Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 644358e0d35fd07aa3057388a3cda5a048db1684 / . / src / namespace.c
blob: 1fc843906b827aad31b47c00649180c847b93636 [file] [log] [blame]
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]1#define _GNU_SOURCE
2
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]3#include <sched.h>
4#include <stdio.h>
5#include <sys/stat.h>
6#include <fcntl.h>
7#include <sys/types.h>
8#include <unistd.h>
9#include <sys/socket.h>
10
11#include <string.h>
Willy Tarreau3fa0e2a2016-03-17 05:39:53 +0100[diff] [blame]12
Willy Tarreau4c7e4b72020-05-27 12:58:42 +0200[diff] [blame]13#include <haproxy/api.h>
Willy Tarreau36979d92020-06-05 17:27:29 +0200[diff] [blame]14#include <haproxy/chunk.h>
Willy Tarreau8d366972020-05-27 16:10:29 +0200[diff] [blame]15#include <haproxy/errors.h>
Willy Tarreaudfd3de82020-06-04 23:46:14 +0200[diff] [blame]16#include <haproxy/global.h>
17#include <haproxy/hash.h>
Willy Tarreaudfd3de82020-06-04 23:46:14 +0200[diff] [blame]18#include <haproxy/namespace.h>
Willy Tarreau3727a8a2020-06-04 17:37:26 +0200[diff] [blame]19#include <haproxy/signal.h>
Willy Tarreau3fa0e2a2016-03-17 05:39:53 +0100[diff] [blame]20
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]21/* Opens the namespace <ns_name> and returns the FD or -1 in case of error
22 * (check errno).
23 */
24static int open_named_namespace(const char *ns_name)
25{
26 if (chunk_printf(&trash, "/var/run/netns/%s", ns_name) < 0)
27 return -1;
Krisztián Kovács (kkovacs)538aa712019-09-20 14:48:19 +0000[diff] [blame]28 return open(trash.area, O_RDONLY | O_CLOEXEC);
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]29}
30
31static int default_namespace = -1;
32
33static int init_default_namespace()
34{
35 if (chunk_printf(&trash, "/proc/%d/ns/net", getpid()) < 0)
36 return -1;
Krisztián Kovács (kkovacs)538aa712019-09-20 14:48:19 +0000[diff] [blame]37 default_namespace = open(trash.area, O_RDONLY | O_CLOEXEC);
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]38 return default_namespace;
39}
40
41static struct eb_root namespace_tree_root = EB_ROOT;
42
Krisztian Kovacs710d9872019-09-24 14:12:13 +0200[diff] [blame]43static void netns_sig_stop(struct sig_handler *sh)
44{
45 struct ebpt_node *node, *next;
46 struct netns_entry *entry;
47
48 /* close namespace file descriptors and remove registered namespaces from the
49 * tree when stopping */
50 node = ebpt_first(&namespace_tree_root);
51 while (node) {
52 next = ebpt_next(node);
53 ebpt_delete(node);
54 entry = container_of(node, struct netns_entry, node);
55 free(entry->node.key);
56 close(entry->fd);
57 node = next;
58 }
59}
60
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]61int netns_init(void)
62{
63 int err_code = 0;
64
65 /* if no namespaces have been defined in the config then
66 * there is no point in trying to initialize anything:
67 * my_socketat() will never be called with a valid namespace
68 * structure and thus switching back to the default namespace
69 * is not needed either */
70 if (!eb_is_empty(&namespace_tree_root)) {
71 if (init_default_namespace() < 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100[diff] [blame]72 ha_alert("Failed to open the default namespace.\n");
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]73 err_code |= ERR_ALERT | ERR_FATAL;
74 }
75 }
76
Krisztian Kovacs710d9872019-09-24 14:12:13 +0200[diff] [blame]77 signal_register_fct(0, netns_sig_stop, 0);
78
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]79 return err_code;
80}
81
82struct netns_entry* netns_store_insert(const char *ns_name)
83{
84 struct netns_entry *entry = NULL;
85 int fd = open_named_namespace(ns_name);
86 if (fd == -1)
87 goto out;
88
Vincent Bernat02779b62016-04-03 13:48:43 +0200[diff] [blame]89 entry = calloc(1, sizeof(*entry));
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]90 if (!entry)
91 goto out;
92 entry->fd = fd;
93 entry->node.key = strdup(ns_name);
94 entry->name_len = strlen(ns_name);
95 ebis_insert(&namespace_tree_root, &entry->node);
96out:
97 return entry;
98}
99
100const struct netns_entry* netns_store_lookup(const char *ns_name, size_t ns_name_len)
101{
102 struct ebpt_node *node;
103
104 node = ebis_lookup_len(&namespace_tree_root, ns_name, ns_name_len);
105 if (node)
106 return ebpt_entry(node, struct netns_entry, node);
107 else
108 return NULL;
109}
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]110
111/* Opens a socket in the namespace described by <ns> with the parameters <domain>,
112 * <type> and <protocol> and returns the FD or -1 in case of error (check errno).
113 */
114int my_socketat(const struct netns_entry *ns, int domain, int type, int protocol)
115{
116 int sock;
117
Willy Tarreau70f289c2015-10-20 15:14:07 +0200[diff] [blame]118 if (default_namespace >= 0 && ns && setns(ns->fd, CLONE_NEWNET) == -1)
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]119 return -1;
Willy Tarreau7520e4f2018-11-11 14:38:09 +0100[diff] [blame]120
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]121 sock = socket(domain, type, protocol);
122
Willy Tarreau70f289c2015-10-20 15:14:07 +0200[diff] [blame]123 if (default_namespace >= 0 && ns && setns(default_namespace, CLONE_NEWNET) == -1) {
William Dauchyf7dcdc82020-02-12 21:23:20 +0100[diff] [blame]124 if (sock >= 0)
125 close(sock);
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]126 return -1;
127 }
KOVACS Krisztianb3e54fe2014-11-17 15:11:45 +0100[diff] [blame]128 return sock;
129}
Willy Tarreaudba50022016-12-21 18:51:45 +0100[diff] [blame]130
Willy Tarreau80713382018-11-26 10:19:54 +0100[diff] [blame]131REGISTER_BUILD_OPTS("Built with network namespace support.");