Merge pull request #1626 from brauner/2017-06-13/new_networks_parser

src/lxc/commands.c

@@ -561,12 +561,12 @@ static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
 	item = lxc_getconfig(req->data);
 	if (!item)
 		goto err1;
-	cilen = item->get(req->data, NULL, 0, handler->conf);
+	cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
 	if (cilen <= 0)
 		goto err1;
 
 	cidata = alloca(cilen + 1);
-	if (item->get(req->data, cidata, cilen + 1, handler->conf) != cilen)
+	if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
 		goto err1;
 	cidata[cilen] = '\0';
 	rsp.data = cidata;

src/lxc/conf.c

@@ -77,6 +77,7 @@
 #include "caps.h"       /* for lxc_caps_last_cap() */
 #include "cgroup.h"
 #include "conf.h"
+#include "confile_utils.h"
 #include "error.h"
 #include "log.h"
 #include "lxcaufs.h"
@@ -2325,11 +2326,12 @@ static int setup_ipv6_addr(struct lxc_list *ip, int ifindex)
 	return 0;
 }
 
-static int setup_netdev(struct lxc_netdev *netdev)
+static int lxc_setup_netdev_in_child_namespaces(struct lxc_netdev *netdev)
 {
 	char ifname[IFNAMSIZ];
-	char *current_ifname = ifname;
 	int err;
+	const char *net_type_name;
+	char *current_ifname = ifname;
 
 	/* empty network namespace */
 	if (!netdev->ifindex) {
@@ -2341,8 +2343,21 @@ static int setup_netdev(struct lxc_netdev *netdev)
 				return -1;
 			}
 		}
-		if (netdev->type != LXC_NET_VETH)
+
+		if (netdev->type == LXC_NET_EMPTY)
+			return 0;
+
+		if (netdev->type == LXC_NET_NONE)
 			return 0;
+
+		if (netdev->type != LXC_NET_VETH) {
+			net_type_name = lxc_net_type_to_str(netdev->type);
+			ERROR("%s networks are not supported for containers "
+			      "not setup up by privileged users",
+			      net_type_name);
+			return -1;
+		}
+
 		netdev->ifindex = if_nametoindex(netdev->name);
 	}
 
@@ -2507,16 +2522,18 @@ static int setup_netdev(struct lxc_netdev *netdev)
 	return 0;
 }
 
-static int setup_network(struct lxc_list *network)
+static int lxc_setup_networks_in_child_namespaces(const struct lxc_conf *conf,
+						  struct lxc_list *network)
 {
 	struct lxc_list *iterator;
 	struct lxc_netdev *netdev;
 
-	lxc_list_for_each(iterator, network) {
+	lxc_log_configured_netdevs(conf);
 
+	lxc_list_for_each(iterator, network) {
 		netdev = iterator->elem;
 
-		if (setup_netdev(netdev)) {
+		if (lxc_setup_netdev_in_child_namespaces(netdev)) {
 			ERROR("failed to setup netdev");
 			return -1;
 		}
@@ -3033,18 +3050,19 @@ int lxc_requests_empty_network(struct lxc_handler *handler)
 	return 0;
 }
 
-int lxc_create_network(struct lxc_handler *handler)
+int lxc_setup_networks_in_parent_namespaces(struct lxc_handler *handler)
 {
-	struct lxc_list *network = &handler->conf->network;
-	struct lxc_list *iterator;
+	bool am_root;
 	struct lxc_netdev *netdev;
-	int am_root = (getuid() == 0);
+	struct lxc_list *iterator;
+	struct lxc_list *network = &handler->conf->network;
 
+	/* We need to be root. */
+	am_root = (getuid() == 0);
 	if (!am_root)
 		return 0;
 
 	lxc_list_for_each(iterator, network) {
-
 		netdev = iterator->elem;
 
 		if (netdev->type < 0 || netdev->type > LXC_NET_MAXCONFTYPE) {
@@ -3053,6 +3071,24 @@ int lxc_create_network(struct lxc_handler *handler)
 			return -1;
 		}
 
