mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-08 21:17:47 +03:00
nspawn: add new --network-veth-extra= switch for defining additional veth links
The new switch operates like --network-veth, but may be specified multiple times (to define multiple link pairs) and allows flexible definition of the interface names. This is an independent reimplementation of #1678, but defines different semantics, keeping the behaviour completely independent of --network-veth. It also comes will full hook-up for .nspawn files, and the matching documentation.
This commit is contained in:
parent
76e0779b5c
commit
f6d6bad146
@ -432,6 +432,21 @@
|
|||||||
<option>--private-network</option>.</para></listitem>
|
<option>--private-network</option>.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--network-veth-extra=</option></term>
|
||||||
|
|
||||||
|
<listitem><para>Adds an additional virtual Ethernet link
|
||||||
|
between host and container. Takes a colon-separated pair of
|
||||||
|
host interface name and container interface name. The latter
|
||||||
|
may be omitted in which case the container and host sides will
|
||||||
|
be assigned the same name. This switch is independent of
|
||||||
|
<option>--network-veth</option>, and -- in contrast -- may be
|
||||||
|
used multiple times, and allows configuration of the network
|
||||||
|
interface names. Note that <option>--network-bridge=</option>
|
||||||
|
has no effect on interfaces created with
|
||||||
|
<option>--network-veth-extra=</option>.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--network-bridge=</option></term>
|
<term><option>--network-bridge=</option></term>
|
||||||
|
|
||||||
|
@ -323,6 +323,23 @@
|
|||||||
above).</para></listitem>
|
above).</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>VirtualEthernetExtra=</varname></term>
|
||||||
|
|
||||||
|
<listitem><para>Takes a colon-separated pair of interface
|
||||||
|
names. Configures an additional virtual Ethernet connection
|
||||||
|
(<literal>veth</literal>) between host and the container. The
|
||||||
|
first specified name is the interface name on the host, the
|
||||||
|
second the interface name in the container. The latter may be
|
||||||
|
omitted in which case it is set to the same name as the host
|
||||||
|
side interface. This setting implies
|
||||||
|
<varname>Private=yes</varname>. This setting corresponds to
|
||||||
|
the <option>--network-veth-extra=</option> command line
|
||||||
|
switch, and maybe be used multiple times. It is independent of
|
||||||
|
<varname>VirtualEthernet=</varname>. This option is privileged
|
||||||
|
(see above).</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>Interface=</varname></term>
|
<term><varname>Interface=</varname></term>
|
||||||
|
|
||||||
|
@ -15,24 +15,25 @@ struct ConfigPerfItem;
|
|||||||
%struct-type
|
%struct-type
|
||||||
%includes
|
%includes
|
||||||
%%
|
%%
|
||||||
Exec.Boot, config_parse_tristate, 0, offsetof(Settings, boot)
|
Exec.Boot, config_parse_tristate, 0, offsetof(Settings, boot)
|
||||||
Exec.Parameters, config_parse_strv, 0, offsetof(Settings, parameters)
|
Exec.Parameters, config_parse_strv, 0, offsetof(Settings, parameters)
|
||||||
Exec.Environment, config_parse_strv, 0, offsetof(Settings, environment)
|
Exec.Environment, config_parse_strv, 0, offsetof(Settings, environment)
|
||||||
Exec.User, config_parse_string, 0, offsetof(Settings, user)
|
Exec.User, config_parse_string, 0, offsetof(Settings, user)
|
||||||
Exec.Capability, config_parse_capability, 0, offsetof(Settings, capability)
|
Exec.Capability, config_parse_capability, 0, offsetof(Settings, capability)
|
||||||
