[lxc-devel] [lxc/master] network: improvements + bugfixes

brauner on Github lxc-bot at linuxcontainers.org
Thu Aug 31 21:15:01 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170831/e127ebd5/attachment.bin>
-------------- next part --------------
From 8da62485e8ae00819761a3f67386d496e2bb21ac Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 31 Aug 2017 22:58:30 +0200
Subject: [PATCH 1/4] network: retrieve the host's veth device ifindex

- Retrieve the host's veth device ifindex in the host's network namespace.
- Add a note why we retrieve the container's veth device ifindex in the host's
  network namespace.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/network.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 6c867c654..f10dd3f3e 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -140,6 +140,18 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
 		goto out_delete;
 	}
 
+	/* Retrieve ifindex of the host's veth device. */
+	netdev->priv.veth_attr.ifindex = if_nametoindex(veth1);
+	if (!netdev->priv.veth_attr.ifindex) {
+		ERROR("Failed to retrieve ifindex for \"%s\"", veth1);
+		goto out_delete;
+	}
+
+	/* Note that we're retrieving the container's ifindex in the host's
+	 * network namespace because we need it to move the device from the
+	 * host's network namespace to the container's network namespace later
+	 * on.
+	 */
 	netdev->ifindex = if_nametoindex(veth2);
 	if (!netdev->ifindex) {
 		ERROR("Failed to retrieve ifindex for \"%s\"", veth2);

From d0b915aab9c73022bc1aec29d344b9ae96483f6c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 31 Aug 2017 23:01:46 +0200
Subject: [PATCH 2/4] start: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/start.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index bc5daa764..86d823552 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1208,14 +1208,13 @@ void resolve_clone_flags(struct lxc_handler *handler)
  */
 static int lxc_spawn(struct lxc_handler *handler)
 {
-	int failed_before_rename = 0;
+	int i, flags, nveths;
 	const char *name = handler->name;
-	bool cgroups_connected = false;
-	int saved_ns_fd[LXC_NS_MAX];
-	int preserve_mask = 0, i, flags;
-	int netpipepair[2], nveths;
 	bool wants_to_map_ids;
+	int netpipepair[2], saved_ns_fd[LXC_NS_MAX];
 	struct lxc_list *id_map;
+	int failed_before_rename = 0, preserve_mask = 0;
+	bool cgroups_connected = false;
 
 	netpipe = -1;
 	id_map = &handler->conf->id_map;

From 8424b4e14b7f5c34ed6229d1001cd766a6bdc648 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 31 Aug 2017 23:08:28 +0200
Subject: [PATCH 3/4] lxc-user-nic: free memory and check for error

- check for error on ifindex retrieval
- free allocated memory

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxc_user_nic.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 1853e0412..7541e4b8a 100644
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -453,6 +453,8 @@ static int get_mtu(char *name)
 	int idx;
 
 	idx = if_nametoindex(name);
+	if (idx < 0)
+		return -1;
 	return netdev_get_mtu(idx);
 }
 
@@ -1215,6 +1217,12 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 	host_veth_ifidx = if_nametoindex(nicname);
+	if (!host_veth_ifidx) {
+		free(newname);
+		free(nicname);
+		usernic_error("Failed to get netdev index: %s\n", strerror(errno));
+		exit(EXIT_FAILURE);
+	}
 
 	/* Write names of veth pairs and their ifindeces to stout:
 	 * (e.g. eth0:731:veth9MT2L4:730)

From 99573f4aeab96a8554ddb08c683769d16dda5332 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 31 Aug 2017 23:13:44 +0200
Subject: [PATCH 4/4] lxc-user-nic: initialize vars to silence gcc-7

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxc_user_nic.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 7541e4b8a..9164e44dc 100644
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -1055,10 +1055,10 @@ static bool is_privileged_over_netns(int netns_fd)
 
 int main(int argc, char *argv[])
 {
-	int container_veth_ifidx, fd, host_veth_ifidx, n, pid, request, ret;
+	int fd, n, pid, request, ret;
 	char *me, *newname;
 	struct user_nic_args args;
-	int netns_fd = -1;
+	int container_veth_ifidx = -1, host_veth_ifidx = -1, netns_fd = -1;
 	char *cnic = NULL, *nicname = NULL;
 	struct alloted_s *alloted = NULL;

More information about the lxc-devel mailing list