void
tools_delete_router_address (const gchar *address)
{
struct nl_sock *sock = NULL;
struct nl_addr *dst = NULL;
struct nl_addr *gw = NULL;
struct rtnl_nexthop *nhop = NULL;
struct rtnl_route *route = NULL;
sock = nl_socket_alloc ();
nl_connect (sock, NETLINK_ROUTE);
nhop = rtnl_route_nh_alloc ();
nl_addr_parse (address, AF_INET, &gw);
rtnl_route_nh_set_gateway (nhop, gw);
rtnl_route_nh_set_flags (nhop, 0);
route = rtnl_route_alloc ();
rtnl_route_set_family (route, AF_INET);
nl_addr_parse ("default", AF_INET, &dst);
rtnl_route_add_nexthop (route, nhop);
if (rtnl_route_delete (sock, route, NLM_F_CREATE | NLM_F_REPLACE) != 0)
g_warning (_("Failed to delete default route."));
nl_socket_free (sock);
rtnl_route_put (route);
nl_addr_put (dst);
nl_addr_put (gw);
}
static void rule_free_data(struct nl_object *c)
{
struct rtnl_rule *rule = nl_object_priv(c);
if (!rule)
return;
nl_addr_put(rule->r_src);
nl_addr_put(rule->r_dst);
}
static int exp_parse_ip(struct nfnl_exp *exp, int tuple, struct nlattr *attr)
{
struct nlattr *tb[CTA_IP_MAX+1];
struct nl_addr *addr;
int err;
err = nla_parse_nested(tb, CTA_IP_MAX, attr, exp_ip_policy);
if (err < 0)
goto errout;
if (tb[CTA_IP_V4_SRC]) {
addr = nl_addr_alloc_attr(tb[CTA_IP_V4_SRC], AF_INET);
if (addr == NULL)
goto errout_enomem;
err = nfnl_exp_set_src(exp, tuple, addr);
nl_addr_put(addr);
if (err < 0)
goto errout;
}
if (tb[CTA_IP_V4_DST]) {
addr = nl_addr_alloc_attr(tb[CTA_IP_V4_DST], AF_INET);
if (addr == NULL)
goto errout_enomem;
err = nfnl_exp_set_dst(exp, tuple, addr);
nl_addr_put(addr);
if (err < 0)
goto errout;
}
if (tb[CTA_IP_V6_SRC]) {
addr = nl_addr_alloc_attr(tb[CTA_IP_V6_SRC], AF_INET6);
if (addr == NULL)
goto errout_enomem;
err = nfnl_exp_set_src(exp, tuple, addr);
nl_addr_put(addr);
if (err < 0)
goto errout;
}
if (tb[CTA_IP_V6_DST]) {
addr = nl_addr_alloc_attr(tb[CTA_IP_V6_DST], AF_INET6);
if (addr == NULL)
goto errout_enomem;
err = nfnl_exp_set_dst(exp, tuple, addr);
nl_addr_put(addr);
if (err < 0)
goto errout;
}
return 0;
errout_enomem:
err = -NLE_NOMEM;
errout:
return err;
}
static void ct_free_data(struct nl_object *c)
{
struct nfnl_ct *ct = (struct nfnl_ct *) c;
if (ct == NULL)
return;
nl_addr_put(ct->ct_orig.src);
nl_addr_put(ct->ct_orig.dst);
nl_addr_put(ct->ct_repl.src);
nl_addr_put(ct->ct_repl.dst);
}
static void idiagnl_msg_free(struct nl_object *a)
{
struct idiagnl_msg *msg = (struct idiagnl_msg *) a;
if (a == NULL)
return;
free(msg->idiag_cong);
nl_addr_put(msg->idiag_src);
nl_addr_put(msg->idiag_dst);
idiagnl_meminfo_put(msg->idiag_meminfo);
idiagnl_vegasinfo_put(msg->idiag_vegasinfo);
}
static void addr_free_data(struct nl_object *obj)
{
struct rtnl_addr *addr = nl_object_priv(obj);
if (!addr)
return;
nl_addr_put(addr->a_peer);
nl_addr_put(addr->a_local);
nl_addr_put(addr->a_bcast);
nl_addr_put(addr->a_anycast);
nl_addr_put(addr->a_multicast);
}
static void xfrm_ae_free_data(struct nl_object *c)
{
struct xfrmnl_ae* ae = nl_object_priv (c);
if (ae == NULL)
return;
nl_addr_put (ae->sa_id.daddr);
