void main(void)
{
struct net_if *iface = net_if_get_default();
NET_INFO("Starting Telnet sample");
setup_ipv4(iface);
setup_dhcpv4(iface);
setup_ipv6(iface);
}
static void setup_ip_from_env(const char *ifname)
{
char *val;
int mtu = 0;
val = getenv("INTERNAL_IP4_MTU");
if (val)
mtu = atoi(val);
val = getenv("INTERNAL_IP4_ADDRESS");
if (!val)
die("missing IPv4 address\n");
setup_ipv4(ifname, val, "255.255.255.255", true, mtu);
val = getenv("INTERNAL_IP4_DNS");
if (val)
val = strdup(val);
else
val = strdup(DEFAULT_DNS_LIST);
if (!val)
die("out of memory\n");
FILE *f = fopen(RESOLV_CONF, "w");
if (!f)
die("can't open /etc/resolv.conf for writing\n");
char *p = val;
while (1) {
char *s = strtok(p, " ");
if (!s)
break;
p = NULL;
if (fprintf(f, "nameserver %s\n", s) < 0)
die("error writing to resolv.conf\n");
}
free(val);
val = getenv("CISCO_DEF_DOMAIN");
if (val) {
if (fprintf(f, "search %s\n", val) < 0)
die("error writing to resolv.conf\n");
}
if (fclose(f) != 0)
die("error writing to resolv.conf\n");
}
static int create_ns(const char *statedir, const char *name)
{
char str[64];
uid_t uid = getuid();
gid_t gid = getgid();
if (unshare(CLONE_NEWNS | CLONE_NEWNET |
CLONE_NEWUTS | CLONE_NEWUSER) < 0)
pdie("can't unshare namespaces");
if (access("/proc/self/setgroups", O_RDONLY) == 0)
write_file("/proc/self/setgroups", "deny");
snprintf(str, sizeof(str), "0 %d 1", uid);
write_file("/proc/self/uid_map", str);
snprintf(str, sizeof(str), "0 %d 1", gid);
write_file("/proc/self/gid_map", str);
if (sethostname(name, strlen(name)) < 0)
pdie("can't set hostname");
setup_ipv4("lo", "127.0.0.1", "255.0.0.0", false, 0);
mkdir(statedir, 0755);
char *local_etc = populate_statedir(statedir, "etc", true);
char *workdir = populate_statedir(statedir, "workdir", true);
char *resolv = populate_statedir(statedir, "etc/resolv.conf", false);
char *mount_opts;
if (asprintf(&mount_opts, "lowerdir=/etc,upperdir=%s,workdir=%s",
local_etc, workdir) < 0) {
die("can't allocate memory\n");
}
/*
* overlayfs is only usable on patched kernels (e.g. Ubuntu) due to
* permission checks, but it is the cleanest solution because it
* overrides symlinks. If we have to use bind mounts instead,
* tell the watcher process to re-create the bind mount if
* resolv.conf gets deleted.
*/
int inotify_fd = -1, inotify_wd = -1;
if (mount("overlay", "/etc", "overlay", 0, mount_opts) == 0) {
/* pass through */
} else {
inotify_fd = inotify_init();
if (inotify_fd < 0)
pdie("can't create inotify socket");
inotify_wd = watch_and_bind_mount(inotify_fd, resolv);
if (inotify_wd < 0)
die("can't watch resolv.conf\n");
}
/*
* Create the initial watcher connection here so that the parent
* process doesn't need to wait for the child process to start up.
*/
int initial_conn_fd[2];
if (socketpair(AF_UNIX, SOCK_STREAM, 0, initial_conn_fd) < 0)
pdie("socketpair failed");
write_pid(statedir, create_watcher(statedir, initial_conn_fd[1],
resolv, inotify_fd, inotify_wd));
close(initial_conn_fd[1]);
close(inotify_fd);
free(mount_opts);
free(resolv);
free(workdir);
free(local_etc);
return initial_conn_fd[0];
}