diff options
Diffstat (limited to 'src/fnet')
-rw-r--r-- | src/fnet/Makefile.in | 43 | ||||
-rw-r--r-- | src/fnet/arp.c | 208 | ||||
-rw-r--r-- | src/fnet/fnet.h | 49 | ||||
-rw-r--r-- | src/fnet/interface.c | 395 | ||||
-rw-r--r-- | src/fnet/main.c | 103 | ||||
-rw-r--r-- | src/fnet/veth.c | 230 |
6 files changed, 1028 insertions, 0 deletions
diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in new file mode 100644 index 000000000..b515d2333 --- /dev/null +++ b/src/fnet/Makefile.in | |||
@@ -0,0 +1,43 @@ | |||
1 | all: fnet | ||
2 | |||
3 | prefix=@prefix@ | ||
4 | exec_prefix=@exec_prefix@ | ||
5 | libdir=@libdir@ | ||
6 | sysconfdir=@sysconfdir@ | ||
7 | |||
8 | VERSION=@PACKAGE_VERSION@ | ||
9 | NAME=@PACKAGE_NAME@ | ||
10 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
11 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
12 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
13 | HAVE_BIND=@HAVE_BIND@ | ||
14 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
15 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
16 | HAVE_USERNS=@HAVE_USERNS@ | ||
17 | HAVE_X11=@HAVE_X11@ | ||
18 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
19 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
20 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
21 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
22 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
23 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
24 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
25 | |||
26 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
27 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
28 | OBJS = $(C_FILE_LIST:.c=.o) | ||
29 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
30 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
31 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
32 | |||
33 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h | ||
34 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | ||
35 | |||
36 | fnet: $(OBJS) ../lib/libnetlink.o ../lib/common.o | ||
37 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/libnetlink.o $(LIBS) $(EXTRA_LDFLAGS) | ||
38 | |||
39 | clean:; rm -f *.o fnet | ||
40 | |||
41 | distclean: clean | ||
42 | rm -fr Makefile | ||
43 | |||
diff --git a/src/fnet/arp.c b/src/fnet/arp.c new file mode 100644 index 000000000..96684fdf9 --- /dev/null +++ b/src/fnet/arp.c | |||
@@ -0,0 +1,208 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "fnet.h" | ||
21 | #include <sys/socket.h> | ||
22 | #include <sys/ioctl.h> | ||
23 | #include <linux/if_ether.h> //TCP/IP Protocol Suite for Linux | ||
24 | #include <net/if.h> | ||
25 | #include <netinet/in.h> | ||
26 | #include <linux/ip.h> | ||
27 | #include <linux/udp.h> | ||
28 | #include <linux/tcp.h> | ||
29 | #include <linux/if_packet.h> | ||
30 | |||
31 | typedef struct arp_hdr_t { | ||
32 | uint16_t htype; | ||
33 | uint16_t ptype; | ||
34 | uint8_t hlen; | ||
35 | uint8_t plen; | ||
36 | uint16_t opcode; | ||
37 | uint8_t sender_mac[6]; | ||
38 | uint8_t sender_ip[4]; | ||
39 | uint8_t target_mac[6]; | ||
40 | uint8_t target_ip[4]; | ||
41 | } ArpHdr; | ||
42 | |||
43 | |||
44 | // scan interface (--scan option) | ||
45 | void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) { | ||
46 | assert(dev); | ||
47 | assert(ifip); | ||
48 | |||
49 | // printf("Scanning interface %s (%d.%d.%d.%d/%d)\n", | ||
50 | // dev, PRINT_IP(ifip & ifmask), mask2bits(ifmask)); | ||
51 | |||
52 | if (strlen(dev) > IFNAMSIZ) { | ||
53 | fprintf(stderr, "Error: invalid network device name %s\n", dev); | ||
54 | exit(1); | ||
55 | } | ||
56 | |||
57 | // find interface mac address | ||
58 | int sock; | ||
59 | if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) | ||
60 | errExit("socket"); | ||
61 | struct ifreq ifr; | ||
62 | memset(&ifr, 0, sizeof (ifr)); | ||
63 | strncpy(ifr.ifr_name, dev, IFNAMSIZ); | ||
64 | if (ioctl(sock, SIOCGIFHWADDR, &ifr) < 0) | ||
65 | errExit("ioctl"); | ||
66 | close(sock); | ||
67 | uint8_t mac[6]; | ||
68 | memcpy (mac, ifr.ifr_hwaddr.sa_data, 6); | ||
69 | |||
70 | // open layer2 socket | ||
71 | if ((sock = socket(PF_PACKET, SOCK_RAW, htons (ETH_P_ALL))) < 0) | ||
72 | errExit("socket"); | ||
73 | |||
74 | // try all possible ip addresses in ascending order | ||
75 | uint32_t range = ~ifmask + 1; // the number of potential addresses | ||