nl_addr_put (ae->saddr);
if (ae->replay_state_esn)
free (ae->replay_state_esn);
}
static void request_free_data(struct nl_object *obj)
{
struct flnl_request *req = REQUEST_CAST(obj);
if (req)
nl_addr_put(req->lr_addr);
}
int main(int argc, char *argv[])
{
struct nl_handle *nlh;
struct rtnl_addr *addr;
struct nl_addr *local;
int err = 1;
if (argc < 3 || !strcmp(argv[1], "-h")) {
printf("Usage: nl-addr-delete <addr> <ifindex>\n");
goto errout;
}
if (nltool_init(argc, argv) < 0)
goto errout;
nlh = nltool_alloc_handle();
if (!nlh)
goto errout;
addr = rtnl_addr_alloc();
if (!addr)
goto errout_free_handle;
if (nltool_connect(nlh, NETLINK_ROUTE) < 0)
goto errout_free_addr;
local = nltool_addr_parse(argv[1]);
if (!local)
goto errout_close;
if (rtnl_addr_set_local(addr, local) < 0) {
fprintf(stderr, "Unable to set local address: %s\n",
nl_geterror());
goto errout_addr_put;
}
rtnl_addr_set_ifindex(addr, strtoul(argv[2], NULL, 0));
if (rtnl_addr_delete(nlh, addr, 0) < 0) {
fprintf(stderr, "Unable to delete address: %s\n",
nl_geterror());
goto errout_addr_put;
}
err = 0;
errout_addr_put:
nl_addr_put(local);
errout_close:
nl_close(nlh);
errout_free_addr:
rtnl_addr_put(addr);
errout_free_handle:
nl_handle_destroy(nlh);
errout:
return err;
}
TNlAddr &TNlAddr::operator=(const TNlAddr &other) {
if (this != &other) {
nl_addr_put(Addr);
if (other.Addr)
Addr = nl_addr_clone(other.Addr);
else
Addr = nullptr;
}
return *this;
}
int idiagnl_msg_set_dst(struct idiagnl_msg *msg, struct nl_addr *addr)
{
if (msg->idiag_dst)
nl_addr_put(msg->idiag_dst);
nl_addr_get(addr);
msg->idiag_dst = addr;
return 0;
}
int idiagnl_msg_set_src(struct idiagnl_msg *msg, struct nl_addr *addr)
{
if (msg->idiag_src)
nl_addr_put(msg->idiag_src);
nl_addr_get(addr);
msg->idiag_src = addr;
return 0;
}
static int result_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
struct nlmsghdr *n, struct nl_parser_param *pp)
{
struct flnl_result *res;
struct fib_result_nl *fr;
struct nl_addr *addr;
int err = -EINVAL;
res = flnl_result_alloc();
if (!res)
goto errout;
res->ce_msgtype = n->nlmsg_type;
res->fr_req = flnl_request_alloc();
if (!res->fr_req)
goto errout;
fr = nlmsg_data(n);
addr = nl_addr_build(AF_INET, &fr->fl_addr, 4);
if (!addr)
goto errout;
err = flnl_request_set_addr(res->fr_req, addr);
nl_addr_put(addr);
if (err < 0)
goto errout;
flnl_request_set_fwmark(res->fr_req, fr->fl_fwmark);
flnl_request_set_tos(res->fr_req, fr->fl_tos);
flnl_request_set_scope(res->fr_req, fr->fl_scope);
flnl_request_set_table(res->fr_req, fr->tb_id_in);
res->fr_table_id = fr->tb_id;
res->fr_prefixlen = fr->prefixlen;
res->fr_nh_sel = fr->nh_sel;
res->fr_type = fr->type;
res->fr_scope = fr->scope;
res->fr_error = fr->err;
err = pp->pp_cb((struct nl_object *) res, pp);
if (err < 0)
goto errout;
/* REAL HACK, fib_lookup doesn't support ACK nor does it
* send a DONE message, enforce end of message stream
* after just the first message */
err = NL_STOP;
errout:
flnl_result_put(res);
return err;
}
