[lxc-devel] [PATCH 1/1] lxc-user-nic: use common code from network.c

Stéphane Graber stgraber at ubuntu.com
Mon Nov 25 19:44:36 UTC 2013


On Fri, Nov 22, 2013 at 08:04:59PM -0600, Serge Hallyn wrote:
> This pulls a lot of common code out of lxc_user_nic.c.  It also
> moves one function from conf.c that was duplicated in lxc_user_nic.c
> (It removes a DEBUG statement because (a) it doesn't seem actually
> useful and (b) DEBUG doesn't work in network.c).
> 
> Also replace the old test of only parsing code with a skeleton for
> a full test.  (Note - the test will need some work, it's just there
> as do-what-i-mean code example)
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Wow, this is much cleaner!

I'm assuming that those functions you moved over are identical (didn't
re-check the code within those) and I didn't do a test-run of the new
script but I'm also assuming you did.

Thanks for the cleanup!

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/Makefile.am        |   2 +-
>  src/lxc/conf.c             |  41 -----
>  src/lxc/lxc_user_nic.c     | 403 +--------------------------------------------
>  src/lxc/network.c          |  45 ++++-
>  src/lxc/network.h          |   4 +
>  src/tests/Makefile.am      |   4 +-
>  src/tests/lxc-test-usernic | 126 +++++++++++---
>  7 files changed, 156 insertions(+), 469 deletions(-)
> 
> diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
> index bcb644e..6534381 100644
> --- a/src/lxc/Makefile.am
> +++ b/src/lxc/Makefile.am
> @@ -222,7 +222,7 @@ lxc_kill_SOURCES = lxc_kill.c
>  lxc_create_SOURCES = lxc_create.c
>  lxc_snapshot_SOURCES = lxc_snapshot.c
>  lxc_usernsexec_SOURCES = lxc_usernsexec.c
> -lxc_user_nic_SOURCES = lxc_user_nic.c
> +lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h
>  
>  install-exec-local: install-soPROGRAMS
>  	mkdir -p $(DESTDIR)$(datadir)/lxc
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 4b786b1..860fc5b 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2583,47 +2583,6 @@ void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf)
>  	free(conf->saved_nics);
>  }
>  
> -static int setup_private_host_hw_addr(char *veth1)
> -{
> -	struct ifreq ifr;
> -	int err;
> -	int sockfd;
> -
> -	process_lock();
> -	sockfd = socket(AF_INET, SOCK_DGRAM, 0);
> -	process_unlock();
> -	if (sockfd < 0)
> -		return -errno;
> -
> -	snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
> -	err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
> -	if (err < 0) {
> -		process_lock();
> -		close(sockfd);
> -		process_unlock();
> -		return -errno;
> -	}
> -
> -	ifr.ifr_hwaddr.sa_data[0] = 0xfe;