76 | // this software is not supported for /31 networks | ||
77 | if (range < 4) { | ||
78 | fprintf(stderr, "Warning: this option is not supported for /31 networks\n"); | ||
79 | close(sock); | ||
80 | return; | ||
81 | } | ||
82 | |||
83 | uint32_t dest = (ifip & ifmask) + 1; | ||
84 | uint32_t last = dest + range - 1; | ||
85 | uint32_t src = htonl(ifip); | ||
86 | |||
87 | // wait not more than one second for an answer | ||
88 | int header_printed = 0; | ||
89 | uint32_t last_ip = 0; | ||
90 | struct timeval ts; | ||
91 | ts.tv_sec = 2; // 2 seconds receive timeout | ||
92 | ts.tv_usec = 0; | ||
93 | |||
94 | while (1) { | ||
95 | fd_set rfds; | ||
96 | FD_ZERO(&rfds); | ||
97 | FD_SET(sock, &rfds); | ||
98 | fd_set wfds; | ||
99 | FD_ZERO(&wfds); | ||
100 | FD_SET(sock, &wfds); | ||
101 | int maxfd = sock; | ||
102 | |||
103 | uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc | ||
104 | memset(frame, 0, ETH_FRAME_LEN); | ||
105 | |||
106 | int nready; | ||
107 | if (dest < last) | ||
108 | nready = select(maxfd + 1, &rfds, &wfds, (fd_set *) 0, NULL); | ||
109 | else | ||
110 | nready = select(maxfd + 1, &rfds, (fd_set *) 0, (fd_set *) 0, &ts); | ||
111 | |||
112 | if (nready < 0) | ||
113 | errExit("select"); | ||
114 | |||
115 | if (nready == 0) { // timeout | ||
116 | break; | ||
117 | } | ||
118 | |||
119 | if (FD_ISSET(sock, &wfds) && dest < last) { | ||
120 | // configure layer2 socket address information | ||
121 | struct sockaddr_ll addr; | ||
122 | memset(&addr, 0, sizeof(addr)); | ||
123 | if ((addr.sll_ifindex = if_nametoindex(dev)) == 0) | ||
124 | errExit("if_nametoindex"); | ||
125 | addr.sll_family = AF_PACKET; | ||
126 | memcpy (addr.sll_addr, mac, 6); | ||
127 | addr.sll_halen = htons(6); | ||
128 | |||
129 | // build the arp packet header | ||
130 | ArpHdr hdr; | ||
131 | memset(&hdr, 0, sizeof(hdr)); | ||
132 | hdr.htype = htons(1); | ||
133 | hdr.ptype = htons(ETH_P_IP); | ||
134 | hdr.hlen = 6; | ||
135 | hdr.plen = 4; | ||
136 | hdr.opcode = htons(1); //ARPOP_REQUEST | ||
137 | memcpy(hdr.sender_mac, mac, 6); | ||
138 | memcpy(hdr.sender_ip, (uint8_t *)&src, 4); | ||
139 | uint32_t dst = htonl(dest); | ||
140 | memcpy(hdr.target_ip, (uint8_t *)&dst, 4); | ||
141 | |||
142 | // build ethernet frame | ||
143 | uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc | ||
144 | memset(frame, 0, sizeof(frame)); | ||
145 | frame[0] = frame[1] = frame[2] = frame[3] = frame[4] = frame[5] = 0xff; | ||
146 | memcpy(frame + 6, mac, 6); | ||
147 | frame[12] = ETH_P_ARP / 256; | ||
148 | frame[13] = ETH_P_ARP % 256; | ||
149 | memcpy (frame + 14, &hdr, sizeof(hdr)); | ||
150 | |||
151 | // send packet | ||
152 | int len; | ||
153 | if ((len = sendto (sock, frame, 14 + sizeof(ArpHdr), 0, (struct sockaddr *) &addr, sizeof (addr))) <= 0) | ||
154 | errExit("send"); | ||
155 | //printf("send %d bytes to %d.%d.%d.%d\n", len, PRINT_IP(dest)); | ||
156 | fflush(0); | ||
157 | dest++; | ||
158 | } | ||
159 | |||
160 | if (FD_ISSET(sock, &rfds)) { | ||
161 | // read the incoming packet | ||
162 | int len = recvfrom(sock, frame, ETH_FRAME_LEN, 0, NULL, NULL); | ||
163 | if (len < 0) { | ||
164 | perror("recvfrom"); | ||
165 | } | ||
166 | |||
167 | // parse the incoming packet | ||
168 | if ((unsigned int) len < 14 + sizeof(ArpHdr)) | ||
169 | continue; | ||
170 | |||
171 | // look only at ARP packets | ||
172 | if (frame[12] != (ETH_P_ARP / 256) || frame[13] != (ETH_P_ARP % 256)) | ||
173 | continue; | ||
174 | |||
175 | ArpHdr hdr; | ||
176 | memcpy(&hdr, frame + 14, sizeof(ArpHdr)); | ||
177 | |||
178 | if (hdr.opcode == htons(2)) { | ||
179 | // check my mac and my address | ||
180 | if (memcmp(mac, hdr.target_mac, 6) != 0) | ||
181 | continue; | ||
182 | uint32_t ip; | ||
183 | memcpy(&ip, hdr.target_ip, 4); | ||
184 | if (ip != src) | ||
185 | continue; | ||
186 | memcpy(&ip, hdr.sender_ip, 4); | ||
187 | ip = ntohl(ip); | ||
188 | |||
189 | if (ip == last_ip) // filter duplicates | ||
190 | continue; | ||
191 | last_ip = ip; | ||
192 | |||
193 | // printing | ||
194 | if (header_printed == 0) { | ||
195 | printf(" Network scan:\n"); | ||
196 | header_printed = 1; | ||
197 | } | ||
198 | printf(" %02x:%02x:%02x:%02x:%02x:%02x\t%d.%d.%d.%d\n", | ||
199 | PRINT_MAC(hdr.sender_mac), PRINT_IP(ip)); | ||
200 | } | ||