static int ip4_addr_to_rtnl_peer (guint32 ip4_address, struct rtnl_addr *addr)
{
struct nl_addr * peer = NULL;
int err = 0;
g_return_val_if_fail (addr != NULL, -1);
peer = nm_utils_ip4_addr_to_nl_addr (ip4_address);
err = rtnl_addr_set_peer (addr, peer);
nl_addr_put (peer);
return err;
}
static int ip4_addr_to_rtnl_broadcast (guint32 ip4_broadcast, struct rtnl_addr *addr)
{
struct nl_addr * local = NULL;
int err = 0;
g_return_val_if_fail (addr != NULL, -1);
local = nm_utils_ip4_addr_to_nl_addr (ip4_broadcast);
err = rtnl_addr_set_broadcast (addr, local);
nl_addr_put (local);
return err;
}
void rtnl_route_nh_set_gateway(struct rtnl_nexthop *nh, struct nl_addr *addr)
{
struct nl_addr *old = nh->rtnh_gateway;
if (addr) {
nh->rtnh_gateway = nl_addr_get(addr);
nh->ce_mask |= NH_ATTR_GATEWAY;
} else {
nh->ce_mask &= ~NH_ATTR_GATEWAY;
nh->rtnh_gateway = NULL;
}
if (old)
nl_addr_put(old);
}
int flnl_request_set_addr(struct flnl_request *req, struct nl_addr *addr)
{
if (addr->a_family != AF_INET)
return -NLE_AF_NOSUPPORT;
if (req->lr_addr)
nl_addr_put(req->lr_addr);
nl_addr_get(addr);
req->lr_addr = addr;
req->ce_mask |= REQUEST_ATTR_ADDR;
return 0;
}
static void exp_free_data(struct nl_object *c)
{
struct nfnl_exp *exp = (struct nfnl_exp *) c;
if (exp == NULL)
return;
nl_addr_put(exp->exp_expect.src);
nl_addr_put(exp->exp_expect.dst);
nl_addr_put(exp->exp_master.src);
nl_addr_put(exp->exp_master.dst);
nl_addr_put(exp->exp_mask.src);
nl_addr_put(exp->exp_mask.dst);
nl_addr_put(exp->exp_nat.src);
nl_addr_put(exp->exp_nat.dst);
free(exp->exp_fn);
free(exp->exp_helper_name);
}
void
switchlink_linux_mac_update(switchlink_mac_addr_t mac_addr,
switchlink_handle_t bridge_h,
switchlink_handle_t intf_h, bool create) {
switchlink_db_status_t status;
uint32_t ifindex;
if (!create) {
status = switchlink_db_mac_get_intf(mac_addr, bridge_h, &intf_h);
if (status != SWITCHLINK_DB_STATUS_SUCCESS) {
assert(false);
return;
}
}
status = switchlink_db_interface_get_ifindex(intf_h, &ifindex);
if (status != SWITCHLINK_DB_STATUS_SUCCESS) {
assert(false);
return;
}
struct nl_sock *nlsk = switchlink_get_nl_sock();
if (!nlsk) {
return;
}
struct nl_addr *nl_addr = nl_addr_build(AF_LLC, mac_addr, ETH_ALEN);
struct rtnl_neigh *rtnl_neigh = rtnl_neigh_alloc();
rtnl_neigh_set_ifindex(rtnl_neigh, ifindex);
rtnl_neigh_set_lladdr(rtnl_neigh, nl_addr);
rtnl_neigh_set_state(rtnl_neigh, rtnl_neigh_str2state("permanent"));
rtnl_neigh_set_family(rtnl_neigh, AF_BRIDGE);
if (create) {
status = switchlink_db_mac_add(mac_addr, bridge_h, intf_h);
assert(status == SWITCHLINK_DB_STATUS_SUCCESS);
rtnl_neigh_add(nlsk, rtnl_neigh, NLM_F_CREATE|NLM_F_REPLACE);
} else {
status = switchlink_db_mac_delete(mac_addr, bridge_h);
assert(status == SWITCHLINK_DB_STATUS_SUCCESS);
rtnl_neigh_delete(nlsk, rtnl_neigh, 0);
}
rtnl_neigh_put(rtnl_neigh);
nl_addr_put(nl_addr);
}
/**
* Get IPv6 tokenized interface identifier
* @arg link Link object
* @arg token Tokenized interface identifier on success
*
* Returns the link's IPv6 tokenized interface identifier.
