5
#include <sys/inotify.h>
8
#include <sys/syscall.h>
18
#include "ip_common.h"
20
#define NETNS_RUN_DIR "/var/run/netns"
21
#define NETNS_ETC_DIR "/etc/netns"
24
#define CLONE_NEWNET 0x40000000 /* New network namespace (lo, device, names sockets, etc) */
28
#define MNT_DETACH 0x00000002 /* Just detach from the tree */
29
#endif /* MNT_DETACH */
32
static int setns(int fd, int nstype)
35
return syscall(__NR_setns, fd, nstype);
41
#endif /* HAVE_SETNS */
44
static void usage(void) __attribute__((noreturn));
46
static void usage(void)
48
fprintf(stderr, "Usage: ip netns list\n");
49
fprintf(stderr, " ip netns add NAME\n");
50
fprintf(stderr, " ip netns delete NAME\n");
51
fprintf(stderr, " ip netns exec NAME cmd ...\n");
52
fprintf(stderr, " ip netns monitor\n");
56
int get_netns_fd(const char *name)
58
char pathbuf[MAXPATHLEN];
59
const char *path, *ptr;
62
ptr = strchr(name, '/');
64
snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
65
NETNS_RUN_DIR, name );
68
return open(path, O_RDONLY);
71
static int netns_list(int argc, char **argv)
76
dir = opendir(NETNS_RUN_DIR);
80
while ((entry = readdir(dir)) != NULL) {
81
if (strcmp(entry->d_name, ".") == 0)
83
if (strcmp(entry->d_name, "..") == 0)
85
printf("%s\n", entry->d_name);
91
static void bind_etc(const char *name)
93
char etc_netns_path[MAXPATHLEN];
94
char netns_name[MAXPATHLEN];
95
char etc_name[MAXPATHLEN];
99
snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name);
100
dir = opendir(etc_netns_path);
104
while ((entry = readdir(dir)) != NULL) {
105
if (strcmp(entry->d_name, ".") == 0)
107
if (strcmp(entry->d_name, "..") == 0)
109
snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name);
110
snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name);
111
if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) {
112
fprintf(stderr, "Bind %s -> %s failed: %s\n",
113
netns_name, etc_name, strerror(errno));
119
static int netns_exec(int argc, char **argv)
121
/* Setup the proper environment for apps that are not netns
122
* aware, and execute a program in that environment.
124
const char *name, *cmd;
125
char net_path[MAXPATHLEN];
129
fprintf(stderr, "No netns name specified\n");
133
fprintf(stderr, "No cmd specified\n");
138
snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
139
netns = open(net_path, O_RDONLY);
141
fprintf(stderr, "Cannot open network namespace: %s\n",
145
if (setns(netns, CLONE_NEWNET) < 0) {
146
fprintf(stderr, "seting the network namespace failed: %s\n",
151
if (unshare(CLONE_NEWNS) < 0) {
152
fprintf(stderr, "unshare failed: %s\n", strerror(errno));
155
/* Mount a version of /sys that describes the network namespace */
156
if (umount2("/sys", MNT_DETACH) < 0) {
157
fprintf(stderr, "umount of /sys failed: %s\n", strerror(errno));
160
if (mount(name, "/sys", "sysfs", 0, NULL) < 0) {
161
fprintf(stderr, "mount of /sys failed: %s\n",strerror(errno));
165
/* Setup bind mounts for config files in /etc */
168
if (execvp(cmd, argv + 1) < 0)
169
fprintf(stderr, "exec of %s failed: %s\n",
170
cmd, strerror(errno));
174
static int netns_delete(int argc, char **argv)
177
char netns_path[MAXPATHLEN];
180
fprintf(stderr, "No netns name specified\n");
185
snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
186
umount2(netns_path, MNT_DETACH);
187
if (unlink(netns_path) < 0) {
188
fprintf(stderr, "Cannot remove %s: %s\n",
189
netns_path, strerror(errno));
195
static int netns_add(int argc, char **argv)
197
/* This function creates a new network namespace and
198
* a new mount namespace and bind them into a well known
199
* location in the filesystem based on the name provided.
201
* The mount namespace is created so that any necessary
202
* userspace tweaks like remounting /sys, or bind mounting
203
* a new /etc/resolv.conf can be shared between uers.
205
char netns_path[MAXPATHLEN];
210
fprintf(stderr, "No netns name specified\n");
215
snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
217
/* Create the base netns directory if it doesn't exist */
218
mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
220
/* Create the filesystem state */
221
fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0);
223
fprintf(stderr, "Could not create %s: %s\n",
224
netns_path, strerror(errno));
228
if (unshare(CLONE_NEWNET) < 0) {
229
fprintf(stderr, "Failed to create a new network namespace: %s\n",
234
/* Bind the netns last so I can watch for it */
235
if (mount("/proc/self/ns/net", netns_path, "none", MS_BIND, NULL) < 0) {
236
fprintf(stderr, "Bind /proc/self/ns/net -> %s failed: %s\n",
237
netns_path, strerror(errno));
242
netns_delete(argc, argv);
248
static int netns_monitor(int argc, char **argv)
251
struct inotify_event *event;
255
fprintf(stderr, "inotify_init failed: %s\n",
259
if (inotify_add_watch(fd, NETNS_RUN_DIR, IN_CREATE | IN_DELETE) < 0) {
260
fprintf(stderr, "inotify_add_watch failed: %s\n",
265
ssize_t len = read(fd, buf, sizeof(buf));
267
fprintf(stderr, "read failed: %s\n",
271
for (event = (struct inotify_event *)buf;
272
(char *)event < &buf[len];
273
event = (struct inotify_event *)((char *)event + sizeof(*event) + event->len)) {
274
if (event->mask & IN_CREATE)
275
printf("add %s\n", event->name);
276
if (event->mask & IN_DELETE)
277
printf("delete %s\n", event->name);
283
int do_netns(int argc, char **argv)
286
return netns_list(0, NULL);
288
if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) ||
289
(matches(*argv, "lst") == 0))
290
return netns_list(argc-1, argv+1);
292
if (matches(*argv, "help") == 0)
295
if (matches(*argv, "add") == 0)
296
return netns_add(argc-1, argv+1);
298
if (matches(*argv, "delete") == 0)
299
return netns_delete(argc-1, argv+1);
301
if (matches(*argv, "exec") == 0)
302
return netns_exec(argc-1, argv+1);
304
if (matches(*argv, "monitor") == 0)
305
return netns_monitor(argc-1, argv+1);
307
fprintf(stderr, "Command \"%s\" is unknown, try \"ip netns help\".\n", *argv);