Exec.DropCapability, config_parse_capability, 0, offsetof(Settings, drop_capability)
|
Exec.DropCapability, config_parse_capability, 0, offsetof(Settings, drop_capability)
|
||||||
Exec.KillSignal, config_parse_signal, 0, offsetof(Settings, kill_signal)
|
Exec.KillSignal, config_parse_signal, 0, offsetof(Settings, kill_signal)
|
||||||
Exec.Personality, config_parse_personality, 0, offsetof(Settings, personality)
|
Exec.Personality, config_parse_personality, 0, offsetof(Settings, personality)
|
||||||
Exec.MachineID, config_parse_id128, 0, offsetof(Settings, machine_id)
|
Exec.MachineID, config_parse_id128, 0, offsetof(Settings, machine_id)
|
||||||
Files.ReadOnly, config_parse_tristate, 0, offsetof(Settings, read_only)
|
Files.ReadOnly, config_parse_tristate, 0, offsetof(Settings, read_only)
|
||||||
Files.Volatile, config_parse_volatile_mode, 0, offsetof(Settings, volatile_mode)
|
Files.Volatile, config_parse_volatile_mode, 0, offsetof(Settings, volatile_mode)
|
||||||
Files.Bind, config_parse_bind, 0, 0
|
Files.Bind, config_parse_bind, 0, 0
|
||||||
Files.BindReadOnly, config_parse_bind, 1, 0
|
Files.BindReadOnly, config_parse_bind, 1, 0
|
||||||
Files.TemporaryFileSystem, config_parse_tmpfs, 0, 0
|
Files.TemporaryFileSystem, config_parse_tmpfs, 0, 0
|
||||||
Network.Private, config_parse_tristate, 0, offsetof(Settings, private_network)
|
Network.Private, config_parse_tristate, 0, offsetof(Settings, private_network)
|
||||||
Network.Interface, config_parse_strv, 0, offsetof(Settings, network_interfaces)
|
Network.Interface, config_parse_strv, 0, offsetof(Settings, network_interfaces)
|
||||||
Network.MACVLAN, config_parse_strv, 0, offsetof(Settings, network_macvlan)
|
Network.MACVLAN, config_parse_strv, 0, offsetof(Settings, network_macvlan)
|
||||||
Network.IPVLAN, config_parse_strv, 0, offsetof(Settings, network_ipvlan)
|
Network.IPVLAN, config_parse_strv, 0, offsetof(Settings, network_ipvlan)
|
||||||
Network.VirtualEthernet, config_parse_tristate, 0, offsetof(Settings, network_veth)
|
Network.VirtualEthernet, config_parse_tristate, 0, offsetof(Settings, network_veth)
|
||||||
Network.Bridge, config_parse_string, 0, offsetof(Settings, network_bridge)
|
Network.VirtualEthernetExtra, config_parse_veth_extra, 0, 0
|
||||||
Network.Port, config_parse_expose_port, 0, 0
|
Network.Bridge, config_parse_string, 0, offsetof(Settings, network_bridge)
|
||||||
|
Network.Port, config_parse_expose_port, 0, 0
|
||||||
|
@ -37,6 +37,8 @@
|
|||||||
|
|
||||||
#define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
|
#define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
|
||||||
#define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
|
#define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
|
||||||
|
#define VETH_EXTRA_HOST_HASH_KEY SD_ID128_MAKE(48,c7,f6,b7,ea,9d,4c,9e,b7,28,d4,de,91,d5,bf,66)
|
||||||
|
#define VETH_EXTRA_CONTAINER_HASH_KEY SD_ID128_MAKE(af,50,17,61,ce,f9,4d,35,84,0d,2b,20,54,be,ce,59)
|
||||||
#define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
|
#define MACVLAN_HASH_KEY SD_ID128_MAKE(00,13,6d,bc,66,83,44,81,bb,0c,f9,51,1f,24,a6,6f)
|
||||||
|
|
||||||
static int generate_mac(
|
static int generate_mac(
|
||||||
@ -84,42 +86,32 @@ static int generate_mac(
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int setup_veth(const char *machine_name,
|
static int add_veth(
|
||||||
pid_t pid,
|
sd_netlink *rtnl,
|
||||||
char iface_name[IFNAMSIZ],
|
pid_t pid,
|
||||||
bool bridge) {
|
const char *ifname_host,
|
||||||
|
const struct ether_addr *mac_host,
|
||||||
|
const char *ifname_container,
|
||||||
|
const struct ether_addr *mac_container) {
|
||||||
|
|
||||||