+		if (netdev->type != LXC_NET_MACVLAN &&
+		    netdev->priv.macvlan_attr.mode) {
+			ERROR("Invalid macvlan.mode for a non-macvlan netdev");
+			return -1;
+		}
+
+		if (netdev->type != LXC_NET_VETH &&
+		    netdev->priv.veth_attr.pair) {
+			ERROR("Invalid veth pair for a non-veth netdev");
+			return -1;
+		}
+
+		if (netdev->type != LXC_NET_VLAN &&
+		    netdev->priv.vlan_attr.vid > 0) {
+			ERROR("Invalid vlan.id for a non-macvlan netdev");
+			return -1;
+		}
+
 		if (netdev_conf[netdev->type](handler, netdev)) {
 			ERROR("failed to create netdev");
 			return -1;
@@ -3267,9 +3303,11 @@ int lxc_assign_network(const char *lxcpath, char *lxcname,
 				INFO("mtu ignored due to insufficient privilege");
 			if (unpriv_assign_nic(lxcpath, lxcname, netdev, pid))
 				return -1;
-			// lxc-user-nic has moved the nic to the new ns.
-			// unpriv_assign_nic() fills in netdev->name.
-			// netdev->ifindex will be filed in at setup_netdev.
+			/* lxc-user-nic has moved the nic to the new ns.
+			 * unpriv_assign_nic() fills in netdev->name.
+			 * netdev->ifindex will be filed in at
+			 * lxc_setup_netdev_in_child_namespaces.
+			 */
 			continue;
 		}
 
@@ -4092,7 +4130,8 @@ int lxc_setup(struct lxc_handler *handler)
 		}
 	}
 
-	if (setup_network(&lxc_conf->network)) {
+	if (lxc_setup_networks_in_child_namespaces(lxc_conf,
+						   &lxc_conf->network)) {
 		ERROR("failed to setup the network for '%s'", name);
 		return -1;
 	}
@@ -4264,98 +4303,6 @@ int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
 	return 0;
 }
 
-static void lxc_remove_nic(struct lxc_list *it)
-{
-	struct lxc_netdev *netdev = it->elem;
-	struct lxc_list *it2,*next;
-
-	lxc_list_del(it);
-
-	free(netdev->link);
-	free(netdev->name);
-	if (netdev->type == LXC_NET_VETH)
-		free(netdev->priv.veth_attr.pair);
-	free(netdev->upscript);
-	free(netdev->hwaddr);
-	free(netdev->mtu);
-	free(netdev->ipv4_gateway);
-	free(netdev->ipv6_gateway);
-	lxc_list_for_each_safe(it2, &netdev->ipv4, next) {
-		lxc_list_del(it2);
-		free(it2->elem);
-		free(it2);
-	}
-	lxc_list_for_each_safe(it2, &netdev->ipv6, next) {
-		lxc_list_del(it2);
-		free(it2->elem);
-		free(it2);
-	}
-	free(netdev);
-	free(it);
-}
-
-/* we get passed in something like '0', '0.ipv4' or '1.ipv6' */
-int lxc_clear_nic(struct lxc_conf *c, const char *key)
-{
-	char *p1;
-	int ret, idx, i;
-	struct lxc_list *it;
-	struct lxc_netdev *netdev;
-
-	p1 = strchr(key, '.');
-	if (!p1 || *(p1+1) == '\0')
-		p1 = NULL;
-
-	ret = sscanf(key, "%d", &idx);
-	if (ret != 1) return -1;
-	if (idx < 0)
-		return -1;
-
-	i = 0;
-	lxc_list_for_each(it, &c->network) {
-		if (i == idx)
-			break;
-		i++;
-	}
-	if (i < idx)  // we don't have that many nics defined
-		return -1;
-
-	if (!it || !it->elem)
-		return -1;
-
-	netdev = it->elem;
-
-	if (!p1) {
-		lxc_remove_nic(it);
-	} else if (strcmp(p1, ".ipv4") == 0) {
-		struct lxc_list *it2,*next;
-		lxc_list_for_each_safe(it2, &netdev->ipv4, next) {
-			lxc_list_del(it2);
-			free(it2->elem);
-			free(it2);
-		}
-	} else if (strcmp(p1, ".ipv6") == 0) {
-		struct lxc_list *it2,*next;
-		lxc_list_for_each_safe(it2, &netdev->ipv6, next) {
-			lxc_list_del(it2);
-			free(it2->elem);
-			free(it2);
-		}
-	}
-		else return -1;
-
-	return 0;
-}
-
-int lxc_clear_config_network(struct lxc_conf *c)
-{
-	struct lxc_list *it,*next;
-	lxc_list_for_each_safe(it, &c->network, next) {
-		lxc_remove_nic(it);
-	}
-	return 0;
-}
-
 int lxc_clear_config_caps(struct lxc_conf *c)
 {
 	struct lxc_list *it,*next;
@@ -4578,7 +4525,7 @@ void lxc_conf_free(struct lxc_conf *conf)
 	free(conf->unexpanded_config);
 	free(conf->pty_names);
 	free(conf->syslog);
-	lxc_clear_config_network(conf);
+	lxc_free_networks(&conf->network);
 	free(conf->lsm_aa_profile);
 	free(conf->lsm_se_context);
 	lxc_seccomp_free(conf);

