Merge pull request #3076 from brauner/2019-07-03/network_fixes

src/lxc/network.c

@@ -68,7 +68,7 @@
 lxc_log_define(network, lxc);
 
 typedef int (*instantiate_cb)(struct lxc_handler *, struct lxc_netdev *);
-static const char loDev[] = "lo";
+static const char loop_device[] = "lo";
 
 static int lxc_ip_route_dest(__u16 nlmsg_type, int family, int ifindex, void *dest, unsigned int netmask)
 {
@@ -332,7 +332,7 @@ out_delete:
 
 static int instantiate_macvlan(struct lxc_handler *handler, struct lxc_netdev *netdev)
 {
-	char peerbuf[IFNAMSIZ], *peer;
+	char peer[IFNAMSIZ];
 	int err;
 	unsigned int mtu = 0;
 
@@ -341,12 +341,11 @@ static int instantiate_macvlan(struct lxc_handler *handler, struct lxc_netdev *n
 		return -1;
 	}
 
-	err = snprintf(peerbuf, sizeof(peerbuf), "mcXXXXXX");
-	if (err < 0 || (size_t)err >= sizeof(peerbuf))
+	err = snprintf(peer, sizeof(peer), "mcXXXXXX");
+	if (err < 0 || (size_t)err >= sizeof(peer))
 		return -1;
 
-	peer = lxc_mkifname(peerbuf);
-	if (!peer)
+	if (!lxc_mkifname(peer))
 		return -1;
 
 	err = lxc_macvlan_create(netdev->link, peer,
@@ -358,6 +357,8 @@ static int instantiate_macvlan(struct lxc_handler *handler, struct lxc_netdev *n
 		goto on_error;
 	}
 
+	strlcpy(netdev->created_name, peer, IFNAMSIZ);
+
 	netdev->ifindex = if_nametoindex(peer);
 	if (!netdev->ifindex) {
 		ERROR("Failed to retrieve ifindex for \"%s\"", peer);
@@ -493,7 +494,7 @@ out:
 
 static int instantiate_ipvlan(struct lxc_handler *handler, struct lxc_netdev *netdev)
 {
-	char peerbuf[IFNAMSIZ], *peer;
+	char peer[IFNAMSIZ];
 	int err;
 	unsigned int mtu = 0;
 
@@ -502,20 +503,23 @@ static int instantiate_ipvlan(struct lxc_handler *handler, struct lxc_netdev *ne
 		return -1;
 	}
 
-	err = snprintf(peerbuf, sizeof(peerbuf), "ipXXXXXX");
-	if (err < 0 || (size_t)err >= sizeof(peerbuf))
+	err = snprintf(peer, sizeof(peer), "ipXXXXXX");
+	if (err < 0 || (size_t)err >= sizeof(peer))
 		return -1;
 
-	peer = lxc_mkifname(peerbuf);
-	if (!peer)
+	if (!lxc_mkifname(peer))
 		return -1;
 
-	err = lxc_ipvlan_create(netdev->link, peer, netdev->priv.ipvlan_attr.mode, netdev->priv.ipvlan_attr.isolation);
+	err = lxc_ipvlan_create(netdev->link, peer, netdev->priv.ipvlan_attr.mode,
+				netdev->priv.ipvlan_attr.isolation);
 	if (err) {
-		SYSERROR("Failed to create ipvlan interface \"%s\" on \"%s\"", peer, netdev->link);
+		SYSERROR("Failed to create ipvlan interface \"%s\" on \"%s\"",
+			 peer, netdev->link);
 		goto on_error;
 	}
 
+	strlcpy(netdev->created_name, peer, IFNAMSIZ);
+
 	netdev->ifindex = if_nametoindex(peer);
 	if (!netdev->ifindex) {
 		ERROR("Failed to retrieve ifindex for \"%s\"", peer);
@@ -526,14 +530,16 @@ static int instantiate_ipvlan(struct lxc_handler *handler, struct lxc_netdev *ne
 		err = lxc_safe_uint(netdev->mtu, &mtu);
 		if (err < 0) {
 			errno = -err;
-			SYSERROR("Failed to parse mtu \"%s\" for interface \"%s\"", netdev->mtu, peer);
+			SYSERROR("Failed to parse mtu \"%s\" for interface \"%s\"",
+				 netdev->mtu, peer);
 			goto on_error;
 		}
 
 		err = lxc_netdev_set_mtu(peer, mtu);
 		if (err < 0) {
 			errno = -err;
-			SYSERROR("Failed to set mtu \"%s\" for interface \"%s\"", netdev->mtu, peer);
+			SYSERROR("Failed to set mtu \"%s\" for interface \"%s\"",
+				 netdev->mtu, peer);
 			goto on_error;
 		}
 	}
@@ -545,15 +551,14 @@ static int instantiate_ipvlan(struct lxc_handler *handler, struct lxc_netdev *ne
 		    NULL,
 		};
 