_cleanup_netlink_message_unref_ sd_netlink_message *m = NULL;
|
_cleanup_netlink_message_unref_ sd_netlink_message *m = NULL;
|
||||||
_cleanup_netlink_unref_ sd_netlink *rtnl = NULL;
|
int r;
|
||||||
struct ether_addr mac_host, mac_container;
|
|
||||||
int r, i;
|
|
||||||
|
|
||||||
/* Use two different interface name prefixes depending whether
|
assert(rtnl);
|
||||||
* we are in bridge mode or not. */
|
assert(ifname_host);
|
||||||
snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
|
assert(mac_host);
|
||||||
bridge ? "vb" : "ve", machine_name);
|
assert(ifname_container);
|
||||||
|
assert(mac_container);
|
||||||
r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
|
|
||||||
if (r < 0)
|
|
||||||
return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
|
|
||||||
|
|
||||||
r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
|
|
||||||
if (r < 0)
|
|
||||||
return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
|
|
||||||
|
|
||||||
r = sd_netlink_open(&rtnl);
|
|
||||||
if (r < 0)
|
|
||||||
return log_error_errno(r, "Failed to connect to netlink: %m");
|
|
||||||
|
|
||||||
r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
|
r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to allocate netlink message: %m");
|
return log_error_errno(r, "Failed to allocate netlink message: %m");
|
||||||
|
|
||||||
r = sd_netlink_message_append_string(m, IFLA_IFNAME, iface_name);
|
r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_host);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to add netlink interface name: %m");
|
return log_error_errno(r, "Failed to add netlink interface name: %m");
|
||||||
|
|
||||||
r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac_host);
|
r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_host);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to add netlink MAC address: %m");
|
return log_error_errno(r, "Failed to add netlink MAC address: %m");
|
||||||
|
|
||||||
@ -135,11 +127,11 @@ int setup_veth(const char *machine_name,
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to open netlink container: %m");
|
return log_error_errno(r, "Failed to open netlink container: %m");
|
||||||
|
|
||||||
r = sd_netlink_message_append_string(m, IFLA_IFNAME, "host0");
|
r = sd_netlink_message_append_string(m, IFLA_IFNAME, ifname_container);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to add netlink interface name: %m");
|
return log_error_errno(r, "Failed to add netlink interface name: %m");
|
||||||
|
|
||||||
r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, &mac_container);
|
r = sd_netlink_message_append_ether_addr(m, IFLA_ADDRESS, mac_container);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to add netlink MAC address: %m");
|
return log_error_errno(r, "Failed to add netlink MAC address: %m");
|
||||||
|
|
||||||
@ -161,7 +153,44 @@ int setup_veth(const char *machine_name,
|
|||||||
|
|
||||||
r = sd_netlink_call(rtnl, m, 0, NULL);
|
r = sd_netlink_call(rtnl, m, 0, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to add new veth interfaces (host0, %s): %m", iface_name);
|
return log_error_errno(r, "Failed to add new veth interfaces (%s:%s): %m", ifname_host, ifname_container);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int setup_veth(const char *machine_name,
|
||||||
|
pid_t pid,
|
||||||
|
char iface_name[IFNAMSIZ],
|
||||||
|
bool bridge) {
|
||||||
|
|
||||||
|
_cleanup_netlink_unref_ sd_netlink *rtnl = NULL;
|
||||||
|
struct ether_addr mac_host, mac_container;
|
||||||
|
int r, i;
|
||||||
|
|
||||||
|
assert(machine_name);
|
||||||
|
assert(pid > 0);
|
||||||
|
assert(iface_name);