src/lxc/conf.h

@@ -121,8 +121,10 @@ union netdev_p {
  * @ipv6       : a list of ipv6 addresses to be set on the network device
  * @upscript   : a script filename to be executed during interface configuration
  * @downscript : a script filename to be executed during interface destruction
+ * @idx        : network counter
  */
 struct lxc_netdev {
+	ssize_t idx;
 	int type;
 	int flags;
 	int ifindex;
@@ -430,7 +432,7 @@ extern void lxc_conf_free(struct lxc_conf *conf);
 extern int pin_rootfs(const char *rootfs);
 
 extern int lxc_requests_empty_network(struct lxc_handler *handler);
-extern int lxc_create_network(struct lxc_handler *handler);
+extern int lxc_setup_networks_in_parent_namespaces(struct lxc_handler *handler);
 extern bool lxc_delete_network(struct lxc_handler *handler);
 extern int lxc_assign_network(const char *lxcpath, char *lxcname,
 			      struct lxc_list *networks, pid_t pid);
@@ -440,8 +442,6 @@ extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
 extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
 extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
 
-extern int lxc_clear_config_network(struct lxc_conf *c);
-extern int lxc_clear_nic(struct lxc_conf *c, const char *key);
 extern int lxc_clear_config_caps(struct lxc_conf *c);
 extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
 extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);

src/lxc/confile.h

@@ -31,9 +31,11 @@
 struct lxc_conf;
 struct lxc_list;
 
-typedef int (*config_set_cb)(const char *, const char *, struct lxc_conf *);
-typedef int (*config_get_cb)(const char *, char *, int, struct lxc_conf *);
-typedef int (*config_clr_cb)(const char *key, struct lxc_conf *c);
+typedef int (*config_set_cb)(const char *, const char *, struct lxc_conf *,
+			     void *data);
+typedef int (*config_get_cb)(const char *, char *, int, struct lxc_conf *,
+			     void *);
+typedef int (*config_clr_cb)(const char *, struct lxc_conf *c, void *data);
 struct lxc_config_t {
 	char *name;
 	config_set_cb set;

src/lxc/confile_utils.c

@@ -17,11 +17,23 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
+#include "config.h"
+
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
+#include <arpa/inet.h>
 
+#include "conf.h"
+#include "confile.h"
+#include "confile_utils.h"
+#include "error.h"
+#include "log.h"
+#include "list.h"
 #include "utils.h"
 
+lxc_log_define(lxc_confile_utils, lxc);
+
 int parse_idmaps(const char *idmap, char *type, unsigned long *nsid,
 		 unsigned long *hostid, unsigned long *range)
 {
@@ -146,3 +158,289 @@ on_error:
 