> -	err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
> -	process_lock();
> -	close(sockfd);
> -	process_unlock();
> -	if (err < 0)
> -		return -errno;
> -
> -	DEBUG("mac address of host interface '%s' changed to private "
> -	      "%02x:%02x:%02x:%02x:%02x:%02x", veth1,
> -	      ifr.ifr_hwaddr.sa_data[0] & 0xff,
> -	      ifr.ifr_hwaddr.sa_data[1] & 0xff,
> -	      ifr.ifr_hwaddr.sa_data[2] & 0xff,
> -	      ifr.ifr_hwaddr.sa_data[3] & 0xff,
> -	      ifr.ifr_hwaddr.sa_data[4] & 0xff,
> -	      ifr.ifr_hwaddr.sa_data[5] & 0xff);
> -
> -	return 0;
> -}
> -
>  static char *default_rootfs_mount = LXCROOTFSMOUNT;
>  
>  struct lxc_conf *lxc_conf_init(void)
> diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
> index 952fe14..af1e944 100644
> --- a/src/lxc/lxc_user_nic.c
> +++ b/src/lxc/lxc_user_nic.c
> @@ -45,51 +45,9 @@
>  #include <linux/rtnetlink.h>
>  #include <linux/sockios.h>
>  #include <sys/param.h>
> -#include <sched.h>
>  #include "config.h"
>  #include "utils.h"
> -
> -#if ISTEST
> -#define CONF_FILE "/tmp/lxc-usernet"
> -#define DB_FILE "/tmp/nics"
> -#else
> -#define CONF_FILE LXC_USERNIC_CONF
> -#define DB_FILE LXC_USERNIC_DB
> -#endif
> -
> -#include "nl.h"
> -
> -#ifndef IFLA_LINKMODE
> -#  define IFLA_LINKMODE 17
> -#endif
> -
> -#ifndef IFLA_LINKINFO
> -#  define IFLA_LINKINFO 18
> -#endif
> -
> -#ifndef IFLA_NET_NS_PID
> -#  define IFLA_NET_NS_PID 19
> -#endif
> -
> -#ifndef IFLA_INFO_KIND
> -# define IFLA_INFO_KIND 1
> -#endif
> -
> -#ifndef IFLA_VLAN_ID
> -# define IFLA_VLAN_ID 1
> -#endif
> -
> -#ifndef IFLA_INFO_DATA
> -#  define IFLA_INFO_DATA 2
> -#endif
> -
> -#ifndef VETH_INFO_PEER
> -# define VETH_INFO_PEER 1
> -#endif
> -
> -#ifndef IFLA_MACVLAN_MODE
> -# define IFLA_MACVLAN_MODE 1
> -#endif
> +#include "network.h"
>  
>  void usage(char *me, bool fail)
>  {
> @@ -146,14 +104,14 @@ static char *get_username(void)
>   */
>  static int get_alloted(char *me, char *intype, char *link)
>  {
> -	FILE *fin = fopen(CONF_FILE, "r");
> +	FILE *fin = fopen(LXC_USERNIC_CONF, "r");
>  	char *line = NULL;
>  	char user[100], type[100], br[100];
>  	size_t len = 0;
>  	int n = -1, ret;
>  
>  	if (!fin) {
> -		fprintf(stderr, "Failed to open %s: %s\n", CONF_FILE,
> +		fprintf(stderr, "Failed to open %s: %s\n", LXC_USERNIC_CONF,
>  			strerror(errno));
>  		return -1;
>  	}
> @@ -229,11 +187,7 @@ static bool nic_exists(char *nic)
>  	int ret;
>  	struct stat sb;
>  
> -#if ISTEST
> -	ret = snprintf(path, MAXPATHLEN, "/tmp/lxcnettest/%s", nic);
> -#else
>  	ret = snprintf(path, MAXPATHLEN, "/sys/class/net/%s", nic);
> -#endif
>  	if (ret < 0 || ret >= MAXPATHLEN) // should never happen!