|
||||||
|
|
||||||
|
/* Use two different interface name prefixes depending whether
|
||||||
|
* we are in bridge mode or not. */
|
||||||
|
snprintf(iface_name, IFNAMSIZ - 1, "%s-%s",
|
||||||
|
bridge ? "vb" : "ve", machine_name);
|
||||||
|
|
||||||
|
r = generate_mac(machine_name, &mac_container, CONTAINER_HASH_KEY, 0);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to generate predictable MAC address for container side: %m");
|
||||||
|
|
||||||
|
r = generate_mac(machine_name, &mac_host, HOST_HASH_KEY, 0);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to generate predictable MAC address for host side: %m");
|
||||||
|
|
||||||
|
r = sd_netlink_open(&rtnl);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to connect to netlink: %m");
|
||||||
|
|
||||||
|
r = add_veth(rtnl, pid, iface_name, &mac_host, "host0", &mac_container);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
i = (int) if_nametoindex(iface_name);
|
i = (int) if_nametoindex(iface_name);
|
||||||
if (i <= 0)
|
if (i <= 0)
|
||||||
@ -170,6 +199,47 @@ int setup_veth(const char *machine_name,
|
|||||||
return i;
|
return i;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int setup_veth_extra(
|
||||||
|
const char *machine_name,
|
||||||
|
pid_t pid,
|
||||||
|
char **pairs) {
|
||||||
|
|
||||||
|
_cleanup_netlink_unref_ sd_netlink *rtnl = NULL;
|
||||||
|
uint64_t idx = 0;
|
||||||
|
char **a, **b;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(machine_name);
|
||||||
|
assert(pid > 0);
|
||||||
|
|
||||||
|
if (strv_isempty(pairs))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
r = sd_netlink_open(&rtnl);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to connect to netlink: %m");
|
||||||
|
|
||||||
|
STRV_FOREACH_PAIR(a, b, pairs) {
|
||||||
|
struct ether_addr mac_host, mac_container;
|
||||||
|
|
||||||
|
r = generate_mac(machine_name, &mac_container, VETH_EXTRA_CONTAINER_HASH_KEY, idx);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
|
||||||
|
|
||||||
|
r = generate_mac(machine_name, &mac_host, VETH_EXTRA_HOST_HASH_KEY, idx);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to generate predictable MAC address for container side of extra veth link: %m");
|
||||||
|
|
||||||
|
r = add_veth(rtnl, pid, *a, &mac_host, *b, &mac_container);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
idx ++;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int setup_bridge(const char *veth_name, const char *bridge_name) {
|
int setup_bridge(const char *veth_name, const char *bridge_name) {
|
||||||
_cleanup_netlink_message_unref_ sd_netlink_message *m = NULL;
|
_cleanup_netlink_message_unref_ sd_netlink_message *m = NULL;
|
||||||
_cleanup_netlink_unref_ sd_netlink *rtnl = NULL;
|
_cleanup_netlink_unref_ sd_netlink *rtnl = NULL;
|
||||||
@ -439,3 +509,34 @@ int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces) {
|
|||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int veth_extra_parse(char ***l, const char *p) {
|
||||||
|
_cleanup_free_ char *a = NULL, *b = NULL;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
r = extract_first_word(&p, &a, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
if (r == 0 || isempty(a))
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
|
r = extract_first_word(&p, &b, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
if (r == 0 || isempty(b)) {
|
||||||
|
free(b);
|
||||||
|
b = strdup(a);
|
||||||
|
if (!b)
|
||||||
|
return -ENOMEM;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (p)
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
|
r = strv_push_pair(l, a, b);
|
||||||
|
if (r < 0)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
