[lxc-devel] [lxc/master] network: fixes

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200321/36014c1a/attachment.bin>
-------------- next part --------------
From 3646ffd9ae679f79e583a9a42baebf27a4a7010a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sat, 21 Mar 2020 11:50:59 +0100
Subject: [PATCH 1/2] network: introduce lxc_ifname_alnum_case_sensitive()

Right now we have 36^n unique network device names. Let's make it 62^n.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cmd/lxc_user_nic.c |  2 +-
 src/lxc/criu.c             |  2 +-
 src/lxc/network.c          | 12 ++++++------
 src/lxc/network.h          |  8 +++++---
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
index 5038d16e0a..cd9c1ef2f4 100644
--- a/src/lxc/cmd/lxc_user_nic.c
+++ b/src/lxc/cmd/lxc_user_nic.c
@@ -735,7 +735,7 @@ static char *get_nic_if_avail(int fd, struct alloted_s *names, int pid,
 	if (ret < 0 || (size_t)ret >= sizeof(nicname))
 		return NULL;
 
-	if (!lxc_mkifname(nicname))
+	if (!lxc_ifname_alnum_case_sensitive(nicname))
 		return NULL;
 
 	ret = create_nic(nicname, br, pid, cnic);
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index e74bd4ddca..421da89416 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -903,7 +903,7 @@ static bool restore_net_info(struct lxc_container *c)
 
 		if (netdev->priv.veth_attr.pair[0] == '\0' &&
 		    netdev->priv.veth_attr.veth1[0] == '\0') {
-			if (!lxc_mkifname(template))
+			if (!lxc_ifname_alnum_case_sensitive(template))
 				goto out_unlock;
 
 			(void)strlcpy(netdev->priv.veth_attr.veth1, template, IFNAMSIZ);
diff --git a/src/lxc/network.c b/src/lxc/network.c
index 469f9bdcaf..b442ed5752 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -261,7 +261,7 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
 		if (err < 0 || (size_t)err >= sizeof(veth1buf))
 			return -1;
 
-		veth1 = lxc_mkifname(veth1buf);
+		veth1 = lxc_ifname_alnum_case_sensitive(veth1buf);
 		if (!veth1)
 			return -1;
 
@@ -273,7 +273,7 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
 	if (err < 0 || (size_t)err >= sizeof(veth2buf))
 		return -1;
 
-	veth2 = lxc_mkifname(veth2buf);
+	veth2 = lxc_ifname_alnum_case_sensitive(veth2buf);
 	if (!veth2)
 		return -1;
 
@@ -470,7 +470,7 @@ static int instantiate_macvlan(struct lxc_handler *handler, struct lxc_netdev *n
 	if (err < 0 || (size_t)err >= sizeof(peer))
 		return -1;
 
-	if (!lxc_mkifname(peer))
+	if (!lxc_ifname_alnum_case_sensitive(peer))
 		return -1;
 
 	err = lxc_macvlan_create(netdev->link, peer,
@@ -625,7 +625,7 @@ static int instantiate_ipvlan(struct lxc_handler *handler, struct lxc_netdev *ne
 	if (err < 0 || (size_t)err >= sizeof(peer))
 		return -1;
 
-	if (!lxc_mkifname(peer))
+	if (!lxc_ifname_alnum_case_sensitive(peer))
 		return -1;
 
 	err = lxc_ipvlan_create(netdev->link, peer, netdev->priv.ipvlan_attr.mode,
@@ -2446,9 +2446,9 @@ const char *lxc_net_type_to_str(int type)
 	return lxc_network_types[type];
 }
 
-static const char padchar[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const char padchar[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
-char *lxc_mkifname(char *template)
+char *lxc_ifname_alnum_case_sensitive(char *template)
 {
 	int ret;
 	struct netns_ifaddrs *ifa, *ifaddr;
diff --git a/src/lxc/network.h b/src/lxc/network.h
index 2cf1cbb0d0..696380c900 100644
--- a/src/lxc/network.h
+++ b/src/lxc/network.h
@@ -251,10 +251,12 @@ extern int lxc_ip_forwarding_on(const char *name, int family);
 /* Disable IP forwarding. */
 extern int lxc_ip_forwarding_off(const char *name, int family);
 
-/* Generate a new unique network interface name.
- * Allocated memory must be freed by caller.
+/*
+ * Generate a new unique network interface name.
+ *
+ * Allows for 62^n unique combinations.
  */
-extern char *lxc_mkifname(char *template);
+extern char *lxc_ifname_alnum_case_sensitive(char *template);
 
 extern const char *lxc_net_type_to_str(int type);
 extern int setup_private_host_hw_addr(char *veth1);

From fa2e1cea8de4f3e9bbb4ceccdcfd78bb64e87f58 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sat, 21 Mar 2020 11:52:15 +0100
Subject: [PATCH 2/2] lxc-user-nic: enable uid-marked veth devices for uids
 with 5 digits

With the newly extended lxc_ifname_alnum_case_sensitive() we'll have 62^4
unique network device names per user.

Closes #3176.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cmd/lxc_user_nic.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
index cd9c1ef2f4..fd34559031 100644
--- a/src/lxc/cmd/lxc_user_nic.c
+++ b/src/lxc/cmd/lxc_user_nic.c
@@ -727,9 +727,15 @@ static char *get_nic_if_avail(int fd, struct alloted_s *names, int pid,
 		return NULL;
 
         uid = getuid();
-	/* for POSIX integer uids the network device name schema is vethUID_XXXXX */
+	/*
+	 * For POSIX integer uids the network device name schema is
+	 * vethUID_XXXX.
+	 * With four random characters passed to
+	 * lxc_ifname_alnum_case_sensitive() we get 62^4 = 14776336
+	 * combinations per uid. That's plenty of network devices for now.
+	 */
 	if (uid > 0 && uid <= 65536)
-		ret = snprintf(nicname, sizeof(nicname), "veth%d_XXXXX", uid);
+		ret = snprintf(nicname, sizeof(nicname), "veth%d_XXXX", uid);
 	else
 		ret = snprintf(nicname, sizeof(nicname), "vethXXXXXX");
 	if (ret < 0 || (size_t)ret >= sizeof(nicname))