201 | } | ||
202 | } | ||
203 | |||
204 | close(sock); | ||
205 | } | ||
206 | |||
207 | |||
208 | |||
diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h new file mode 100644 index 000000000..0c5e5baef --- /dev/null +++ b/src/fnet/fnet.h | |||
@@ -0,0 +1,49 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #ifndef FNET_H | ||
21 | #define FNET_H | ||
22 | |||
23 | #include <stdio.h> | ||
24 | #include <stdlib.h> | ||
25 | #include <string.h> | ||
26 | #include <assert.h> | ||
27 | #include "../include/common.h" | ||
28 | |||
29 | // veth.c | ||
30 | int net_create_veth(const char *dev, const char *nsdev, unsigned pid); | ||
31 | int net_create_macvlan(const char *dev, const char *parent, unsigned pid); | ||
32 | int net_move_interface(const char *dev, unsigned pid); | ||
33 | |||
34 | // interface.c | ||
35 | void net_bridge_add_interface(const char *bridge, const char *dev); | ||
36 | void net_if_up(const char *ifname); | ||
37 | int net_get_mtu(const char *ifname); | ||
38 | void net_set_mtu(const char *ifname, int mtu); | ||
39 | void net_ifprint(int scan); | ||
40 | int net_get_mac(const char *ifname, unsigned char mac[6]); | ||
41 | void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu); | ||
42 | int net_if_mac(const char *ifname, const unsigned char mac[6]); | ||
43 | void net_if_ip6(const char *ifname, const char *addr6); | ||
44 | |||
45 | |||
46 | // arp.c | ||
47 | void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask); | ||
48 | |||
49 | #endif | ||
diff --git a/src/fnet/interface.c b/src/fnet/interface.c new file mode 100644 index 000000000..67af062bf --- /dev/null +++ b/src/fnet/interface.c | |||
@@ -0,0 +1,395 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
21 | #include "fnet.h" | ||
22 | #include <arpa/inet.h> | ||
23 | #include <sys/socket.h> | ||
24 | #include <sys/ioctl.h> | ||
25 | #include <netdb.h> | ||
26 | #include <ifaddrs.h> | ||
27 | #include <net/if.h> | ||
28 | #include <net/if_arp.h> | ||
29 | #include <net/route.h> | ||
30 | #include <linux/if_bridge.h> | ||
31 | |||
32 | // add a veth device to a bridge | ||
33 | void net_bridge_add_interface(const char *bridge, const char *dev) { | ||
34 | if (strlen(bridge) > IFNAMSIZ) { | ||
35 | fprintf(stderr, "Error fnet: invalid network device name %s\n", bridge); | ||
36 | exit(1); | ||
37 | } | ||
38 | |||
39 | // somehow adding the interface to the bridge resets MTU on bridge device!!! | ||
40 | // workaround: restore MTU on the bridge device | ||
41 | // todo: put a real fix in | ||
42 | int mtu1 = net_get_mtu(bridge); | ||
43 | |||
44 | struct ifreq ifr; | ||
45 | int err; | ||
46 | int ifindex = if_nametoindex(dev); | ||
47 | |||
48 | if (ifindex <= 0) | ||
49 | errExit("if_nametoindex"); | ||
50 | |||
51 | int sock; | ||
52 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) | ||
53 | errExit("socket"); | ||
54 | |||
55 | memset(&ifr, 0, sizeof(ifr)); | ||
56 | strncpy(ifr.ifr_name, bridge, IFNAMSIZ); | ||
57 | #ifdef SIOCBRADDIF | ||
58 | ifr.ifr_ifindex = ifindex; | ||
59 | err = ioctl(sock, SIOCBRADDIF, &ifr); | ||
60 | if (err < 0) | ||
61 | #endif | ||
62 | { | ||
63 | unsigned long args[4] = { BRCTL_ADD_IF, ifindex, 0, 0 }; | ||
64 | |||
65 | ifr.ifr_data = (char *) args; | ||
66 | err = ioctl(sock, SIOCDEVPRIVATE, &ifr); | ||
67 | } | ||
68 | (void) err; | ||
69 | close(sock); | ||
70 | |||
71 | int mtu2 = net_get_mtu(bridge); | ||
72 | if (mtu1 != mtu2) { | ||
73 | net_set_mtu(bridge, mtu1); | ||
74 | } | ||
75 | } | ||
76 | |||
77 | |||
78 | // bring interface up | ||
79 | void net_if_up(const char *ifname) { | ||
80 | if (strlen(ifname) > IFNAMSIZ) { | ||
81 | fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname); | ||
82 | exit(1); | ||
83 | } | ||
84 | |||
85 | int sock = socket(AF_INET,SOCK_DGRAM,0); | ||
86 | if (sock < 0) | ||
87 | errExit("socket"); | ||
88 | |||
89 | // get the existing interface flags | ||
90 | struct ifreq ifr; | ||
91 | memset(&ifr, 0, sizeof(ifr)); | ||
92 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | ||
93 | ifr.ifr_addr.sa_family = AF_INET; | ||
94 | |||
95 | // read the existing flags | ||
96 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { | ||
97 | close(sock); | ||
98 | printf("Error fnet: cannot bring up interface %s\n", ifname); | ||
99 | errExit("ioctl"); | ||
100 | } | ||
101 | |||