>  		return true;
>  	ret = stat(path, &sb);
> @@ -242,198 +196,6 @@ static bool nic_exists(char *nic)
>  	return true;
>  }
>  
> -struct link_req {
> -	struct nlmsg nlmsg;
> -	struct ifinfomsg ifinfomsg;
> -};
> -
> -#if ! ISTEST
> -
> -static int lxc_veth_create(const char *name1, const char *name2)
> -{
> -	struct nl_handler nlh;
> -	struct nlmsg *nlmsg = NULL, *answer = NULL;
> -	struct link_req *link_req;
> -	struct rtattr *nest1, *nest2, *nest3;
> -	int len, err;
> -
> -	err = netlink_open(&nlh, NETLINK_ROUTE);
> -	if (err)
> -		return err;
> -
> -	err = -EINVAL;
> -	len = strlen(name1);
> -	if (len == 1 || len >= IFNAMSIZ)
> -		goto out;
> -
> -	len = strlen(name2);
> -	if (len == 1 || len >= IFNAMSIZ)
> -		goto out;
> -
> -	err = -ENOMEM;
> -	nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!nlmsg)
> -		goto out;
> -
> -	answer = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!answer)
> -		goto out;
> -
> -	link_req = (struct link_req *)nlmsg;
> -	link_req->ifinfomsg.ifi_family = AF_UNSPEC;
> -	nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
> -	nlmsg->nlmsghdr.nlmsg_flags =
> -		NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL|NLM_F_ACK;
> -	nlmsg->nlmsghdr.nlmsg_type = RTM_NEWLINK;
> -
> -	err = -EINVAL;
> -	nest1 = nla_begin_nested(nlmsg, IFLA_LINKINFO);
> -	if (!nest1)
> -		goto out;
> -
> -	if (nla_put_string(nlmsg, IFLA_INFO_KIND, "veth"))
> -		goto out;
> -
> -	nest2 = nla_begin_nested(nlmsg, IFLA_INFO_DATA);
> -	if (!nest2)
> -		goto out;
> -
> -	nest3 = nla_begin_nested(nlmsg, VETH_INFO_PEER);
> -	if (!nest3)
> -		goto out;
> -
> -	nlmsg->nlmsghdr.nlmsg_len += sizeof(struct ifinfomsg);
> -
> -	if (nla_put_string(nlmsg, IFLA_IFNAME, name2))
> -		goto out;
> -
> -	nla_end_nested(nlmsg, nest3);
> -
> -	nla_end_nested(nlmsg, nest2);
> -
> -	nla_end_nested(nlmsg, nest1);
> -
> -	if (nla_put_string(nlmsg, IFLA_IFNAME, name1))
> -		goto out;
> -
> -	err = netlink_transaction(&nlh, nlmsg, answer);
> -out:
> -	netlink_close(&nlh);
> -	nlmsg_free(answer);
> -	nlmsg_free(nlmsg);
> -	return err;
> -}
> -
> -static int lxc_netdev_move(char *ifname, pid_t pid)
> -{
> -	struct nl_handler nlh;
> -	struct nlmsg *nlmsg = NULL;
> -	struct link_req *link_req;
> -	int err, index;
> -
> -	index = if_nametoindex(ifname);
> -	if (!ifname)
> -		return -EINVAL;
> -
> -	err = netlink_open(&nlh, NETLINK_ROUTE);
> -	if (err)
> -		return err;
> -
> -	err = -ENOMEM;
> -	nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!nlmsg)
> -		goto out;
> -
> -	link_req = (struct link_req *)nlmsg;
> -	link_req->ifinfomsg.ifi_family = AF_UNSPEC;
> -	link_req->ifinfomsg.ifi_index = index;
> -	nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
> -	nlmsg->nlmsghdr.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK;
> -	nlmsg->nlmsghdr.nlmsg_type = RTM_NEWLINK;
> -
> -	if (nla_put_u32(nlmsg, IFLA_NET_NS_PID, pid))
> -		goto out;
> -
> -	err = netlink_transaction(&nlh, nlmsg, nlmsg);
> -out:
> -	netlink_close(&nlh);
> -	nlmsg_free(nlmsg);
> -	return err;
> -}
> -
> -static int setup_private_host_hw_addr(char *veth1)
> -{
> -	struct ifreq ifr;
> -	int err;
> -	int sockfd;
> -