a = b = NULL;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@ -27,6 +27,7 @@
|
|||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
|
|
||||||
int setup_veth(const char *machine_name, pid_t pid, char iface_name[IFNAMSIZ], bool bridge);
|
int setup_veth(const char *machine_name, pid_t pid, char iface_name[IFNAMSIZ], bool bridge);
|
||||||
|
int setup_veth_extra(const char *machine_name, pid_t pid, char **pairs);
|
||||||
|
|
||||||
int setup_bridge(const char *veth_name, const char *bridge_name);
|
int setup_bridge(const char *veth_name, const char *bridge_name);
|
||||||
|
|
||||||
@ -34,3 +35,5 @@ int setup_macvlan(const char *machine_name, pid_t pid, char **ifaces);
|
|||||||
int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces);
|
int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces);
|
||||||
|
|
||||||
int move_network_interfaces(pid_t pid, char **ifaces);
|
int move_network_interfaces(pid_t pid, char **ifaces);
|
||||||
|
|
||||||
|
int veth_extra_parse(char ***l, const char *p);
|
||||||
|
@ -22,6 +22,7 @@
|
|||||||
#include "alloc-util.h"
|
#include "alloc-util.h"
|
||||||
#include "cap-list.h"
|
#include "cap-list.h"
|
||||||
#include "conf-parser.h"
|
#include "conf-parser.h"
|
||||||
|
#include "nspawn-network.h"
|
||||||
#include "nspawn-settings.h"
|
#include "nspawn-settings.h"
|
||||||
#include "process-util.h"
|
#include "process-util.h"
|
||||||
#include "strv.h"
|
#include "strv.h"
|
||||||
@ -77,6 +78,7 @@ Settings* settings_free(Settings *s) {
|
|||||||
strv_free(s->network_interfaces);
|
strv_free(s->network_interfaces);
|
||||||
strv_free(s->network_macvlan);
|
strv_free(s->network_macvlan);
|
||||||
strv_free(s->network_ipvlan);
|
strv_free(s->network_ipvlan);
|
||||||
|
strv_free(s->network_veth_extra);
|
||||||
free(s->network_bridge);
|
free(s->network_bridge);
|
||||||
expose_port_free_all(s->expose_ports);
|
expose_port_free_all(s->expose_ports);
|
||||||
|
|
||||||
@ -95,7 +97,8 @@ bool settings_private_network(Settings *s) {
|
|||||||
s->network_bridge ||
|
s->network_bridge ||
|
||||||
s->network_interfaces ||
|
s->network_interfaces ||
|
||||||
s->network_macvlan ||
|
s->network_macvlan ||
|
||||||
s->network_ipvlan;
|
s->network_ipvlan ||
|
||||||
|
s->network_veth_extra;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool settings_network_veth(Settings *s) {
|
bool settings_network_veth(Settings *s) {
|
||||||
@ -269,15 +272,33 @@ int config_parse_tmpfs(
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (settings->network_bridge)
|
return 0;
|
||||||
settings->network_veth = true;
|
}
|
||||||
|
|
||||||
if (settings->network_interfaces ||
|
int config_parse_veth_extra(
|
||||||
settings->network_macvlan ||
|
const char *unit,
|
||||||
settings->network_ipvlan ||
|
const char *filename,
|
||||||
settings->network_bridge ||
|
unsigned line,
|
||||||
settings->network_veth)
|
const char *section,
|
||||||
settings->private_network = true;
|
unsigned section_line,
|
||||||
|
const char *lvalue,
|
||||||
|
int ltype,
|
||||||
|
const char *rvalue,
|
||||||
|
void *data,
|
||||||
|
void *userdata) {
|
||||||
|
|
||||||
|
Settings *settings = data;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(filename);
|
||||||
|
assert(lvalue);
|
||||||
|
assert(rvalue);
|
||||||
|
|
||||||
|
r = veth_extra_parse(&settings->network_veth_extra, rvalue);
|
||||||
|
if (r < 0) {
|
||||||
|
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid extra virtual Ethernet link specification %s: %m", rvalue);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -69,6 +69,7 @@ typedef struct Settings {
|
|||||||
char **network_interfaces;