102 | ifr.ifr_flags |= IFF_UP; | ||
103 | |||
104 | // set the new flags | ||
105 | if (ioctl( sock, SIOCSIFFLAGS, &ifr ) < 0) { | ||
106 | close(sock); | ||
107 | printf("Error fnet: cannot bring up interface %s\n", ifname); | ||
108 | errExit("ioctl"); | ||
109 | } | ||
110 | |||
111 | // checking | ||
112 | // read the existing flags | ||
113 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { | ||
114 | close(sock); | ||
115 | printf("Error fnet: cannot bring up interface %s\n", ifname); | ||
116 | errExit("ioctl"); | ||
117 | } | ||
118 | |||
119 | // wait not more than 500ms for the interface to come up | ||
120 | int cnt = 0; | ||
121 | while (cnt < 50) { | ||
122 | usleep(10000); // sleep 10ms | ||
123 | |||
124 | // read the existing flags | ||
125 | if (ioctl(sock, SIOCGIFFLAGS, &ifr ) < 0) { | ||
126 | close(sock); | ||
127 | printf("Error fnet: cannot bring up interface %s\n", ifname); | ||
128 | errExit("ioctl"); | ||
129 | } | ||
130 | if (ifr.ifr_flags & IFF_RUNNING) | ||
131 | break; | ||
132 | cnt++; | ||
133 | } | ||
134 | |||
135 | close(sock); | ||
136 | } | ||
137 | |||
138 | int net_get_mtu(const char *ifname) { | ||
139 | int mtu = 0; | ||
140 | if (strlen(ifname) > IFNAMSIZ) { | ||
141 | fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname); | ||
142 | exit(1); | ||
143 | } | ||
144 | |||
145 | int s; | ||
146 | struct ifreq ifr; | ||
147 | |||
148 | if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) | ||
149 | errExit("socket"); | ||
150 | |||
151 | memset(&ifr, 0, sizeof(ifr)); | ||
152 | ifr.ifr_addr.sa_family = AF_INET; | ||
153 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | ||
154 | if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) == 0) | ||
155 | mtu = ifr.ifr_mtu; | ||
156 | close(s); | ||
157 | |||
158 | |||
159 | return mtu; | ||
160 | } | ||
161 | |||
162 | void net_set_mtu(const char *ifname, int mtu) { | ||
163 | if (strlen(ifname) > IFNAMSIZ) { | ||
164 | fprintf(stderr, "Error fnet: invalid network device name %s\n", ifname); | ||
165 | exit(1); | ||
166 | } | ||
167 | |||
168 | int s; | ||
169 | struct ifreq ifr; | ||
170 | |||
171 | if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) | ||
172 | errExit("socket"); | ||
173 | |||
174 | memset(&ifr, 0, sizeof(ifr)); | ||
175 | ifr.ifr_addr.sa_family = AF_INET; | ||
176 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | ||
177 | ifr.ifr_mtu = mtu; | ||
178 | if (ioctl(s, SIOCSIFMTU, (caddr_t)&ifr) != 0) | ||
179 | fprintf(stderr, "Warning fnet: cannot set mtu for interface %s\n", ifname); | ||
180 | close(s); | ||
181 | } | ||
182 | |||
183 | // scan interfaces in current namespace and print IP address/mask for each interface | ||
184 | void net_ifprint(int scan) { | ||
185 | uint32_t ip; | ||
186 | uint32_t mask; | ||
187 | struct ifaddrs *ifaddr, *ifa; | ||
188 | |||
189 | if (getifaddrs(&ifaddr) == -1) | ||
190 | errExit("getifaddrs"); | ||
191 | |||
192 | printf("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n", | ||
193 | "Interface", "MAC", "IP", "Mask", "Status"); | ||
194 | // walk through the linked list | ||
195 | for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { | ||
196 | if (ifa->ifa_addr == NULL) | ||
197 | continue; | ||
198 | |||
199 | if (ifa->ifa_addr->sa_family == AF_INET) { | ||
200 | struct sockaddr_in *si = (struct sockaddr_in *) ifa->ifa_netmask; | ||
201 | mask = ntohl(si->sin_addr.s_addr); | ||
202 | si = (struct sockaddr_in *) ifa->ifa_addr; | ||
203 | ip = ntohl(si->sin_addr.s_addr); | ||
204 | |||
205 | // interface status | ||
206 | char *status; | ||
207 | if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) | ||
208 | status = "UP"; | ||
209 | else | ||
210 | status = "DOWN"; | ||
211 | |||
212 | // ip address and mask | ||
213 | char ipstr[30]; | ||
214 | sprintf(ipstr, "%d.%d.%d.%d", PRINT_IP(ip)); | ||
215 | char maskstr[30]; | ||
216 | sprintf(maskstr, "%d.%d.%d.%d", PRINT_IP(mask)); | ||
217 | |||
218 | // mac address | ||
219 | unsigned char mac[6]; | ||
220 | net_get_mac(ifa->ifa_name, mac); | ||
221 | char macstr[30]; | ||
222 | if (strcmp(ifa->ifa_name, "lo") == 0) | ||
223 | macstr[0] = '\0'; | ||
224 | else | ||
225 | sprintf(macstr, "%02x:%02x:%02x:%02x:%02x:%02x", PRINT_MAC(mac)); | ||
226 | |||
227 | |||
228 | printf("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n", | ||