*
* @return 0 on success
* @return -NLE_NOMEM failure to allocate struct nl_addr result
* @return -NLE_NOATTR configuration setting not available
* @return -NLE_NOADDR tokenized interface identifier is not set
*/
int rtnl_link_inet6_get_token(struct rtnl_link *link, struct nl_addr **addr)
{
struct inet6_data *id;
if (!(id = rtnl_link_af_data(link, &inet6_ops)))
return -NLE_NOATTR;
*addr = nl_addr_build(AF_INET6, &id->i6_token, sizeof(id->i6_token));
if (!*addr)
return -NLE_NOMEM;
if (nl_addr_iszero(*addr)) {
nl_addr_put(*addr);
*addr = NULL;
return -NLE_NOADDR;
}
return 0;
}
static int ct_set_addr(struct nfnl_ct *ct, struct nl_addr *addr,
int attr, struct nl_addr ** ct_addr)
{
if (ct->ce_mask & CT_ATTR_FAMILY) {
if (addr->a_family != ct->ct_family)
return -NLE_AF_MISMATCH;
} else
nfnl_ct_set_family(ct, addr->a_family);
if (*ct_addr)
nl_addr_put(*ct_addr);
nl_addr_get(addr);
*ct_addr = addr;
ct->ce_mask |= attr;
return 0;
}
int main(int argc, char *argv[])
{
struct rtnl_link *link;
struct nl_cache *link_cache;
struct nl_sock *sk;
struct nl_addr* addr;
int err, master_index;
sk = nl_socket_alloc();
if ((err = nl_connect(sk, NETLINK_ROUTE)) < 0) {
nl_perror(err, "Unable to connect socket");
return err;
}
if ((err = rtnl_link_alloc_cache(sk, AF_UNSPEC, &link_cache)) < 0) {
nl_perror(err, "Unable to allocate cache");
return err;
}
if (!(master_index = rtnl_link_name2i(link_cache, "eth0"))) {
fprintf(stderr, "Unable to lookup eth0");
return -1;
}
link = rtnl_link_macvtap_alloc();
rtnl_link_set_link(link, master_index);
addr = nl_addr_build(AF_LLC, ether_aton("00:11:22:33:44:55"), ETH_ALEN);
rtnl_link_set_addr(link, addr);
nl_addr_put(addr);
rtnl_link_macvtap_set_mode(link, rtnl_link_macvtap_str2mode("bridge"));
if ((err = rtnl_link_add(sk, link, NLM_F_CREATE)) < 0) {
nl_perror(err, "Unable to add link");
return err;
}
rtnl_link_put(link);
nl_close(sk);
return 0;
}
int sysnet_interface_set_addr(VPNInterface *i)
{
int err;
struct nl_cache *link_cache;
struct nl_sock *sock;
struct rtnl_addr *addr;
struct rtnl_link *link;
struct nl_addr *local_addr;
sock = nl_socket_alloc();
nl_connect(sock, NETLINK_ROUTE);
rtnl_link_alloc_cache(sock, AF_UNSPEC, &link_cache);
addr = rtnl_addr_alloc();
link = rtnl_link_get_by_name(link_cache, i->name);
local_addr = nl_addr_build(i->address.ip.family, &i->address.ip.ip4, sizeof(i->address.ip.ip4));
rtnl_addr_set_local(addr, local_addr);
rtnl_addr_set_family(addr, i->address.ip.family);
rtnl_addr_set_prefixlen(addr, i->address.prefix);
rtnl_addr_set_link(addr, link);
if ((err = rtnl_addr_add(sock, addr, 0)) < 0) {
tox_trace(i->context->tox, "Unable to add address %s on %s: %s", ip_ntoa(&i->address.ip), rtnl_link_get_name(link), nl_geterror(err));
}
else {
tox_trace(i->context->tox, "Added address %s on \"%s\"", ip_ntoa(&i->address.ip), i->name);
}
rtnl_link_put(link);
rtnl_addr_put(addr);
nl_cache_free(link_cache);
nl_addr_put(local_addr);
nl_socket_free(sock);
return err;
}
/*
* Get the nexthop for the first default AF_INET route. Sets
* *addr if found, caller must release reference to *addr. Returns 1 if an
* error occurs, NULL *addr if no error but no AF_INET default route exists.