> -	sockfd = socket(AF_INET, SOCK_DGRAM, 0);
> -	if (sockfd < 0)
> -		return -errno;
> -
> -	snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
> -	err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
> -	if (err < 0) {
> -		close(sockfd);
> -		return -errno;
> -	}
> -
> -	ifr.ifr_hwaddr.sa_data[0] = 0xfe;
> -	err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
> -	close(sockfd);
> -	if (err < 0)
> -		return -errno;
> -
> -	return 0;
> -}
> -
> -static int netdev_set_flag(const char *name, int flag)
> -{
> -	struct nl_handler nlh;
> -	struct nlmsg *nlmsg = NULL, *answer = NULL;
> -	struct link_req *link_req;
> -	int index, len, err;
> -
> -	err = netlink_open(&nlh, NETLINK_ROUTE);
> -	if (err)
> -		return err;
> -
> -	err = -EINVAL;
> -	len = strlen(name);
> -	if (len == 1 || len >= IFNAMSIZ)
> -		goto out;
> -
> -	err = -ENOMEM;
> -	nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!nlmsg)
> -		goto out;
> -
> -	answer = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!answer)
> -		goto out;
> -
> -	err = -EINVAL;
> -	index = if_nametoindex(name);
> -	if (!index)
> -		goto out;
> -
> -	link_req = (struct link_req *)nlmsg;
> -	link_req->ifinfomsg.ifi_family = AF_UNSPEC;
> -	link_req->ifinfomsg.ifi_index = index;
> -	link_req->ifinfomsg.ifi_change |= IFF_UP;
> -	link_req->ifinfomsg.ifi_flags |= flag;
> -	nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
> -	nlmsg->nlmsghdr.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK;
> -	nlmsg->nlmsghdr.nlmsg_type = RTM_NEWLINK;
> -
> -	err = netlink_transaction(&nlh, nlmsg, answer);
> -out:
> -	netlink_close(&nlh);
> -	nlmsg_free(nlmsg);
> -	nlmsg_free(answer);
> -	return err;
> -}
> -
>  static int instanciate_veth(char *n1, char **n2)
>  {
>  	int err;
> @@ -463,99 +225,8 @@ static int instanciate_veth(char *n1, char **n2)
>  	return netdev_set_flag(n1, IFF_UP);
>  }
>  
> -static int lxc_bridge_attach(const char *bridge, const char *ifname)
> -{
> -	int fd, index, err;
> -	struct ifreq ifr;
> -
> -	if (strlen(ifname) >= IFNAMSIZ)
> -		return -EINVAL;
> -
> -	index = if_nametoindex(ifname);
> -	if (!index)
> -		return -EINVAL;
> -
> -	fd = socket(AF_INET, SOCK_STREAM, 0);
> -	if (fd < 0)
> -		return -errno;
> -
> -	strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
> -	ifr.ifr_name[IFNAMSIZ-1] = '\0';
> -	ifr.ifr_ifindex = index;
> -	err = ioctl(fd, SIOCBRADDIF, &ifr);
> -	close(fd);
> -	if (err)
> -		err = -errno;
> -
> -	return err;
> -}
> -
> -static int lxc_netdev_delete_by_index(int ifindex)
> -{
> -	struct nl_handler nlh;
> -	struct nlmsg *nlmsg = NULL, *answer = NULL;
> -	struct link_req *link_req;
> -	int err;
> -
> -	err = netlink_open(&nlh, NETLINK_ROUTE);
> -	if (err)
> -		return err;
> -
> -	err = -ENOMEM;
> -	nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!nlmsg)
> -		goto out;
> -
> -	answer = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!answer)
> -		goto out;
> -
> -	link_req = (struct link_req *)nlmsg;
> -	link_req->ifinfomsg.ifi_family = AF_UNSPEC;
> -	link_req->ifinfomsg.ifi_index = ifindex;
> -	nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
> -	nlmsg->nlmsghdr.nlmsg_flags = NLM_F_ACK|NLM_F_REQUEST;