-		err = run_script_argv(handler->name,
-				handler->conf->hooks_version, "net",
-				netdev->upscript, "up", argv);
+		err = run_script_argv(handler->name, handler->conf->hooks_version,
+				      "net", netdev->upscript, "up", argv);
 		if (err < 0)
 			goto on_error;
 	}
 
-	DEBUG("Instantiated ipvlan \"%s\" with ifindex is %d and mode %d",
-	      peer, netdev->ifindex, netdev->priv.macvlan_attr.mode);
+	DEBUG("Instantiated ipvlan \"%s\" with ifindex is %d and mode %d", peer,
+	      netdev->ifindex, netdev->priv.macvlan_attr.mode);
 
 	return 0;
 
@@ -574,7 +579,8 @@ static int instantiate_vlan(struct lxc_handler *handler, struct lxc_netdev *netd
 		return -1;
 	}
 
-	err = snprintf(peer, sizeof(peer), "vlan%d-%d", netdev->priv.vlan_attr.vid, vlan_cntr++);
+	err = snprintf(peer, sizeof(peer), "vlan%d-%d",
+		       netdev->priv.vlan_attr.vid, vlan_cntr++);
 	if (err < 0 || (size_t)err >= sizeof(peer))
 		return -1;
 
@@ -586,6 +592,8 @@ static int instantiate_vlan(struct lxc_handler *handler, struct lxc_netdev *netd
 		return -1;
 	}
 
+	strlcpy(netdev->created_name, peer, IFNAMSIZ);
+
 	netdev->ifindex = if_nametoindex(peer);
 	if (!netdev->ifindex) {
 		ERROR("Failed to retrieve ifindex for \"%s\"", peer);
@@ -596,14 +604,16 @@ static int instantiate_vlan(struct lxc_handler *handler, struct lxc_netdev *netd
 		err = lxc_safe_uint(netdev->mtu, &mtu);
 		if (err < 0) {
 			errno = -err;
-			SYSERROR("Failed to parse mtu \"%s\" for interface \"%s\"", netdev->mtu, peer);
+			SYSERROR("Failed to parse mtu \"%s\" for interface \"%s\"",
+				 netdev->mtu, peer);
 			goto on_error;
 		}
 
 		err = lxc_netdev_set_mtu(peer, mtu);
 		if (err) {
 			errno = -err;
-			SYSERROR("Failed to set mtu \"%s\" for interface \"%s\"", netdev->mtu, peer);
+			SYSERROR("Failed to set mtu \"%s\" for interface \"%s\"",
+				 netdev->mtu, peer);
 			goto on_error;
 		}
 	}
@@ -615,16 +625,15 @@ static int instantiate_vlan(struct lxc_handler *handler, struct lxc_netdev *netd
 		    NULL,
 		};
 
-		err = run_script_argv(handler->name,
-				handler->conf->hooks_version, "net",
-				netdev->upscript, "up", argv);
+		err = run_script_argv(handler->name, handler->conf->hooks_version,
+				      "net", netdev->upscript, "up", argv);
 		if (err < 0) {
 			goto on_error;
 		}
 	}
 
-	DEBUG("Instantiated vlan \"%s\" with ifindex is \"%d\"",
-	      peer, netdev->ifindex);
+	DEBUG("Instantiated vlan \"%s\" with ifindex is \"%d\"", peer,
+	      netdev->ifindex);
 
 	return 0;
 
@@ -643,7 +652,8 @@ static int instantiate_phys(struct lxc_handler *handler, struct lxc_netdev *netd
 		return -1;
 	}
 
-	/* Note that we're retrieving the container's ifindex in the host's
+	/*
+	 * Note that we're retrieving the container's ifindex in the host's
 	 * network namespace because we need it to move the device from the
 	 * host's network namespace to the container's network namespace later
 	 * on.
@@ -656,12 +666,18 @@ static int instantiate_phys(struct lxc_handler *handler, struct lxc_netdev *netd
 		return -1;
 	}
 
-	/* Store the ifindex of the host's network device in the host's
+	strlcpy(netdev->created_name, netdev->link, IFNAMSIZ);
+
+	/*
+	 * Store the ifindex of the host's network device in the host's
 	 * namespace.
 	 */
 	netdev->priv.phys_attr.ifindex = netdev->ifindex;
 