 	return ret;
 }
+
+bool lxc_config_value_empty(const char *value)
+{
+	if (value && strlen(value) > 0)
+		return false;
+
+	return true;
+}
+
+struct lxc_netdev *lxc_network_add(struct lxc_list *networks, int idx, bool tail)
+{
+	struct lxc_list *newlist;
+	struct lxc_netdev *netdev = NULL;
+
+	/* network does not exist */
+	netdev = malloc(sizeof(*netdev));
+	if (!netdev)
+		return NULL;
+
+	memset(netdev, 0, sizeof(*netdev));
+	lxc_list_init(&netdev->ipv4);
+	lxc_list_init(&netdev->ipv6);
+
+	/* give network a unique index */
+	netdev->idx = idx;
+
+	/* prepare new list */
+	newlist = malloc(sizeof(*newlist));
+	if (!newlist) {
+		free(netdev);
+		return NULL;
+	}
+
+	lxc_list_init(newlist);
+	newlist->elem = netdev;
+
+	if (tail)
+		lxc_list_add_tail(networks, newlist);
+	else
+		lxc_list_add(networks, newlist);
+	return netdev;
+}
+
+/* Takes care of finding the correct netdev struct in the networks list or
+ * allocates a new one if it couldn't be found.
+ */
+struct lxc_netdev *lxc_get_netdev_by_idx(struct lxc_conf *conf,
+					 unsigned int idx, bool allocate)
+{
+	struct lxc_netdev *netdev = NULL;
+	struct lxc_list *networks = &conf->network;
+	struct lxc_list *insert = networks;
+
+	/* lookup network */
+	if (!lxc_list_empty(networks)) {
+		lxc_list_for_each(insert, networks) {
+			netdev = insert->elem;
+			if (netdev->idx == idx)
+				return netdev;
+			else if (netdev->idx > idx)
+				break;
+		}
+	}
+
+	if (!allocate)
+		return NULL;
+
+	return lxc_network_add(insert, idx, true);
+}
+
+void lxc_log_configured_netdevs(const struct lxc_conf *conf)
+{
+	struct lxc_netdev *netdev;
+	struct lxc_list *it = (struct lxc_list *)&conf->network;;
+
+	if ((conf->loglevel != LXC_LOG_LEVEL_TRACE) &&
+	    (lxc_log_get_level() != LXC_LOG_LEVEL_TRACE))
+		return;
+
+	if (lxc_list_empty(it)) {
+		TRACE("container has no networks configured");
+		return;
+	}
+
+	lxc_list_for_each(it, &conf->network) {
+		struct lxc_list *cur, *next;
+		struct lxc_inetdev *inet4dev;
+		struct lxc_inet6dev *inet6dev;
+		char bufinet4[INET_ADDRSTRLEN], bufinet6[INET6_ADDRSTRLEN];
+
+		netdev = it->elem;
+
+		TRACE("index: %zd", netdev->idx);
+		switch (netdev->type) {
+		case LXC_NET_VETH:
+			TRACE("type: veth");
+			if (netdev->priv.veth_attr.pair)
+				TRACE("veth pair: %s",
+				      netdev->priv.veth_attr.pair);
+			break;
+		case LXC_NET_MACVLAN:
+			TRACE("type: macvlan");
+			if (netdev->priv.macvlan_attr.mode > 0) {
+				char *macvlan_mode;
+				macvlan_mode = lxc_macvlan_flag_to_mode(
+				    netdev->priv.macvlan_attr.mode);
+				TRACE("macvlan mode: %s",
+				      macvlan_mode ? macvlan_mode
+						   : "(invalid mode)");
+			}
+			break;
+		case LXC_NET_VLAN:
+			TRACE("type: vlan");
+			TRACE("vlan id: %d", netdev->priv.vlan_attr.vid);
+			break;
+		case LXC_NET_PHYS:
+			TRACE("type: phys");
+			break;
+		case LXC_NET_EMPTY:
+			TRACE("type: empty");
+			break;
+		case LXC_NET_NONE:
+			TRACE("type: none");
+			break;
+		default:
+			ERROR("invalid network type %d", netdev->type);
+			return;
+		}
+
+		if (netdev->type != LXC_NET_EMPTY) {
+			TRACE("flags: %s",
+			      netdev->flags == IFF_UP ? "up" : "none");
+			if (netdev->link)
+				TRACE("link: %s", netdev->link);
+			if (netdev->name)
+				TRACE("name: %s", netdev->name);
+			if (netdev->hwaddr)