|
char **network_interfaces;
|
||||||
char **network_macvlan;
|
char **network_macvlan;
|
||||||
char **network_ipvlan;
|
char **network_ipvlan;
|
||||||
|
char **network_veth_extra;
|
||||||
ExposePort *expose_ports;
|
ExposePort *expose_ports;
|
||||||
} Settings;
|
} Settings;
|
||||||
|
|
||||||
@ -88,3 +89,4 @@ int config_parse_expose_port(const char *unit, const char *filename, unsigned li
|
|||||||
int config_parse_volatile_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
int config_parse_volatile_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
int config_parse_bind(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
int config_parse_bind(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
int config_parse_tmpfs(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
int config_parse_tmpfs(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
|
int config_parse_veth_extra(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
|
@ -165,6 +165,7 @@ static char **arg_network_interfaces = NULL;
|
|||||||
static char **arg_network_macvlan = NULL;
|
static char **arg_network_macvlan = NULL;
|
||||||
static char **arg_network_ipvlan = NULL;
|
static char **arg_network_ipvlan = NULL;
|
||||||
static bool arg_network_veth = false;
|
static bool arg_network_veth = false;
|
||||||
|
static char **arg_network_veth_extra = NULL;
|
||||||
static char *arg_network_bridge = NULL;
|
static char *arg_network_bridge = NULL;
|
||||||
static unsigned long arg_personality = PERSONALITY_INVALID;
|
static unsigned long arg_personality = PERSONALITY_INVALID;
|
||||||
static char *arg_image = NULL;
|
static char *arg_image = NULL;
|
||||||
@ -212,6 +213,9 @@ static void help(void) {
|
|||||||
" existing network interface to the container\n"
|
" existing network interface to the container\n"
|
||||||
" -n --network-veth Add a virtual Ethernet connection between host\n"
|
" -n --network-veth Add a virtual Ethernet connection between host\n"
|
||||||
" and container\n"
|
" and container\n"
|
||||||
|
" --network-veth-extra=HOSTIF[:CONTAINERIF]\n"
|
||||||
|
" Add an additional virtual Ethernet link between\n"
|
||||||
|
" host and container\n"
|
||||||
" --network-bridge=INTERFACE\n"
|
" --network-bridge=INTERFACE\n"
|
||||||
" Add a virtual Ethernet connection between host\n"
|
" Add a virtual Ethernet connection between host\n"
|
||||||
" and container and add it to an existing bridge on\n"
|
" and container and add it to an existing bridge on\n"
|
||||||
@ -334,6 +338,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
ARG_NETWORK_MACVLAN,
|
ARG_NETWORK_MACVLAN,
|
||||||
ARG_NETWORK_IPVLAN,
|
ARG_NETWORK_IPVLAN,
|
||||||
ARG_NETWORK_BRIDGE,
|
ARG_NETWORK_BRIDGE,
|
||||||
|
ARG_NETWORK_VETH_EXTRA,
|
||||||
ARG_PERSONALITY,
|
ARG_PERSONALITY,
|
||||||
ARG_VOLATILE,
|
ARG_VOLATILE,
|
||||||
ARG_TEMPLATE,
|
ARG_TEMPLATE,
|
||||||
@ -375,6 +380,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
{ "network-macvlan", required_argument, NULL, ARG_NETWORK_MACVLAN },
|
{ "network-macvlan", required_argument, NULL, ARG_NETWORK_MACVLAN },
|
||||||
{ "network-ipvlan", required_argument, NULL, ARG_NETWORK_IPVLAN },
|
{ "network-ipvlan", required_argument, NULL, ARG_NETWORK_IPVLAN },
|
||||||
{ "network-veth", no_argument, NULL, 'n' },
|
{ "network-veth", no_argument, NULL, 'n' },
|
||||||
|
{ "network-veth-extra", required_argument, NULL, ARG_NETWORK_VETH_EXTRA},
|
||||||
{ "network-bridge", required_argument, NULL, ARG_NETWORK_BRIDGE },
|
{ "network-bridge", required_argument, NULL, ARG_NETWORK_BRIDGE },
|
||||||
{ "personality", required_argument, NULL, ARG_PERSONALITY },
|