> -	nlmsg->nlmsghdr.nlmsg_type = RTM_DELLINK;
> -
> -	err = netlink_transaction(&nlh, nlmsg, answer);
> -out:
> -	netlink_close(&nlh);
> -	nlmsg_free(answer);
> -	nlmsg_free(nlmsg);
> -	return err;
> -}
> -
> -static int lxc_netdev_delete_by_name(const char *name)
> -{
> -	int index;
> -
> -	index = if_nametoindex(name);
> -	if (!index)
> -		return -EINVAL;
> -
> -	return lxc_netdev_delete_by_index(index);
> -}
> -#else
> -static int lxc_netdev_delete_by_name(const char *name)
> -{
> -	char path[200];
> -	sprintf(path, "/tmp/lxcnettest/%s", name);
> -	return unlink(path);
> -}
> -
> -#endif
> -
>  static bool create_nic(char *nic, char *br, int pid, char **cnic)
>  {
> -#if ISTEST
> -	char path[200];
> -	sprintf(path, "/tmp/lxcnettest/%s", nic);
> -	int fd = open(path, O_RDWR|O_CREAT, S_IWUSR | S_IRUSR);
> -	if (fd < 0)
> -		return false;
> -	close(fd);
> -	return true;
> -#else
>  	char *veth1buf, *veth2buf;
>  	veth1buf = alloca(IFNAMSIZ);
>  	veth2buf = alloca(IFNAMSIZ);
> @@ -580,7 +251,7 @@ static bool create_nic(char *nic, char *br, int pid, char **cnic)
>  	}
>  
>  	/* pass veth2 to target netns */
> -	ret = lxc_netdev_move(veth2buf, pid);
> +	ret = lxc_netdev_move_by_name(veth2buf, pid);
>  	if (ret < 0) {
>  		fprintf(stderr, "Error moving %s to netns %d\n", veth2buf, pid);
>  		goto out_del;
> @@ -591,7 +262,6 @@ static bool create_nic(char *nic, char *br, int pid, char **cnic)
>  out_del:
>  	lxc_netdev_delete_by_name(veth1buf);
>  	return false;
> -#endif
>  }
>  
>  /*
> @@ -775,65 +445,6 @@ again:
>  	goto again;
>  }
>  
> -static int lxc_netdev_rename_by_index(int ifindex, const char *newname)
> -{
> -	struct nl_handler nlh;
> -	struct nlmsg *nlmsg = NULL, *answer = NULL;
> -	struct link_req *link_req;
> -	int len, err;
> -
> -	err = netlink_open(&nlh, NETLINK_ROUTE);
> -	if (err)
> -		return err;
> -
> -	len = strlen(newname);
> -	if (len == 1 || len >= IFNAMSIZ)
> -		goto out;
> -
> -	err = -ENOMEM;
> -	nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!nlmsg)
> -		goto out;
> -
> -	answer = nlmsg_alloc(NLMSG_GOOD_SIZE);
> -	if (!answer)
> -		goto out;
> -
> -	link_req = (struct link_req *)nlmsg;
> -	link_req->ifinfomsg.ifi_family = AF_UNSPEC;
> -	link_req->ifinfomsg.ifi_index = ifindex;
> -	nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
> -	nlmsg->nlmsghdr.nlmsg_flags = NLM_F_ACK|NLM_F_REQUEST;
> -	nlmsg->nlmsghdr.nlmsg_type = RTM_NEWLINK;
> -
> -	if (nla_put_string(nlmsg, IFLA_IFNAME, newname))
> -		goto out;
> -
> -	err = netlink_transaction(&nlh, nlmsg, answer);
> -out:
> -	netlink_close(&nlh);
> -	nlmsg_free(answer);
> -	nlmsg_free(nlmsg);
> -	return err;
> -}
> -
> -static int lxc_netdev_rename_by_name(const char *oldname, const char *newname)
> -{
> -	int len, index;
> -
> -	len = strlen(oldname);
> -	if (len == 1 || len >= IFNAMSIZ)
> -		return -EINVAL;
> -
> -	index = if_nametoindex(oldname);
> -	if (!index) {
> -		fprintf(stderr, "Error getting ifindex for %s\n", oldname);
> -		return -EINVAL;
> -	}
> -
> -	return lxc_netdev_rename_by_index(index, newname);
> -}
> -
>  static int rename_in_ns(int pid, char *oldname, char *newname)
>  {