+				TRACE("hwaddr: %s", netdev->hwaddr);
+			if (netdev->mtu)
+				TRACE("mtu: %s", netdev->mtu);
+			if (netdev->upscript)
+				TRACE("upscript: %s", netdev->upscript);
+			if (netdev->downscript)
+				TRACE("downscript: %s", netdev->downscript);
+
+			TRACE("ipv4 gateway auto: %s",
+			      netdev->ipv4_gateway_auto ? "true" : "false");
+
+			if (netdev->ipv4_gateway) {
+				inet_ntop(AF_INET, netdev->ipv4_gateway,
+					  bufinet4, sizeof(bufinet4));
+				TRACE("ipv4 gateway: %s", bufinet4);
+			}
+
+			lxc_list_for_each_safe(cur, &netdev->ipv4, next) {
+				inet4dev = cur->elem;
+				inet_ntop(AF_INET, &inet4dev->addr, bufinet4,
+					  sizeof(bufinet4));
+				TRACE("ipv4 addr: %s", bufinet4);
+			}
+
+			TRACE("ipv6 gateway auto: %s",
+			      netdev->ipv6_gateway_auto ? "true" : "false");
+			if (netdev->ipv6_gateway) {
+				inet_ntop(AF_INET6, netdev->ipv6_gateway,
+					  bufinet6, sizeof(bufinet6));
+				TRACE("ipv6 gateway: %s", bufinet6);
+			}
+			lxc_list_for_each_safe(cur, &netdev->ipv6, next) {
+				inet6dev = cur->elem;
+				inet_ntop(AF_INET6, &inet6dev->addr, bufinet6,
+					  sizeof(bufinet6));
+				TRACE("ipv6 addr: %s", bufinet6);
+			}
+		}
+	}
+}
+
+static void lxc_free_netdev(struct lxc_netdev *netdev)
+{
+	struct lxc_list *cur, *next;
+
+	free(netdev->link);
+	free(netdev->name);
+	if (netdev->type == LXC_NET_VETH)
+		free(netdev->priv.veth_attr.pair);
+	free(netdev->upscript);
+	free(netdev->downscript);
+	free(netdev->hwaddr);
+	free(netdev->mtu);
+
+	free(netdev->ipv4_gateway);
+	lxc_list_for_each_safe(cur, &netdev->ipv4, next) {
+		lxc_list_del(cur);
+		free(cur->elem);
+		free(cur);
+	}
+
+	free(netdev->ipv6_gateway);
+	lxc_list_for_each_safe(cur, &netdev->ipv6, next) {
+		lxc_list_del(cur);
+		free(cur->elem);
+		free(cur);
+	}
+
+	free(netdev);
+}
+
+bool lxc_remove_nic_by_idx(struct lxc_conf *conf, unsigned int idx)
+{
+	struct lxc_list *cur, *next;
+	struct lxc_netdev *netdev;
+	bool found = false;
+
+	lxc_list_for_each_safe(cur, &conf->network, next) {
+		netdev = cur->elem;
+		if (netdev->idx != idx)
+			continue;
+
+		lxc_list_del(cur);
+		found = true;
+		break;
+	}
+
+	if (!found)
+		return false;
+
+	lxc_free_netdev(netdev);
+	free(cur);
+
+	return true;
+}
+
+void lxc_free_networks(struct lxc_list *networks)
+{
+	struct lxc_list *cur, *next;
+	struct lxc_netdev *netdev;
+
+	lxc_list_for_each_safe(cur, networks, next) {
+		netdev = cur->elem;
+		lxc_free_netdev(netdev);
+		free(cur);
+	}
+
+	/* prevent segfaults */
+	lxc_list_init(networks);
+}
+
+static struct macvlan_mode {
+	char *name;
+	int mode;
+} macvlan_mode[] = {
+    { "private",  MACVLAN_MODE_PRIVATE  },
+    { "vepa",     MACVLAN_MODE_VEPA     },
+    { "bridge",   MACVLAN_MODE_BRIDGE   },
+    { "passthru", MACVLAN_MODE_PASSTHRU },
+};
+
+int lxc_macvlan_mode_to_flag(int *mode, const char *value)
+{
+	size_t i;
+
+	for (i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) {
+		if (strcmp(macvlan_mode[i].name, value))
+			continue;
+
+		*mode = macvlan_mode[i].mode;
+		return 0;
+	}
+
+	return -1;
+}
+
+char *lxc_macvlan_flag_to_mode(int mode)
+{
+	size_t i;
+
+	for (i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) {
+		if (macvlan_mode[i].mode == mode)
+			continue;
+
+		return macvlan_mode[i].name;
+	}
+
+	return NULL;
+}