{ "personality", required_argument, NULL, ARG_PERSONALITY },
|
||||||
{ "image", required_argument, NULL, 'i' },
|
{ "image", required_argument, NULL, 'i' },
|
||||||
@ -449,6 +455,15 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
arg_settings_mask |= SETTING_NETWORK;
|
arg_settings_mask |= SETTING_NETWORK;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case ARG_NETWORK_VETH_EXTRA:
|
||||||
|
r = veth_extra_parse(&arg_network_veth_extra, optarg);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to parse --network-veth-extra= parameter: %s", optarg);
|
||||||
|
|
||||||
|
arg_private_network = true;
|
||||||
|
arg_settings_mask |= SETTING_NETWORK;
|
||||||
|
break;
|
||||||
|
|
||||||
case ARG_NETWORK_INTERFACE:
|
case ARG_NETWORK_INTERFACE:
|
||||||
if (strv_extend(&arg_network_interfaces, optarg) < 0)
|
if (strv_extend(&arg_network_interfaces, optarg) < 0)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
@ -2964,12 +2979,13 @@ static int load_settings(void) {
|
|||||||
settings->network_bridge ||
|
settings->network_bridge ||
|
||||||
settings->network_interfaces ||
|
settings->network_interfaces ||
|
||||||
settings->network_macvlan ||
|
settings->network_macvlan ||
|
||||||
settings->network_ipvlan)) {
|
settings->network_ipvlan ||
|
||||||
|
settings->network_veth_extra)) {
|
||||||
|
|
||||||
if (!arg_settings_trusted)
|
if (!arg_settings_trusted)
|
||||||
log_warning("Ignoring network settings, file %s is not trusted.", p);
|
log_warning("Ignoring network settings, file %s is not trusted.", p);
|
||||||
else {
|
else {
|
||||||
arg_network_veth = settings_private_network(settings);
|
arg_network_veth = settings_network_veth(settings);
|
||||||
arg_private_network = settings_private_network(settings);
|
arg_private_network = settings_private_network(settings);
|
||||||
|
|
||||||
strv_free(arg_network_interfaces);
|
strv_free(arg_network_interfaces);
|
||||||
@ -2984,6 +3000,10 @@ static int load_settings(void) {
|
|||||||
arg_network_ipvlan = settings->network_ipvlan;
|
arg_network_ipvlan = settings->network_ipvlan;
|
||||||
settings->network_ipvlan = NULL;
|
settings->network_ipvlan = NULL;
|
||||||
|
|
||||||
|
strv_free(arg_network_veth_extra);
|
||||||
|
arg_network_veth_extra = settings->network_veth_extra;
|
||||||
|
settings->network_veth_extra = NULL;
|
||||||
|
|
||||||
free(arg_network_bridge);
|
free(arg_network_bridge);
|
||||||
arg_network_bridge = settings->network_bridge;
|
arg_network_bridge = settings->network_bridge;
|
||||||
settings->network_bridge = NULL;
|
settings->network_bridge = NULL;
|
||||||
@ -3409,6 +3429,10 @@ int main(int argc, char *argv[]) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
r = setup_veth_extra(arg_machine, pid, arg_network_veth_extra);
|
||||||
|
if (r < 0)
|
||||||
|
goto finish;
|
||||||
|
|
||||||
r = setup_macvlan(arg_machine, pid, arg_network_macvlan);
|
r = setup_macvlan(arg_machine, pid, arg_network_macvlan);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto finish;
|
goto finish;
|
||||||
@ -3610,6 +3634,7 @@ finish:
|
|||||||
strv_free(arg_network_interfaces);
|
strv_free(arg_network_interfaces);
|
||||||
strv_free(arg_network_macvlan);
|
strv_free(arg_network_macvlan);
|
||||||
strv_free(arg_network_ipvlan);
|
strv_free(arg_network_ipvlan);
|
||||||
|
strv_free(arg_network_veth_extra);
|
||||||
strv_free(arg_parameters);
|
strv_free(arg_parameters);
|
||||||
custom_mount_free_all(arg_custom_mounts, arg_n_custom_mounts);
|
custom_mount_free_all(arg_custom_mounts, arg_n_custom_mounts);
|
||||||
expose_port_free_all(arg_expose_ports);
|
expose_port_free_all(arg_expose_ports);
|
||||||
|
Loading…
Reference in New Issue
Block a user