
40 | // workaround: restore MTU on the bridge device | 45 | // workaround: restore MTU on the bridge device |
41 | // todo: put a real fix in | 46 | // todo: put a real fix in |
@@ -69,18 +74,14 @@ void net_bridge_add_interface(const char *bridge, const char *dev) { | |||
69 | close(sock); | 74 | close(sock); |
70 | 75 | ||
71 | int mtu2 = net_get_mtu(bridge); | 76 | int mtu2 = net_get_mtu(bridge); |
72 | if (mtu1 != mtu2) { | 77 | if (mtu1 != mtu2) |
73 | net_set_mtu(bridge, mtu1); | 78 | net_set_mtu(bridge, mtu1); |
74 | } | ||
75 | } | 79 | } |
76 | 80 | ||
77 | 81 | ||
78 | // bring interface up | 82 | // bring interface up |
79 | void net_if_up(const char *ifname) { | 83 | void net_if_up(const char *ifname) { |
80 | if (strlen(ifname) > IFNAMSIZ) { | 84 | check_if_name(ifname); |
81 | fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname); | ||
82 | exit(1); | ||
83 | } | ||
84 | 85 | ||
85 | int sock = socket(AF_INET,SOCK_DGRAM,0); | 86 | int sock = socket(AF_INET,SOCK_DGRAM,0); |
86 | if (sock < 0) | 87 | if (sock < 0) |
@@ -93,28 +94,19 @@ void net_if_up(const char *ifname) { | |||
93 | ifr.ifr_addr.sa_family = AF_INET; | 94 | ifr.ifr_addr.sa_family = AF_INET; |
94 | 95 | ||
95 | // read the existing flags | 96 | // read the existing flags |
96 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { | 97 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) |
97 | close(sock); | ||
98 | printf("Error fnet: cannot bring up interface %s\n", ifname); | ||
99 | errExit("ioctl"); | 98 | errExit("ioctl"); |
100 | } | ||
101 | 99 | ||
102 | ifr.ifr_flags |= IFF_UP; | 100 | ifr.ifr_flags |= IFF_UP; |
103 | 101 | ||
104 | // set the new flags | 102 | // set the new flags |
105 | if (ioctl( sock, SIOCSIFFLAGS, &ifr ) < 0) { | 103 | if (ioctl( sock, SIOCSIFFLAGS, &ifr ) < 0) |
106 | close(sock); | ||
107 | printf("Error fnet: cannot bring up interface %s\n", ifname); | ||
108 | errExit("ioctl"); | 104 | errExit("ioctl"); |
109 | } | ||
110 | 105 | ||
111 | // checking | 106 | // checking |
112 | // read the existing flags | 107 | // read the existing flags |
113 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { | 108 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) |
114 | close(sock); | ||
115 | printf("Error fnet: cannot bring up interface %s\n", ifname); | ||
116 | errExit("ioctl"); | 109 | errExit("ioctl"); |
117 | } | ||
118 | 110 | ||
119 | // wait not more than 500ms for the interface to come up | 111 | // wait not more than 500ms for the interface to come up |
120 | int cnt = 0; | 112 | int cnt = 0; |
@@ -122,11 +114,8 @@ void net_if_up(const char *ifname) { | |||
122 | usleep(10000); // sleep 10ms | 114 | usleep(10000); // sleep 10ms |
123 | 115 | ||
124 | // read the existing flags | 116 | // read the existing flags |
125 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { | 117 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) |
126 | close(sock); | ||
127 | printf("Error fnet: cannot bring up interface %s\n", ifname); | ||
128 | errExit("ioctl"); | 118 | errExit("ioctl"); |
129 | } | ||
130 | if (ifr.ifr_flags & IFF_RUNNING) | 119 | if (ifr.ifr_flags & IFF_RUNNING) |
131 | break; | 120 | break; |
132 | cnt++; | 121 | cnt++; |
@@ -136,12 +125,8 @@ void net_if_up(const char *ifname) { | |||
136 | } | 125 | } |
137 | 126 | ||
138 | int net_get_mtu(const char *ifname) { | 127 | int net_get_mtu(const char *ifname) { |
128 | check_if_name(ifname); | ||
139 | int mtu = 0; | 129 | int mtu = 0; |
140 | if (strlen(ifname) > IFNAMSIZ) { | ||
141 | fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname); | ||
142 | exit(1); | ||
143 | } | ||
144 | |||
145 | int s; | 130 | int s; |
146 | struct ifreq ifr; | 131 | struct ifreq ifr; |
147 | 132 | ||
@@ -160,11 +145,7 @@ int net_get_mtu(const char *ifname) { | |||
160 | } | 145 | } |
161 | 146 | ||