*/
static int get_default_gw_inet_addr(struct nl_sock *sk, struct nl_addr **addr)
{
struct nl_cache *route_cache;
int err;
err = rtnl_route_alloc_cache(sk, AF_INET, 0, &route_cache);
if (err < 0) {
warnx("rtnl_addr_alloc_cache() failed: %s", nl_geterror(err));
return 1;
}
/* Retrieve the first AF_INET default route. */
struct rtnl_route *filter;
filter = rtnl_route_alloc();
assert(filter);
rtnl_route_set_type(filter, 1); /* XXX RTN_UNICAST from linux/rtnetlink.h */
struct nl_addr *filter_addr;
err = nl_addr_parse("default", AF_INET, &filter_addr);
if (err < 0) {
warnx("nl_addr_parse(default) failed: %s", nl_geterror(err));
rtnl_route_put(filter);
nl_cache_free(route_cache);
return 1;
}
rtnl_route_set_dst(filter, filter_addr);
*addr = NULL;
nl_cache_foreach_filter(route_cache, (struct nl_object *)filter,
match_first_nh_gw, addr);
/* No default gateway is not an error, so always return 0 here */
nl_addr_put(filter_addr);
rtnl_route_put(filter);
nl_cache_free(route_cache);
return 0;
}
static int addr_msg_parser(struct sockaddr_nl *who, struct nlmsghdr *nlh,
void *arg)
{
struct rtnl_addr *addr;
struct nl_parser_param *pp = arg;
struct ifaddrmsg *ifa;
struct nlattr *tb[IFA_MAX+1];
int err = -ENOMEM, peer_prefix = 0;
addr = rtnl_addr_alloc();
if (!addr) {
err = nl_errno(ENOMEM);
goto errout;
}
addr->ce_msgtype = nlh->nlmsg_type;
err = nlmsg_parse(nlh, sizeof(*ifa), tb, IFA_MAX, addr_policy);
if (err < 0)
goto errout_free;
ifa = nlmsg_data(nlh);
addr->a_family = ifa->ifa_family;
addr->a_prefixlen = ifa->ifa_prefixlen;
addr->a_flags = ifa->ifa_flags;
addr->a_scope = ifa->ifa_scope;
addr->a_ifindex = ifa->ifa_index;
addr->a_mask = (ADDR_ATTR_FAMILY | ADDR_ATTR_PREFIXLEN |
ADDR_ATTR_FLAGS | ADDR_ATTR_SCOPE | ADDR_ATTR_IFINDEX);
if (tb[IFA_LABEL]) {
nla_strlcpy(addr->a_label, tb[IFA_LABEL], IFNAMSIZ);
addr->a_mask |= ADDR_ATTR_LABEL;
}
if (tb[IFA_CACHEINFO]) {
struct ifa_cacheinfo *ca;
ca = nla_data(tb[IFA_CACHEINFO]);
addr->a_cacheinfo.aci_prefered = ca->ifa_prefered;
addr->a_cacheinfo.aci_valid = ca->ifa_valid;
addr->a_cacheinfo.aci_cstamp = ca->cstamp;
addr->a_cacheinfo.aci_tstamp = ca->tstamp;
addr->a_mask |= ADDR_ATTR_CACHEINFO;
}
if (tb[IFA_LOCAL]) {
addr->a_local = nla_get_addr(tb[IFA_LOCAL], addr->a_family);
if (!addr->a_local)
goto errout_free;
addr->a_mask |= ADDR_ATTR_LOCAL;
}
if (tb[IFA_ADDRESS]) {
struct nl_addr *a;
a = nla_get_addr(tb[IFA_ADDRESS], addr->a_family);
if (!a)
goto errout_free;
/* IPv6 sends the local address as IFA_ADDRESS with
* no IFA_LOCAL, IPv4 sends both IFA_LOCAL and IFA_ADDRESS
* with IFA_ADDRESS being the peer address if they differ */
if (!tb[IFA_LOCAL] || !nl_addr_cmp(a, addr->a_local)) {
nl_addr_put(addr->a_local);
addr->a_local = a;
addr->a_mask |= ADDR_ATTR_LOCAL;
} else {
addr->a_peer = a;
addr->a_mask |= ADDR_ATTR_PEER;
peer_prefix = 1;
}
}
nl_addr_set_prefixlen(peer_prefix ? addr->a_peer : addr->a_local,
addr->a_prefixlen);
if (tb[IFA_BROADCAST]) {
addr->a_bcast = nla_get_addr(tb[IFA_BROADCAST], addr->a_family);
if (!addr->a_bcast)
goto errout_free;
addr->a_mask |= ADDR_ATTR_BROADCAST;
}
if (tb[IFA_ANYCAST]) {
addr->a_anycast = nla_get_addr(tb[IFA_ANYCAST], addr->a_family);
if (!addr->a_anycast)
goto errout_free;
addr->a_mask |= ADDR_ATTR_ANYCAST;
}
if (tb[IFA_MULTICAST]) {