-	/* Get original device MTU setting and store for restoration after container shutdown. */
+	/*
+	 * Get original device MTU setting and store for restoration after
+	 * container shutdown.
+	 */
 	mtu_orig = netdev_get_mtu(netdev->ifindex);
 	if (mtu_orig < 0) {
 		SYSERROR("Failed to get original mtu for interface \"%s\"", netdev->link);
@@ -674,14 +690,16 @@ static int instantiate_phys(struct lxc_handler *handler, struct lxc_netdev *netd
 		err = lxc_safe_uint(netdev->mtu, &mtu);
 		if (err < 0) {
 			errno = -err;
-			SYSERROR("Failed to parse mtu \"%s\" for interface \"%s\"", netdev->mtu, netdev->link);
+			SYSERROR("Failed to parse mtu \"%s\" for interface \"%s\"",
+				 netdev->mtu, netdev->link);
 			return -1;
 		}
 
 		err = lxc_netdev_set_mtu(netdev->link, mtu);
 		if (err < 0) {
 			errno = -err;
-			SYSERROR("Failed to set mtu \"%s\" for interface \"%s\"", netdev->mtu, netdev->link);
+			SYSERROR("Failed to set mtu \"%s\" for interface \"%s\"",
+				 netdev->mtu, netdev->link);
 			return -1;
 		}
 	}
@@ -693,15 +711,15 @@ static int instantiate_phys(struct lxc_handler *handler, struct lxc_netdev *netd
 		    NULL,
 		};
 
-		err = run_script_argv(handler->name,
-				handler->conf->hooks_version, "net",
-				netdev->upscript, "up", argv);
+		err = run_script_argv(handler->name, handler->conf->hooks_version,
+				      "net", netdev->upscript, "up", argv);
 		if (err < 0) {
 			return -1;
 		}
 	}
 
-	DEBUG("Instantiated phys \"%s\" with ifindex is \"%d\"", netdev->link, netdev->ifindex);
+	DEBUG("Instantiated phys \"%s\" with ifindex is \"%d\"", netdev->link,
+	      netdev->ifindex);
 
 	return 0;
 }
@@ -2946,9 +2964,9 @@ static int lxc_setup_l2proxy(struct lxc_netdev *netdev) {
 		}
 
 		/* Retrieve local-loopback interface index for use with IPVLAN static routes. */
-		lo_ifindex = if_nametoindex(loDev);
+		lo_ifindex = if_nametoindex(loop_device);
 		if (lo_ifindex == 0) {
-			ERROR("Failed to retrieve ifindex for \"%s\" routing cleanup", loDev);
+			ERROR("Failed to retrieve ifindex for \"%s\" routing cleanup", loop_device);
 			return minus_one_set_errno(EINVAL);
 		}
 	}
@@ -2965,7 +2983,7 @@ static int lxc_setup_l2proxy(struct lxc_netdev *netdev) {
 		if (netdev->type == LXC_NET_IPVLAN) {
 			err = lxc_ipv4_dest_add(lo_ifindex, &inet4dev->addr, 32);
 			if (err < 0) {
-				ERROR("Failed to add ipv4 dest \"%s\" for network device \"%s\"", bufinet4, loDev);
+				ERROR("Failed to add ipv4 dest \"%s\" for network device \"%s\"", bufinet4, loop_device);
 				return minus_one_set_errno(-err);
 			}
 		}
@@ -2983,7 +3001,7 @@ static int lxc_setup_l2proxy(struct lxc_netdev *netdev) {
 		if (netdev->type == LXC_NET_IPVLAN) {
 			err = lxc_ipv6_dest_add(lo_ifindex, &inet6dev->addr, 128);
 			if (err < 0) {
-				ERROR("Failed to add ipv6 dest \"%s\" for network device \"%s\"", bufinet6, loDev);
+				ERROR("Failed to add ipv6 dest \"%s\" for network device \"%s\"", bufinet6, loop_device);
 				return minus_one_set_errno(-err);
 			}
 		}
@@ -3060,10 +3078,10 @@ static int lxc_delete_l2proxy(struct lxc_netdev *netdev) {
 	/* Perform IPVLAN specific checks. */
 	if (netdev->type == LXC_NET_IPVLAN) {
 		/* Retrieve local-loopback interface index for use with IPVLAN static routes. */
-		lo_ifindex = if_nametoindex(loDev);
+		lo_ifindex = if_nametoindex(loop_device);
 		if (lo_ifindex == 0) {
 			errCount++;
-			ERROR("Failed to retrieve ifindex for \"%s\" routing cleanup", loDev);
+			ERROR("Failed to retrieve ifindex for \"%s\" routing cleanup", loop_device);
 		}
 	}
 
@@ -3156,6 +3174,17 @@ int lxc_network_move_created_netdev_priv(struct lxc_handler *handler)
 	return 0;
 }
 