162 | void net_set_mtu(const char *ifname, int mtu) { | 147 | void net_set_mtu(const char *ifname, int mtu) { |
163 | if (strlen(ifname) > IFNAMSIZ) { | 148 | check_if_name(ifname); |
164 | fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname); | ||
165 | exit(1); | ||
166 | } | ||
167 | |||
168 | int s; | 149 | int s; |
169 | struct ifreq ifr; | 150 | struct ifreq ifr; |
170 | 151 | ||
@@ -246,6 +227,7 @@ void net_ifprint(int scan) { | |||
246 | } | 227 | } |
247 | 228 | ||
248 | int net_get_mac(const char *ifname, unsigned char mac[6]) { | 229 | int net_get_mac(const char *ifname, unsigned char mac[6]) { |
230 | check_if_name(ifname); | ||
249 | 231 | ||
250 | struct ifreq ifr; | 232 | struct ifreq ifr; |
251 | int sock; | 233 | int sock; |
@@ -267,11 +249,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) { | |||
267 | 249 | ||
268 | // configure interface ipv4 address | 250 | // configure interface ipv4 address |
269 | void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) { | 251 | void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) { |
270 | if (strlen(ifname) > IFNAMSIZ) { | 252 | check_if_name(ifname); |
271 | fprintf(stderr, "Error: invalid network device name %s\n", ifname); | ||
272 | exit(1); | ||
273 | } | ||
274 | |||
275 | int sock = socket(AF_INET,SOCK_DGRAM,0); | 253 | int sock = socket(AF_INET,SOCK_DGRAM,0); |
276 | if (sock < 0) | 254 | if (sock < 0) |
277 | errExit("socket"); | 255 | errExit("socket"); |
@@ -282,34 +260,29 @@ void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) { | |||
282 | ifr.ifr_addr.sa_family = AF_INET; | 260 | ifr.ifr_addr.sa_family = AF_INET; |
283 | 261 | ||
284 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); | 262 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); |
285 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { | 263 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) |
286 | close(sock); | ||
287 | fprintf(stderr, "Error fnet: cannot find interface %s\n", ifname); | ||
288 | errExit("ioctl"); | 264 | errExit("ioctl"); |
289 | } | ||
290 | 265 | ||
291 | if (ip != 0) { | 266 | if (ip != 0) { |
292 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(mask); | 267 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(mask); |
293 | if (ioctl( sock, SIOCSIFNETMASK, &ifr ) < 0) { | 268 | if (ioctl( sock, SIOCSIFNETMASK, &ifr ) < 0) |
294 | close(sock); | ||
295 | errExit("ioctl"); | 269 | errExit("ioctl"); |
296 | } | ||
297 | } | 270 | } |
298 | 271 | ||
299 | // configure mtu | 272 | // configure mtu |
300 | if (mtu > 0) { | 273 | if (mtu > 0) { |
301 | ifr.ifr_mtu = mtu; | 274 | ifr.ifr_mtu = mtu; |
302 | if (ioctl( sock, SIOCSIFMTU, &ifr ) < 0) { | 275 | if (ioctl( sock, SIOCSIFMTU, &ifr ) < 0) |
303 | close(sock); | ||
304 | errExit("ioctl"); | 276 | errExit("ioctl"); |
305 | } | ||
306 | } | 277 | } |
307 | 278 | ||
308 | close(sock); | 279 | close(sock); |
309 | usleep(10000); // sleep 10ms | 280 | usleep(10000); // sleep 10ms |
281 | return; | ||
310 | } | 282 | } |
311 | 283 | ||
312 | int net_if_mac(const char *ifname, const unsigned char mac[6]) { | 284 | int net_if_mac(const char *ifname, const unsigned char mac[6]) { |
285 | check_if_name(ifname); | ||
313 | struct ifreq ifr; | 286 | struct ifreq ifr; |
314 | int sock; | 287 | int sock; |
315 | 288 | ||
@@ -335,6 +308,7 @@ struct ifreq6 { | |||
335 | unsigned int ifr6_ifindex; | 308 | unsigned int ifr6_ifindex; |
336 | }; | 309 | }; |
337 | void net_if_ip6(const char *ifname, const char *addr6) { | 310 | void net_if_ip6(const char *ifname, const char *addr6) { |
311 | check_if_name(ifname); | ||
338 | if (strchr(addr6, ':') == NULL) { | 312 | if (strchr(addr6, ':') == NULL) { |
339 | fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6); | 313 | fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6); |
340 | exit(1); | 314 | exit(1); |