229 | ifa->ifa_name, macstr, ipstr, maskstr, status); | ||
230 | |||
231 | // network scanning | ||
232 | if (!scan) // scanning disabled | ||
233 | continue; | ||
234 | if (strcmp(ifa->ifa_name, "lo") == 0) // no loopbabck scanning | ||
235 | continue; | ||
236 | if (mask2bits(mask) < 16) // not scanning large networks | ||
237 | continue; | ||
238 | if (!ip) // if not configured | ||
239 | continue; | ||
240 | // only if the interface is up and running | ||
241 | if (ifa->ifa_flags & IFF_RUNNING && ifa->ifa_flags & IFF_UP) | ||
242 | arp_scan(ifa->ifa_name, ip, mask); | ||
243 | } | ||
244 | } | ||
245 | freeifaddrs(ifaddr); | ||
246 | } | ||
247 | |||
248 | int net_get_mac(const char *ifname, unsigned char mac[6]) { | ||
249 | |||
250 | struct ifreq ifr; | ||
251 | int sock; | ||
252 | |||
253 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) | ||
254 | errExit("socket"); | ||
255 | |||
256 | memset(&ifr, 0, sizeof(ifr)); | ||
257 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | ||
258 | ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER; | ||
259 | |||
260 | if (ioctl(sock, SIOCGIFHWADDR, &ifr) == -1) | ||
261 | errExit("ioctl"); | ||
262 | memcpy(mac, ifr.ifr_hwaddr.sa_data, 6); | ||
263 | |||
264 | close(sock); | ||
265 | return 0; | ||
266 | } | ||
267 | |||
268 | // configure interface ipv4 address | ||
269 | void net_if_ip(const char *ifname, uint32_t ip, uint32_t mask, int mtu) { | ||
270 | if (strlen(ifname) > IFNAMSIZ) { | ||
271 | fprintf(stderr, "Error: invalid network device name %s\n", ifname); | ||
272 | exit(1); | ||
273 | } | ||
274 | |||
275 | int sock = socket(AF_INET,SOCK_DGRAM,0); | ||
276 | if (sock < 0) | ||
277 | errExit("socket"); | ||
278 | |||
279 | struct ifreq ifr; | ||
280 | memset(&ifr, 0, sizeof(ifr)); | ||
281 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | ||
282 | ifr.ifr_addr.sa_family = AF_INET; | ||
283 | |||
284 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(ip); | ||
285 | if (ioctl( sock, SIOCSIFADDR, &ifr ) < 0) { | ||
286 | close(sock); | ||
287 | errExit("ioctl"); | ||
288 | } | ||
289 | |||
290 | if (ip != 0) { | ||
291 | ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr = htonl(mask); | ||
292 | if (ioctl( sock, SIOCSIFNETMASK, &ifr ) < 0) { | ||
293 | close(sock); | ||
294 | errExit("ioctl"); | ||
295 | } | ||
296 | } | ||
297 | |||
298 | // configure mtu | ||
299 | if (mtu > 0) { | ||
300 | ifr.ifr_mtu = mtu; | ||
301 | if (ioctl( sock, SIOCSIFMTU, &ifr ) < 0) { | ||
302 | close(sock); | ||
303 | errExit("ioctl"); | ||
304 | } | ||
305 | } | ||
306 | |||
307 | close(sock); | ||
308 | usleep(10000); // sleep 10ms | ||
309 | } | ||
310 | |||
311 | int net_if_mac(const char *ifname, const unsigned char mac[6]) { | ||
312 | struct ifreq ifr; | ||
313 | int sock; | ||
314 | |||
315 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) | ||
316 | errExit("socket"); | ||
317 | |||
318 | memset(&ifr, 0, sizeof(ifr)); | ||
319 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | ||
320 | ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER; | ||
321 | memcpy(ifr.ifr_hwaddr.sa_data, mac, 6); | ||
322 | |||
323 | if (ioctl(sock, SIOCSIFHWADDR, &ifr) == -1) | ||
324 | errExit("ioctl"); | ||
325 | close(sock); | ||
326 | return 0; | ||
327 | } | ||
328 | |||
329 | // configure interface ipv6 address | ||
330 | // ex: firejail --net=eth0 --ip6=2001:0db8:0:f101::1/64 | ||
331 | struct ifreq6 { | ||
332 | struct in6_addr ifr6_addr; | ||
333 | uint32_t ifr6_prefixlen; | ||
334 | unsigned int ifr6_ifindex; | ||
335 | }; | ||
336 | void net_if_ip6(const char *ifname, const char *addr6) { | ||
337 | if (strchr(addr6, ':') == NULL) { | ||
338 | fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6); | ||
339 | exit(1); | ||
340 | } | ||
341 | |||
342 | // extract prefix | ||
343 | unsigned long prefix; | ||
344 | char *ptr; | ||
345 | if ((ptr = strchr(addr6, '/'))) { | ||
346 | prefix = atol(ptr + 1); | ||
347 | if (prefix > 128) { | ||
348 | fprintf(stderr, "Error fnet: invalid prefix for IPv6 address %s\n", addr6); | ||
349 | exit(1); | ||
350 | } | ||
351 | *ptr = '\0'; // mark the end of the address | ||
352 | } | ||
353 | else | ||
354 | prefix = 128; | ||
355 | |||
356 | // extract address | ||
357 | struct sockaddr_in6 sin6; | ||
358 | memset(&sin6, 0, sizeof(sin6)); | ||