>  	char nspath[MAXPATHLEN];
> @@ -952,13 +563,13 @@ int main(int argc, char *argv[])
>  		exit(1);
>  	}
>  
> -	if (!create_db_dir(DB_FILE)) {
> +	if (!create_db_dir(LXC_USERNIC_DB)) {
>  		fprintf(stderr, "Failed to create directory for db file\n");
>  		exit(1);
>  	}
>  
> -	if ((fd = open_and_lock(DB_FILE)) < 0) {
> -		fprintf(stderr, "Failed to lock %s\n", DB_FILE);
> +	if ((fd = open_and_lock(LXC_USERNIC_DB)) < 0) {
> +		fprintf(stderr, "Failed to lock %s\n", LXC_USERNIC_DB);
>  		exit(1);
>  	}
>  
> diff --git a/src/lxc/network.c b/src/lxc/network.c
> index c30287e..94ff1f0 100644
> --- a/src/lxc/network.c
> +++ b/src/lxc/network.c
> @@ -130,6 +130,17 @@ out:
>  	return err;
>  }
>  
> +int lxc_netdev_move_by_name(char *ifname, pid_t pid)
> +{
> +	int index;
> +
> +	index = if_nametoindex(ifname);
> +	if (!ifname)
> +		return -EINVAL;
> +
> +	return lxc_netdev_move_by_index(index, pid);
> +}
> +
>  int lxc_netdev_delete_by_index(int ifindex)
>  {
>  	struct nl_handler nlh;
> @@ -233,7 +244,7 @@ int lxc_netdev_rename_by_name(const char *oldname, const char *newname)
>  	return lxc_netdev_rename_by_index(index, newname);
>  }
>  
> -static int netdev_set_flag(const char *name, int flag)
> +int netdev_set_flag(const char *name, int flag)
>  {
>  	struct nl_handler nlh;
>  	struct nlmsg *nlmsg = NULL, *answer = NULL;
> @@ -1036,3 +1047,35 @@ const char *lxc_net_type_to_str(int type)
>  		return NULL;
>  	return lxc_network_types[type];
>  }
> +
> +int setup_private_host_hw_addr(char *veth1)
> +{
> +	struct ifreq ifr;
> +	int err;
> +	int sockfd;
> +
> +	process_lock();
> +	sockfd = socket(AF_INET, SOCK_DGRAM, 0);
> +	process_unlock();
> +	if (sockfd < 0)
> +		return -errno;
> +
> +	snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
> +	err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
> +	if (err < 0) {
> +		process_lock();
> +		close(sockfd);
> +		process_unlock();
> +		return -errno;
> +	}
> +
> +	ifr.ifr_hwaddr.sa_data[0] = 0xfe;
> +	err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
> +	process_lock();
> +	close(sockfd);
> +	process_unlock();
> +	if (err < 0)
> +		return -errno;
> +
> +	return 0;
> +}
> diff --git a/src/lxc/network.h b/src/lxc/network.h
> index 0ca7a9a..58db9a1 100644
> --- a/src/lxc/network.h
> +++ b/src/lxc/network.h
> @@ -32,6 +32,7 @@ extern int lxc_convert_mac(char *macaddr, struct sockaddr *sockaddr);
>   * Move a device between namespaces
>   */
>  extern int lxc_netdev_move_by_index(int ifindex, pid_t pid);
> +extern int lxc_netdev_move_by_name(char *ifname, pid_t pid);
>  
>  /*
>   * Delete a network device
> @@ -45,6 +46,8 @@ extern int lxc_netdev_delete_by_index(int ifindex);
>  extern int lxc_netdev_rename_by_name(const char *oldname, const char *newname);
>  extern int lxc_netdev_rename_by_index(int ifindex, const char *newname);
>  
> +extern int netdev_set_flag(const char *name, int flag);
> +
>  /*
>   * Set the device network up or down
>   */
> @@ -123,4 +126,5 @@ extern int lxc_neigh_proxy_on(const char *name, int family);
>  extern int lxc_neigh_proxy_off(const char *name, int family);
>  
>  extern const char *lxc_net_type_to_str(int type);