+static int network_requires_advanced_setup(int type)
+{
+	if (type == LXC_NET_EMPTY)
+		return false;
+
+	if (type == LXC_NET_NONE)
+		return false;
+
+	return true;
+}
+
 static int lxc_create_network_unpriv(struct lxc_handler *handler)
 {
 	int hooks_version = handler->conf->hooks_version;
@@ -3168,10 +3197,7 @@ static int lxc_create_network_unpriv(struct lxc_handler *handler)
 	lxc_list_for_each(iterator, network) {
 		struct lxc_netdev *netdev = iterator->elem;
 
-		if (netdev->type == LXC_NET_EMPTY)
-			continue;
-
-		if (netdev->type == LXC_NET_NONE)
+		if (!network_requires_advanced_setup(netdev->type))
 			continue;
 
 		if (netdev->type != LXC_NET_VETH) {
@@ -3510,7 +3536,7 @@ static int lxc_setup_netdev_in_child_namespaces(struct lxc_netdev *netdev)
 		netdev->ifindex = if_nametoindex(netdev->created_name);
 		if (!netdev->ifindex)
 			SYSERROR("Failed to retrieve ifindex for network device with name %s",
-				 netdev->name ?: "(null)");
+				 netdev->created_name ?: "(null)");
 	}
 
 	/* get the new ifindex in case of physical netdev */
@@ -3745,7 +3771,7 @@ int lxc_setup_network_in_child_namespaces(const struct lxc_conf *conf,
 	return 0;
 }
 
-int lxc_network_send_veth_names_to_child(struct lxc_handler *handler)
+int lxc_network_send_to_child(struct lxc_handler *handler)
 {
 	struct lxc_list *iterator;
 	struct lxc_list *network = &handler->conf->network;
@@ -3755,7 +3781,7 @@ int lxc_network_send_veth_names_to_child(struct lxc_handler *handler)
 		int ret;
 		struct lxc_netdev *netdev = iterator->elem;
 
-		if (netdev->type != LXC_NET_VETH)
+		if (!network_requires_advanced_setup(netdev->type))
 			continue;
 
 		ret = lxc_send_nointr(data_sock, netdev->name, IFNAMSIZ, MSG_NOSIGNAL);
@@ -3772,7 +3798,7 @@ int lxc_network_send_veth_names_to_child(struct lxc_handler *handler)
 	return 0;
 }
 
-int lxc_network_recv_veth_names_from_parent(struct lxc_handler *handler)
+int lxc_network_recv_from_parent(struct lxc_handler *handler)
 {
 	struct lxc_list *iterator;
 	struct lxc_list *network = &handler->conf->network;
@@ -3782,7 +3808,7 @@ int lxc_network_recv_veth_names_from_parent(struct lxc_handler *handler)
 		int ret;
 		struct lxc_netdev *netdev = iterator->elem;
 
-		if (netdev->type != LXC_NET_VETH)
+		if (!network_requires_advanced_setup(netdev->type))
 			continue;
 
 		ret = lxc_recv_nointr(data_sock, netdev->name, IFNAMSIZ, 0);

src/lxc/network.h

@@ -278,8 +278,8 @@ extern int lxc_requests_empty_network(struct lxc_handler *handler);
 extern int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler);
 extern int lxc_setup_network_in_child_namespaces(const struct lxc_conf *conf,
 						 struct lxc_list *network);
-extern int lxc_network_send_veth_names_to_child(struct lxc_handler *handler);
-extern int lxc_network_recv_veth_names_from_parent(struct lxc_handler *handler);
+extern int lxc_network_send_to_child(struct lxc_handler *handler);
+extern int lxc_network_recv_from_parent(struct lxc_handler *handler);
 extern int lxc_network_send_name_and_ifindex_to_parent(struct lxc_handler *handler);
 extern int lxc_network_recv_name_and_ifindex_from_child(struct lxc_handler *handler);
 extern int lxc_netns_set_nsid(int netns_fd);

src/lxc/start.c

@@ -1194,7 +1194,7 @@ static int do_start(void *data)
 		goto out_error;
 
 	if (handler->ns_clone_flags & CLONE_NEWNET) {
-		ret = lxc_network_recv_veth_names_from_parent(handler);
+		ret = lxc_network_recv_from_parent(handler);
 		if (ret < 0) {
 			ERROR("Failed to receive veth names from parent");
 			goto out_warn_father;
@@ -1839,7 +1839,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 			goto out_delete_net;
 		}
 
-		ret = lxc_network_send_veth_names_to_child(handler);
+		ret = lxc_network_send_to_child(handler);
 		if (ret < 0) {
 			ERROR("Failed to send veth names to child");
 			goto out_delete_net;