359 | sin6.sin6_family = AF_INET6; | ||
360 | int rv = inet_pton(AF_INET6, addr6, sin6.sin6_addr.s6_addr); | ||
361 | if (rv <= 0) { | ||
362 | fprintf(stderr, "Error fnet: invalid IPv6 address %s\n", addr6); | ||
363 | exit(1); | ||
364 | } | ||
365 | |||
366 | // open socket | ||
367 | int sock = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP); | ||
368 | if (sock < 0) { | ||
369 | fprintf(stderr, "Error fnet: IPv6 is not supported on this system\n"); | ||
370 | exit(1); | ||
371 | } | ||
372 | |||
373 | // find interface index | ||
374 | struct ifreq ifr; | ||
375 | memset(&ifr, 0, sizeof(ifr)); | ||
376 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ); | ||
377 | ifr.ifr_addr.sa_family = AF_INET; | ||
378 | if (ioctl(sock, SIOGIFINDEX, &ifr) < 0) { | ||
379 | perror("ioctl SIOGIFINDEX"); | ||
380 | exit(1); | ||
381 | } | ||
382 | |||
383 | // configure address | ||
384 | struct ifreq6 ifr6; | ||
385 | memset(&ifr6, 0, sizeof(ifr6)); | ||
386 | ifr6.ifr6_prefixlen = prefix; | ||
387 | ifr6.ifr6_ifindex = ifr.ifr_ifindex; | ||
388 | memcpy((char *) &ifr6.ifr6_addr, (char *) &sin6.sin6_addr, sizeof(struct in6_addr)); | ||
389 | if (ioctl(sock, SIOCSIFADDR, &ifr6) < 0) { | ||
390 | perror("ioctl SIOCSIFADDR"); | ||
391 | exit(1); | ||
392 | } | ||
393 | |||
394 | close(sock); | ||
395 | } | ||
diff --git a/src/fnet/main.c b/src/fnet/main.c new file mode 100644 index 000000000..4ae9eb6e3 --- /dev/null +++ b/src/fnet/main.c | |||
@@ -0,0 +1,103 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "fnet.h" | ||
21 | |||
22 | static void usage(void) { | ||
23 | printf("Usage:\n"); | ||
24 | printf("\tfnet create veth dev1 dev2 bridge child\n"); | ||
25 | printf("\tfnet create macvlan dev parent child\n"); | ||
26 | printf("\tfnet moveif dev proc\n"); | ||
27 | printf("\tfnet printif\n"); | ||
28 | printf("\tfnet printif scan\n"); | ||
29 | printf("\tfnet config interface dev ip mask mtu\n"); | ||
30 | printf("\tfnet config mac addr\n"); | ||
31 | printf("\tfnet config ipv6 dev ipn"); | ||
32 | printf("\tfmet ifup dev\n"); | ||
33 | } | ||
34 | |||
35 | int main(int argc, char **argv) { | ||
36 | #if 0 | ||
37 | { | ||
38 | //system("cat /proc/self/status"); | ||
39 | int i; | ||
40 | for (i = 0; i < argc; i++) | ||
41 | printf("*%s* ", argv[i]); | ||
42 | printf("\n"); | ||
43 | } | ||
44 | #endif | ||
45 | if (argc < 2) | ||
46 | return 1; | ||
47 | |||
48 | |||
49 | |||
50 | if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) { | ||
51 | usage(); | ||
52 | return 0; | ||
53 | } | ||
54 | else if (argc == 3 && strcmp(argv[1], "ifup") == 0) { | ||
55 | net_if_up(argv[2]); | ||
56 | } | ||
57 | else if (argc == 2 && strcmp(argv[1], "printif") == 0) { | ||
58 | net_ifprint(0); | ||
59 | } | ||
60 | else if (argc == 3 && strcmp(argv[1], "printif") == 0 && strcmp(argv[2], "scan") == 0) { | ||
61 | net_ifprint(1); | ||
62 | } | ||
63 | else if (argc == 7 && strcmp(argv[1], "create") == 0 && strcmp(argv[2], "veth") == 0) { | ||
64 | // create veth pair and move one end in the the namespace | ||
65 | net_create_veth(argv[3], argv[4], atoi(argv[6])); | ||
66 | // connect the ohter veth end to the bridge ... | ||
67 | net_bridge_add_interface(argv[5], argv[3]); | ||
68 | // ... and bring it up | ||
69 | net_if_up(argv[3]); | ||
70 | } | ||
71 | else if (argc == 6 && strcmp(argv[1], "create") == 0 && strcmp(argv[2], "macvlan") == 0) { | ||
72 | net_create_macvlan(argv[3], argv[4], atoi(argv[5])); | ||
73 | } | ||
74 | else if (argc == 7 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "interface") == 0) { | ||
75 | char *dev = argv[3]; | ||
76 | uint32_t ip = (uint32_t) atoll(argv[4]); | ||
77 | uint32_t mask = (uint32_t) atoll(argv[5]); | ||
78 | int mtu = atoi(argv[6]); | ||
79 | // configure interface | ||
80 | net_if_ip(dev, ip, mask, mtu); | ||
81 | // ... and bring it up | ||
82 | net_if_up(dev); | ||
83 | } | ||
84 | else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "mac") == 0) { | ||
85 | unsigned char mac[6]; | ||
86 | if (atomac(argv[4], mac)) { | ||
87 | fprintf(stderr, "Error fnet: invalid mac address %s\n", argv[4]); | ||
88 | } | ||
89 | net_if_mac(argv[3], mac); | ||
90 | } | ||
91 | else if (argc == 4 && strcmp(argv[1], "moveif") == 0) { | ||
92 | net_move_interface(argv[2], atoi(argv[3])); | ||
93 | } | ||
94 | else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) { | ||