> +extern int setup_private_host_hw_addr(char *veth1);
>  #endif
> diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> index cae82bf..ab956be 100644
> --- a/src/tests/Makefile.am
> +++ b/src/tests/Makefile.am
> @@ -15,8 +15,6 @@ lxc_test_lxcpath_SOURCES = lxcpath.c
>  lxc_test_cgpath_SOURCES = cgpath.c
>  lxc_test_clonetest_SOURCES = clonetest.c
>  lxc_test_console_SOURCES = console.c
> -lxc_usernic_test_SOURCES = ../lxc/lxc_user_nic.c ../lxc/nl.c
> -lxc_usernic_test_CFLAGS = -DISTEST
>  lxc_test_snapshot_SOURCES = snapshot.c
>  lxc_test_concurrent_SOURCES = concurrent.c
>  lxc_test_may_control_SOURCES = may_control.c
> @@ -42,7 +40,7 @@ endif
>  bin_PROGRAMS = lxc-test-containertests lxc-test-locktests lxc-test-startone \
>  	lxc-test-destroytest lxc-test-saveconfig lxc-test-createtest \
>  	lxc-test-shutdowntest lxc-test-get_item lxc-test-getkeys lxc-test-lxcpath \
> -	lxc-test-cgpath lxc-test-clonetest lxc-test-console lxc-usernic-test \
> +	lxc-test-cgpath lxc-test-clonetest lxc-test-console \
>  	lxc-test-snapshot lxc-test-concurrent lxc-test-may-control \
>  	lxc-test-reboot lxc-test-list lxc-test-attach
>  
> diff --git a/src/tests/lxc-test-usernic b/src/tests/lxc-test-usernic
> index 9e6d834..168bac0 100755
> --- a/src/tests/lxc-test-usernic
> +++ b/src/tests/lxc-test-usernic
> @@ -21,47 +21,119 @@
>  # License along with this library; if not, write to the Free Software
>  # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
>  
> -conffile="/tmp/lxc-usernet"
> -dbfile="/tmp/nics"
> -sysfsdir=/tmp/lxcnettest
> +cleanup() {
> +	sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
> +	ifconfig usernic-br0 down
> +	ifconfig usernic-br1 down
> +	sudo brctl delbr usernic-br0
> +	sudo brctl delbr usernic-br1
> +	sudo deluser usernic-user
> +	su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1"
> +	rm -rf /tmp/usernic-test
> +	exit $1
> +}
>  
> -rm -f $conffile $dbfile
> +# create a test user
> +deluser usernic-user || true
> +useradd usernic-user
> +sudo mkdir -p /home/usernic-user
> +sudo chown usernic-user /home/usernic-user
> +usermod -v 910000-919999 -w 910000-919999 usernic-user
> +mkdir -p /tmp/usernic-test/lxcbase
> +chown usernic-user /tmp/usernic-test/lxcbase
> +uid=$(id -u usernic-user)
> +cat > /home/usernic-user/.bashrc << EOF
> +export XDG_RUNTIME_DIR=/run/user/$uid
> +EOF
> +XDG_RUNTIME_DIR=/run/user/$uid
> +export XDG_RUNTIME_DIR=/run/user/$uid
> +mkdir -p /run/user/$uid
> +chown usernic-user /run/user/$uid
> +env
> +echo XXX[
> +su -l usernic-user -c "env"
> +sleep 20
> +
> +#
> +cat > /tmp/lxc-usernic.conf << EOF
> +lxc.network.type = empty
> +lxc.id_map = u 0 911000 10000
> +lxc.id_map = g 0 911000 10000
> +EOF
>  
> -rm -rf $sysfsdir
> -mkdir -p $sysfsdir
> +# Create two test bridges
>  
> -# there is no conffile, so we have no permissions
> -lxc-usernic-test 1111 veth lxcbr0 > /dev/null 2>&1
> +brctl addbr usernic-br0
> +brctl addbr usernic-br1
> +ifconfig usernic-br0 0.0.0.0 up
> +ifconfig usernic-br1 0.0.0.0 up
> +
> +# Create three containers
> +su -l usernic-user -c "lxc-create -P /tmp/usernic-test/lxcbase -t busybox -n b1 -f /tmp/lxc-usernic.conf"