addr->a_multicast = nla_get_addr(tb[IFA_MULTICAST],
addr->a_family);
if (!addr->a_multicast)
goto errout_free;
addr->a_mask |= ADDR_ATTR_MULTICAST;
}
err = pp->pp_cb((struct nl_object *) addr, pp);
if (err < 0)
goto errout_free;
return P_ACCEPT;
errout_free:
rtnl_addr_free(addr);
errout:
return err;
}
static void nl_ihandler_cb(struct incident *i, void *ctx)
{
g_debug("%s i %p ctx %p", __PRETTY_FUNCTION__, i, ctx);
struct connection *con;
incident_value_con_get(i, "con", &con);
char *remote = con->remote.ip_string;
char *local = con->local.ip_string;
char *prefix = "::ffff:";
if( strncmp(local, prefix, strlen(prefix)) == 0)
local += strlen(prefix);
if( strncmp(remote, prefix, strlen(prefix)) == 0)
remote += strlen(prefix);
int ifindex;
int err;
{
g_debug("local addr %s remote addr %s", local, remote);
struct rtnl_addr *addr = rtnl_addr_alloc();
struct nl_addr *a;
if ( ( err = nl_addr_parse(local, AF_UNSPEC, &a)) != 0 )
g_critical("could not parse addr %s (%s)", local, nl_geterror(err));
rtnl_addr_set_local(addr, a);
nl_addr_put(a);
struct rtnl_addr *res = NULL;
nl_cache_foreach_filter(nl_runtime.addr_cache, OBJ_CAST(addr), cache_lookup_cb, &res);
g_critical("LOCAL RTNL_ADDR %p", res);
/* struct nl_dump_params params = {
.dp_type = NL_DUMP_LINE,
.dp_fd = stdout,
};
nl_cache_dump_filter(nl_runtime.addr_cache, ¶ms, OBJ_CAST(addr));
*/
ifindex = rtnl_addr_get_ifindex(res);
}
struct rtnl_neigh *res = NULL;
{
struct rtnl_neigh *neigh = rtnl_neigh_alloc();
rtnl_neigh_set_ifindex(neigh, ifindex);
struct nl_addr *a;
if ( ( err = nl_addr_parse(remote, AF_UNSPEC, &a)) != 0 )
g_critical("could not parse addr %s (%s)", remote, nl_geterror(err));
rtnl_neigh_set_dst(neigh, a);
nl_addr_put(a);
nl_cache_foreach_filter(nl_runtime.neigh_cache, OBJ_CAST(neigh), cache_lookup_cb, &res);
}
if( res )
{
g_critical("GOT NEIGH %p", res);
struct nl_addr *lladdr = rtnl_neigh_get_lladdr(res);
char buf[123];
nl_addr2str(lladdr, buf, sizeof(buf));
g_critical("GOT NEIGH %s", buf);
struct incident *i = incident_new("dionaea.module.nl.connection.info.mac");
incident_value_string_set(i, "mac", g_string_new(buf));
incident_value_con_set(i, "con", con);
incident_report(i);
incident_free(i);
}
}
static void copy_cacheinfo_into_route(struct rta_cacheinfo *ci,
struct rtnl_route *route)
{
struct rtnl_rtcacheinfo nci = {
.rtci_clntref = ci->rta_clntref,
.rtci_last_use = ci->rta_lastuse,
.rtci_expires = ci->rta_expires,
.rtci_error = ci->rta_error,
.rtci_used = ci->rta_used,
.rtci_id = ci->rta_id,
.rtci_ts = ci->rta_ts,
.rtci_tsage = ci->rta_tsage,
};
rtnl_route_set_cacheinfo(route, &nci);
}
static int route_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
struct nlmsghdr *nlh, struct nl_parser_param *pp)
{
struct rtmsg *rtm;
struct rtnl_route *route;
struct nlattr *tb[RTA_MAX + 1];
struct nl_addr *src = NULL, *dst = NULL, *addr;
int err;
route = rtnl_route_alloc();
if (!route) {
err = nl_errno(ENOMEM);
goto errout;
}
route->ce_msgtype = nlh->nlmsg_type;
err = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
route_policy);
if (err < 0)
goto errout;
rtm = nlmsg_data(nlh);
rtnl_route_set_family(route, rtm->rtm_family);
rtnl_route_set_tos(route, rtm->rtm_tos);
rtnl_route_set_table(route, rtm->rtm_table);
rtnl_route_set_type(route, rtm->rtm_type);