95 | net_if_ip6(argv[3], argv[4]); | ||
96 | } | ||
97 | else { | ||
98 | fprintf(stderr, "Error fnet: invalid arguments\n"); | ||
99 | return 1; | ||
100 | } | ||
101 | |||
102 | return 0; | ||
103 | } | ||
diff --git a/src/fnet/veth.c b/src/fnet/veth.c new file mode 100644 index 000000000..d06bc9256 --- /dev/null +++ b/src/fnet/veth.c | |||
@@ -0,0 +1,230 @@ | |||
1 | /* code based on iproute2 ip/iplink.c, modified to be included in firejail project | ||
2 | * | ||
3 | * Original source code: | ||
4 | * | ||
5 | * Information: | ||
6 | * http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 | ||
7 | * | ||
8 | * Download: | ||
9 | * http://www.kernel.org/pub/linux/utils/net/iproute2/ | ||
10 | * | ||
11 | * Repository: | ||
12 | * git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git | ||
13 | * | ||
14 | * License: GPL v2 | ||
15 | * | ||
16 | * Original copyright header | ||
17 | * | ||
18 | * iplink.c "ip link". | ||
19 | * | ||
20 | * This program is free software; you can redistribute it and/or | ||
21 | * modify it under the terms of the GNU General Public License | ||
22 | * as published by the Free Software Foundation; either version | ||
23 | * 2 of the License, or (at your option) any later version. | ||
24 | * | ||
25 | * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> | ||
26 | * | ||
27 | */ | ||
28 | /* | ||
29 | * Copyright (C) 2014-2016 Firejail Authors | ||
30 | * | ||
31 | * This file is part of firejail project | ||
32 | * | ||
33 | * This program is free software; you can redistribute it and/or modify | ||
34 | * it under the terms of the GNU General Public License as published by | ||
35 | * the Free Software Foundation; either version 2 of the License, or | ||
36 | * (at your option) any later version. | ||
37 | * | ||
38 | * This program is distributed in the hope that it will be useful, | ||
39 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
40 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
41 | * GNU General Public License for more details. | ||
42 | * | ||
43 | * You should have received a copy of the GNU General Public License along | ||
44 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
45 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
46 | */ | ||
47 | |||
48 | #include "fnet.h" | ||
49 | #include "../include/libnetlink.h" | ||
50 | #include <linux/veth.h> | ||
51 | #include <net/if.h> | ||
52 | |||
53 | struct iplink_req | ||
54 | { | ||
55 | struct nlmsghdr n; | ||
56 | struct ifinfomsg i; | ||
57 | char buf[1024]; | ||
58 | }; | ||
59 | |||
60 | static struct rtnl_handle rth = { .fd = -1 }; | ||
61 | |||
62 | int net_create_veth(const char *dev, const char *nsdev, unsigned pid) { | ||
63 | int len; | ||
64 | struct iplink_req req; | ||
65 | |||
66 | assert(dev); | ||
67 | assert(nsdev); | ||
68 | assert(pid); | ||
69 | |||
70 | if (rtnl_open(&rth, 0) < 0) { | ||
71 | fprintf(stderr, "cannot open netlink\n"); | ||
72 | exit(1); | ||
73 | } | ||
74 | |||
75 | memset(&req, 0, sizeof(req)); | ||
76 | |||
77 | req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); | ||
78 | req.n.nlmsg_flags = NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL; | ||
79 | req.n.nlmsg_type = RTM_NEWLINK; | ||
80 | req.i.ifi_family = 0; | ||
81 | |||
82 | if (dev) { | ||
83 | len = strlen(dev) + 1; | ||
84 | addattr_l(&req.n, sizeof(req), IFLA_IFNAME, dev, len); | ||
85 | } | ||
86 | |||
87 | struct rtattr *linkinfo = NLMSG_TAIL(&req.n); | ||
88 | addattr_l(&req.n, sizeof(req), IFLA_LINKINFO, NULL, 0); | ||
89 | addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, "veth", strlen("veth")); | ||
90 | |||
91 | struct rtattr * data = NLMSG_TAIL(&req.n); | ||
92 | addattr_l(&req.n, sizeof(req), IFLA_INFO_DATA, NULL, 0); | ||
93 | |||
94 | struct rtattr * peerdata = NLMSG_TAIL(&req.n); | ||
95 | addattr_l (&req.n, sizeof(req), VETH_INFO_PEER, NULL, 0); | ||
96 | req.n.nlmsg_len += sizeof(struct ifinfomsg); | ||
97 | |||
98 | // place the link in the child namespace | ||
99 | addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4); | ||
100 | |||
101 | if (nsdev) { | ||
102 | int len = strlen(nsdev) + 1; | ||
103 | addattr_l(&req.n, sizeof(req), IFLA_IFNAME, nsdev, len); | ||
104 | } | ||
105 | peerdata->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)peerdata; | ||