> +su -l usernic-user -c "lxc-start -P /tmp/usernic-test/lxcbase -n b1 -d"
> +p1=`lxc-info -P /tmp/usernic-test/lxcbase -n b1 -p | awk -F: '{ print $2 }'`
> +
> +# Assign one veth, should fail as no allowed entries yet
> +su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx1"
>  if [ $? -eq 0 ]; then
> -	echo "Fail: empty conffile should not allow me a nic"
> -	exit 1
> +	echo "FAIL: able to create nic with no entries"
> +	cleanup 1
>  fi
>  
> -cat > $conffile << EOF
> -$(id -un) veth lxcbr0 1
> -EOF
> +# Give him a quota of two
> +echo "lxc-usernet veth usernic-br0 2" >> /etc/lxc/lxc-usernet
> +
> +# Assign one veth to second bridge, should fail
> +su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br1 xx1"
> +if [ $? -eq 0 ]; then
> +	echo "FAIL: able to create nic with no entries"
> +	cleanup 1
> +fi
>  
> -# Should be allowed one but not two
> -lxc-usernic-test 1111 veth lxcbr0 > /dev/null 2>&1
> +# Assign two veths, should succeed
> +su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx2"
> +if [ $? -ne 0 ]; then
> +	echo "FAIL: unable to create first nic"
> +	cleanup 1
> +fi
> +su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx3"
>  if [ $? -ne 0 ]; then
> -	echo "Failed to get one allowed nic"
> -	exit 1
> +	echo "FAIL: unable to create second nic"
> +	cleanup 1
>  fi
>  
> -lxc-usernic-test 1111 veth lxcbr0 > /dev/null 2>&1
> +# Assign one more veth, should fail.
> +su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx4"
>  if [ $? -eq 0 ]; then
> -	echo "Fail: was able to get a second nic"
> -	exit 1
> +	echo "FAIL: able to create third nic"
> +	cleanup 1
>  fi
>  
> -# now remove the 'existing nic' and make sure we're allowed to create
> -# a new one
> -lxc-usernic-test 1111 veth lxcbr0 > /dev/null 2>&1
> -rm -rf $sysfsdir
> -mkdir -p $sysfsdir
> +# Shut down and restart the container, should be able to assign more nics
> +su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1"
> +su -l usernic-user -c "lxc-start -P /tmp/usernic-test/lxcbase -n b1 -d"
> +p1=`lxc-info -P /tmp/usernic-test/lxcbase -n b1 -p | awk -F: '{ print $2 }'`
> +su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx5"
>  if [ $? -ne 0 ]; then
> -	echo "Fail: was unable to get a replacement nic"
> -	exit 1
> +	echo "FAIL: unable to create nic after destroying the old"
> +	cleanup 1
> +fi
> +
> +su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1"
> +
> +# Create a root-owned ns
> +lxc-create -t busybox -n usernic-c1
> +lxc-start -n usernic-c1 -d
> +p2=`lxc-info -n usernic-c1 -p | awk -F: '{ print $2}'`
> +
> +# assign veth to it - should fail
> +su -l usernic-user -c "lxc-user-nic $p2 veth usernic-br0 xx6"
> +ret=$?
> +lxc-stop -n usernic-c1
> +lxc-destroy -n usernic-c1
> +if [ $ret -eq 0 ]; then
> +	echo "FAIL: able to attach nic to root-owned container"
> +	cleanup 1
>  fi
>  
>  echo "All tests passed"
> -- 
> 1.8.3.2
> 
> 
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing 
> conversations that shape the rapidly evolving mobile landscape. Sign up now. 
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131125/8f9af077/attachment.pgp>


More information about the lxc-devel mailing list