rtnl_route_set_scope(route, rtm->rtm_scope);
rtnl_route_set_protocol(route, rtm->rtm_protocol);
rtnl_route_set_flags(route, rtm->rtm_flags);
if (tb[RTA_DST]) {
dst = nla_get_addr(tb[RTA_DST], rtm->rtm_family);
if (dst == NULL)
goto errout_errno;
} else {
dst = nl_addr_alloc(0);
nl_addr_set_family(dst, rtm->rtm_family);
}
nl_addr_set_prefixlen(dst, rtm->rtm_dst_len);
err = rtnl_route_set_dst(route, dst);
if (err < 0)
goto errout;
nl_addr_put(dst);
if (tb[RTA_SRC]) {
src = nla_get_addr(tb[RTA_SRC], rtm->rtm_family);
if (src == NULL)
goto errout_errno;
} else if (rtm->rtm_src_len)
src = nl_addr_alloc(0);
if (src) {
nl_addr_set_prefixlen(src, rtm->rtm_src_len);
rtnl_route_set_src(route, src);
nl_addr_put(src);
}
if (tb[RTA_IIF])
rtnl_route_set_iif(route, nla_get_string(tb[RTA_IIF]));
if (tb[RTA_OIF])
rtnl_route_set_oif(route, nla_get_u32(tb[RTA_OIF]));
if (tb[RTA_GATEWAY]) {
addr = nla_get_addr(tb[RTA_GATEWAY], route->rt_family);
if (addr == NULL)
goto errout_errno;
rtnl_route_set_gateway(route, addr);
nl_addr_put(addr);
}
if (tb[RTA_PRIORITY])
rtnl_route_set_prio(route, nla_get_u32(tb[RTA_PRIORITY]));
if (tb[RTA_PREFSRC]) {
addr = nla_get_addr(tb[RTA_PREFSRC], route->rt_family);
if (addr == NULL)
goto errout_errno;
rtnl_route_set_pref_src(route, addr);
nl_addr_put(addr);
}
if (tb[RTA_METRICS]) {
struct nlattr *mtb[RTAX_MAX + 1];
int i;
err = nla_parse_nested(mtb, RTAX_MAX, tb[RTA_METRICS], NULL);
if (err < 0)
goto errout;
for (i = 1; i <= RTAX_MAX; i++) {
if (mtb[i] && nla_len(mtb[i]) >= sizeof(uint32_t)) {
uint32_t m = nla_get_u32(mtb[i]);
if (rtnl_route_set_metric(route, i, m) < 0)
goto errout_errno;
}
}
}
if (tb[RTA_MULTIPATH]) {
struct rtnl_nexthop *nh;
struct rtnexthop *rtnh = nla_data(tb[RTA_MULTIPATH]);
size_t tlen = nla_len(tb[RTA_MULTIPATH]);
while (tlen >= sizeof(*rtnh) && tlen >= rtnh->rtnh_len) {
nh = rtnl_route_nh_alloc();
if (!nh)
goto errout;
rtnl_route_nh_set_weight(nh, rtnh->rtnh_hops);
rtnl_route_nh_set_ifindex(nh, rtnh->rtnh_ifindex);
rtnl_route_nh_set_flags(nh, rtnh->rtnh_flags);
if (rtnh->rtnh_len > sizeof(*rtnh)) {
struct nlattr *ntb[RTA_MAX + 1];
nla_parse(ntb, RTA_MAX, (struct nlattr *)
RTNH_DATA(rtnh),
rtnh->rtnh_len - sizeof(*rtnh),
route_policy);
if (ntb[RTA_GATEWAY]) {
nh->rtnh_gateway = nla_get_addr(
ntb[RTA_GATEWAY],
route->rt_family);
nh->rtnh_mask = NEXTHOP_HAS_GATEWAY;
}
}
rtnl_route_add_nexthop(route, nh);
tlen -= RTNH_ALIGN(rtnh->rtnh_len);
rtnh = RTNH_NEXT(rtnh);
}
}
if (tb[RTA_FLOW])
rtnl_route_set_realms(route, nla_get_u32(tb[RTA_FLOW]));
if (tb[RTA_CACHEINFO])
copy_cacheinfo_into_route(nla_data(tb[RTA_CACHEINFO]), route);
if (tb[RTA_MP_ALGO])
rtnl_route_set_mp_algo(route, nla_get_u32(tb[RTA_MP_ALGO]));
err = pp->pp_cb((struct nl_object *) route, pp);
if (err < 0)
goto errout;
err = P_ACCEPT;
errout:
rtnl_route_put(route);
return err;
errout_errno:
err = nl_get_errno();
goto errout;
}
static int route_request_update(struct nl_cache *c, struct nl_handle *h)
{
return nl_rtgen_request(h, RTM_GETROUTE, AF_UNSPEC, NLM_F_DUMP);
}
/**
* @name Cache Management
* @{
*/
/**
* Build a route cache holding all routes currently configured in the kernel
* @arg handle netlink handle
*
* Allocates a new cache, initializes it properly and updates it to
* contain all routes currently configured in the kernel.