106 | |||
107 | data->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)data; | ||
108 | linkinfo->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)linkinfo; | ||
109 | |||
110 | // send message | ||
111 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | ||
112 | exit(2); | ||
113 | |||
114 | return 0; | ||
115 | } | ||
116 | |||
117 | |||
118 | int net_create_macvlan(const char *dev, const char *parent, unsigned pid) { | ||
119 | int len; | ||
120 | struct iplink_req req; | ||
121 | assert(dev); | ||
122 | assert(parent); | ||
123 | |||
124 | if (rtnl_open(&rth, 0) < 0) { | ||
125 | fprintf(stderr, "cannot open netlink\n"); | ||
126 | exit(1); | ||
127 | } | ||
128 | |||
129 | memset(&req, 0, sizeof(req)); | ||
130 | |||
131 | req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); | ||
132 | req.n.nlmsg_flags = NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL; | ||
133 | req.n.nlmsg_type = RTM_NEWLINK; | ||
134 | req.i.ifi_family = 0; | ||
135 | |||
136 | // find parent ifindex | ||
137 | int parent_ifindex = if_nametoindex(parent); | ||
138 | if (parent_ifindex <= 0) { | ||
139 | fprintf(stderr, "Error: cannot find network device %s\n", parent); | ||
140 | exit(1); | ||
141 | } | ||
142 | |||
143 | // add parent | ||
144 | addattr_l(&req.n, sizeof(req), IFLA_LINK, &parent_ifindex, 4); | ||
145 | |||
146 | // add new interface name | ||
147 | len = strlen(dev) + 1; | ||
148 | addattr_l(&req.n, sizeof(req), IFLA_IFNAME, dev, len); | ||
149 | |||
150 | // place the interface in child namespace | ||
151 | addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4); | ||
152 | |||
153 | |||
154 | // add link info for the new interface | ||
155 | struct rtattr *linkinfo = NLMSG_TAIL(&req.n); | ||
156 | addattr_l(&req.n, sizeof(req), IFLA_LINKINFO, NULL, 0); | ||
157 | addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, "macvlan", strlen("macvlan")); | ||
158 | |||
159 | // set macvlan bridge mode | ||
160 | struct rtattr * data = NLMSG_TAIL(&req.n); | ||
161 | addattr_l(&req.n, sizeof(req), IFLA_INFO_DATA, NULL, 0); | ||
162 | int macvlan_type = MACVLAN_MODE_BRIDGE; | ||
163 | addattr_l (&req.n, sizeof(req), IFLA_INFO_KIND, &macvlan_type, 4); | ||
164 | |||
165 | data->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)data; | ||
166 | // req.n.nlmsg_len += sizeof(struct ifinfomsg); | ||
167 | |||
168 | |||
169 | data->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)data; | ||
170 | linkinfo->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)linkinfo; | ||
171 | |||
172 | // send message | ||
173 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | ||
174 | exit(2); | ||
175 | |||
176 | return 0; | ||
177 | } | ||
178 | |||
179 | // move the interface dev in namespace of program pid | ||
180 | // when the interface is moved, netlink does not preserve interface configuration | ||
181 | int net_move_interface(const char *dev, unsigned pid) { | ||
182 | struct iplink_req req; | ||
183 | assert(dev); | ||
184 | |||
185 | if (rtnl_open(&rth, 0) < 0) { | ||
186 | fprintf(stderr, "cannot open netlink\n"); | ||
187 | exit(1); | ||
188 | } | ||
189 | |||
190 | memset(&req, 0, sizeof(req)); | ||
191 | |||
192 | req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); | ||
193 | req.n.nlmsg_flags = NLM_F_REQUEST; | ||
194 | req.n.nlmsg_type = RTM_NEWLINK; | ||
195 | req.i.ifi_family = 0; | ||
196 | |||
197 | // find ifindex | ||
198 | int ifindex = if_nametoindex(dev); | ||
199 | if (ifindex <= 0) { | ||
200 | fprintf(stderr, "Error: cannot find interface %s\n", dev); | ||
201 | exit(1); | ||
202 | } | ||
203 | req.i.ifi_index = ifindex; | ||
204 | |||
205 | // place the interface in child namespace | ||
206 | addattr_l (&req.n, sizeof(req), IFLA_NET_NS_PID, &pid, 4); | ||
207 | |||
208 | // send message | ||
209 | if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) | ||
210 | exit(2); | ||
211 | |||
212 | return 0; | ||
213 | } | ||
214 | |||
215 | /* | ||
216 | int main(int argc, char **argv) { | ||
217 | printf("Hello\n"); | ||
218 | |||
219 | |||
220 | char *dev = argv[3]; | ||
221 | char *nsdev = argv[8]; | ||
222 | unsigned pid; | ||
223 | sscanf(argv[10], "%u", &pid); | ||
224 | |||
225 | |||
226 | net_create_veth(dev, nsdev, pid); | ||
227 | |||
228 | return 0; | ||
229 | } | ||
230 | */ \ No newline at end of file | ||