src/lxc/confile_utils.h

@@ -20,7 +20,38 @@
 #ifndef __LXC_CONFILE_UTILS_H
 #define __LXC_CONFILE_UTILS_H
 
+#include <stdbool.h>
+
+#include "conf.h"
+
+#ifndef MACVLAN_MODE_PRIVATE
+#define MACVLAN_MODE_PRIVATE 1
+#endif
+
+#ifndef MACVLAN_MODE_VEPA
+#define MACVLAN_MODE_VEPA 2
+#endif
+
+#ifndef MACVLAN_MODE_BRIDGE
+#define MACVLAN_MODE_BRIDGE 4
+#endif
+
+#ifndef MACVLAN_MODE_PASSTHRU
+#define MACVLAN_MODE_PASSTHRU 8
+#endif
+
 extern int parse_idmaps(const char *idmap, char *type, unsigned long *nsid,
 			unsigned long *hostid, unsigned long *range);
 
+extern bool lxc_config_value_empty(const char *value);
+extern struct lxc_netdev *lxc_network_add(struct lxc_list *networks, int idx,
+					  bool tail);
+extern struct lxc_netdev *
+lxc_get_netdev_by_idx(struct lxc_conf *conf, unsigned int idx, bool allocate);
+extern void lxc_log_configured_netdevs(const struct lxc_conf *conf);
+extern bool lxc_remove_nic_by_idx(struct lxc_conf *conf, unsigned int idx);
+extern void lxc_free_networks(struct lxc_list *networks);
+extern int lxc_macvlan_mode_to_flag(int *mode, const char *value);
+extern char *lxc_macvlan_flag_to_mode(int mode);
+
 #endif /* __LXC_CONFILE_UTILS_H */

src/lxc/lxccontainer.c

@@ -1722,7 +1722,7 @@ static bool do_lxcapi_clear_config_item(struct lxc_container *c,
 	 * implemented.
 	 */
 	if (config && config->clr)
-		ret = config->clr(key, c->lxc_conf);
+		ret = config->clr(key, c->lxc_conf, NULL);
 	if (!ret)
 		do_clear_unexp_config_line(c->lxc_conf, key);
 
@@ -2038,7 +2038,7 @@ static int do_lxcapi_get_config_item(struct lxc_container *c, const char *key, c
 	 * implemented.
 	 */
 	if (config && config->get)
-		ret = config->get(key, retv, inlen, c->lxc_conf);
+		ret = config->get(key, retv, inlen, c->lxc_conf, NULL);
 
 	container_mem_unlock(c);
 	return ret;
@@ -2511,7 +2511,7 @@ static bool set_config_item_locked(struct lxc_container *c, const char *key, con
 	config = lxc_getconfig(key);
 	if (!config)
 		return false;
-	if (config->set(key, v, c->lxc_conf) != 0)
+	if (config->set(key, v, c->lxc_conf, NULL) != 0)
 		return false;
 	return do_append_unexp_config_line(c->lxc_conf, key, v);
 }

src/lxc/start.c

@@ -1239,7 +1239,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 			/* That should be done before the clone because we will
 			 * fill the netdev index and use them in the child.
 			 */
-			if (lxc_create_network(handler)) {
+			if (lxc_setup_networks_in_parent_namespaces(handler)) {
 				ERROR("Failed to create the network.");
 				lxc_sync_fini(handler);
 				return -1;

src/tests/get_item.c

@@ -298,7 +298,7 @@ int main(int argc, char *argv[])
 	}
 	printf("%d: get_config_item(lxc.network) returned %d %s\n", __LINE__, ret, v2);
 
-	if (!c->set_config_item(c, "lxc.network.ipv4", "10.2.3.4")) {
+	if (!c->set_config_item(c, "lxc.network.0.ipv4", "10.2.3.4")) {
 		fprintf(stderr, "%d: failed to set ipv4\n", __LINE__);
 		goto out;
 	}
@@ -318,7 +318,7 @@ int main(int argc, char *argv[])
 		goto out;
 	}
 
-	if (!c->set_config_item(c, "lxc.network.ipv4.gateway", "10.2.3.254")) {
+	if (!c->set_config_item(c, "lxc.network.0.ipv4.gateway", "10.2.3.254")) {
 		fprintf(stderr, "%d: failed to set ipv4.gateway\n", __LINE__);
 		goto out;
 	}