Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 3727a8a0837dfb2f4188a9c3bdfc550385d71fe3 / . / src / namespace.c
blob: dfda7a5e324925fb5840d4dc6fc33b7462ef641e [file] [log] [blame]
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]1#define _GNU_SOURCE
2
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]3#include <sched.h>
4#include <stdio.h>
5#include <sys/stat.h>
6#include <fcntl.h>
7#include <sys/types.h>
8#include <unistd.h>
9#include <sys/socket.h>
10
11#include <string.h>
Willy Tarreau3fa0e2a2016-03-17 05:39:53 +0100[diff] [blame]12
Willy Tarreau4c7e4b72020-05-27 12:58:42 +0200[diff] [blame]13#include <haproxy/api.h>
Willy Tarreau7a00efb2020-06-02 17:02:59 +0200[diff] [blame]14#include <haproxy/namespace.h>
Willy Tarreau8d366972020-05-27 16:10:29 +0200[diff] [blame]15#include <haproxy/hash.h>
16#include <haproxy/errors.h>
Willy Tarreau3727a8a2020-06-04 17:37:26 +0200[diff] [blame^]17#include <haproxy/signal.h>
Willy Tarreau3fa0e2a2016-03-17 05:39:53 +0100[diff] [blame]18#include <proto/log.h>
Willy Tarreau3fa0e2a2016-03-17 05:39:53 +0100[diff] [blame]19
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]20/* Opens the namespace <ns_name> and returns the FD or -1 in case of error
21 * (check errno).
22 */
23static int open_named_namespace(const char *ns_name)
24{
25 if (chunk_printf(&trash, "/var/run/netns/%s", ns_name) < 0)
26 return -1;
Krisztián Kovács (kkovacs)538aa712019-09-20 14:48:19 +0000[diff] [blame]27 return open(trash.area, O_RDONLY | O_CLOEXEC);
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]28}
29
30static int default_namespace = -1;
31
32static int init_default_namespace()
33{
34 if (chunk_printf(&trash, "/proc/%d/ns/net", getpid()) < 0)
35 return -1;
Krisztián Kovács (kkovacs)538aa712019-09-20 14:48:19 +0000[diff] [blame]36 default_namespace = open(trash.area, O_RDONLY | O_CLOEXEC);
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]37 return default_namespace;
38}
39
40static struct eb_root namespace_tree_root = EB_ROOT;
41
Krisztian Kovacs710d9872019-09-24 14:12:13 +0200[diff] [blame]42static void netns_sig_stop(struct sig_handler *sh)
43{
44 struct ebpt_node *node, *next;
45 struct netns_entry *entry;
46
47 /* close namespace file descriptors and remove registered namespaces from the
48 * tree when stopping */
49 node = ebpt_first(&namespace_tree_root);
50 while (node) {
51 next = ebpt_next(node);
52 ebpt_delete(node);
53 entry = container_of(node, struct netns_entry, node);
54 free(entry->node.key);
55 close(entry->fd);
56 node = next;
57 }
58}
59
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]60int netns_init(void)
61{
62 int err_code = 0;
63
64 /* if no namespaces have been defined in the config then
65 * there is no point in trying to initialize anything:
66 * my_socketat() will never be called with a valid namespace
67 * structure and thus switching back to the default namespace
68 * is not needed either */
69 if (!eb_is_empty(&namespace_tree_root)) {
70 if (init_default_namespace() < 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100[diff] [blame]71 ha_alert("Failed to open the default namespace.\n");
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]72 err_code |= ERR_ALERT | ERR_FATAL;
73 }
74 }
75
Krisztian Kovacs710d9872019-09-24 14:12:13 +0200[diff] [blame]76 signal_register_fct(0, netns_sig_stop, 0);
77
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]78 return err_code;
79}
80
81struct netns_entry* netns_store_insert(const char *ns_name)
82{
83 struct netns_entry *entry = NULL;
84 int fd = open_named_namespace(ns_name);
85 if (fd == -1)
86 goto out;
87
Vincent Bernat02779b62016-04-03 13:48:43 +0200[diff] [blame]88 entry = calloc(1, sizeof(*entry));
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]89 if (!entry)
90 goto out;
91 entry->fd = fd;
92 entry->node.key = strdup(ns_name);
93 entry->name_len = strlen(ns_name);
94 ebis_insert(&namespace_tree_root, &entry->node);
95out:
96 return entry;
97}
98
99const struct netns_entry* netns_store_lookup(const char *ns_name, size_t ns_name_len)
100{
101 struct ebpt_node *node;
102
103 node = ebis_lookup_len(&namespace_tree_root, ns_name, ns_name_len);
104 if (node)
105 return ebpt_entry(node, struct netns_entry, node);
106 else
107 return NULL;
108}
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]109
110/* Opens a socket in the namespace described by <ns> with the parameters <domain>,
111 * <type> and <protocol> and returns the FD or -1 in case of error (check errno).
112 */
113int my_socketat(const struct netns_entry *ns, int domain, int type, int protocol)
114{
115 int sock;
116
Willy Tarreau70f289c2015-10-20 15:14:07 +0200[diff] [blame]117 if (default_namespace >= 0 && ns && setns(ns->fd, CLONE_NEWNET) == -1)
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]118 return -1;
Willy Tarreau7520e4f2018-11-11 14:38:09 +0100[diff] [blame]119
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]120 sock = socket(domain, type, protocol);
121
Willy Tarreau70f289c2015-10-20 15:14:07 +0200[diff] [blame]122 if (default_namespace >= 0 && ns && setns(default_namespace, CLONE_NEWNET) == -1) {
William Dauchyf7dcdc82020-02-12 21:23:20 +0100[diff] [blame]123 if (sock >= 0)
124 close(sock);
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]125 return -1;
126 }
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]127 return sock;
128}
Willy Tarreaudba50022016-12-21 18:51:45 +0100[diff] [blame]129
Willy Tarreau80713382018-11-26 10:19:54 +0100[diff] [blame]130REGISTER_BUILD_OPTS("Built with network namespace support.");