*
* @note The caller is responsible for destroying and freeing the
* cache after using it.
* @return The cache or NULL if an error has occured.
*/
struct nl_cache *rtnl_route_alloc_cache(struct nl_handle *handle)
{
struct nl_cache *cache;
cache = nl_cache_alloc(&rtnl_route_ops);
if (!cache)
return NULL;
if (handle && nl_cache_refill(handle, cache) < 0) {
free(cache);
return NULL;
}
return cache;
}
/** @} */
/**
* @name Route Addition
* @{
*/
static struct nl_msg *build_route_msg(struct rtnl_route *tmpl, int cmd,
int flags)
{
struct nl_msg *msg;
struct nl_addr *addr;
int scope, i, oif, nmetrics = 0;
struct nlattr *metrics;
struct rtmsg rtmsg = {
.rtm_family = rtnl_route_get_family(tmpl),
.rtm_dst_len = rtnl_route_get_dst_len(tmpl),
.rtm_src_len = rtnl_route_get_src_len(tmpl),
.rtm_tos = rtnl_route_get_tos(tmpl),
.rtm_table = rtnl_route_get_table(tmpl),
.rtm_type = rtnl_route_get_type(tmpl),
.rtm_protocol = rtnl_route_get_protocol(tmpl),
.rtm_flags = rtnl_route_get_flags(tmpl),
};
if (rtmsg.rtm_family == AF_UNSPEC) {
nl_error(EINVAL, "Cannot build route message, address " \
"family is unknown.");
return NULL;
}
scope = rtnl_route_get_scope(tmpl);
if (scope == RT_SCOPE_NOWHERE) {
if (rtmsg.rtm_type == RTN_LOCAL)
scope = RT_SCOPE_HOST;
else {
/* XXX Change to UNIVERSE if gw || nexthops */
scope = RT_SCOPE_LINK;
}
}
rtmsg.rtm_scope = scope;
msg = nlmsg_alloc_simple(cmd, flags);
if (msg == NULL)
return NULL;
if (nlmsg_append(msg, &rtmsg, sizeof(rtmsg), NLMSG_ALIGNTO) < 0)
goto nla_put_failure;
addr = rtnl_route_get_dst(tmpl);
if (addr)
NLA_PUT_ADDR(msg, RTA_DST, addr);
addr = rtnl_route_get_src(tmpl);
if (addr)
NLA_PUT_ADDR(msg, RTA_SRC, addr);
addr = rtnl_route_get_gateway(tmpl);
if (addr)
NLA_PUT_ADDR(msg, RTA_GATEWAY, addr);
addr = rtnl_route_get_pref_src(tmpl);
if (addr)
NLA_PUT_ADDR(msg, RTA_PREFSRC, addr);
NLA_PUT_U32(msg, RTA_PRIORITY, rtnl_route_get_prio(tmpl));
oif = rtnl_route_get_oif(tmpl);
if (oif != RTNL_LINK_NOT_FOUND)
NLA_PUT_U32(msg, RTA_OIF, oif);
for (i = 1; i <= RTAX_MAX; i++)
if (rtnl_route_get_metric(tmpl, i) != UINT_MAX)
nmetrics++;
if (nmetrics > 0) {
unsigned int val;
metrics = nla_nest_start(msg, RTA_METRICS);
if (metrics == NULL)
goto nla_put_failure;
for (i = 1; i <= RTAX_MAX; i++) {
val = rtnl_route_get_metric(tmpl, i);
if (val != UINT_MAX)
NLA_PUT_U32(msg, i, val);
}
nla_nest_end(msg, metrics);
}
#if 0
RTA_IIF,
RTA_MULTIPATH,
RTA_PROTOINFO,
RTA_FLOW,
RTA_CACHEINFO,
RTA_SESSION,
RTA_MP_ALGO,
#endif
return msg;
nla_put_failure:
nlmsg_free(msg);
return NULL;
}
struct nl_msg *rtnl_route_build_add_request(struct rtnl_route *tmpl, int flags)
{
return build_route_msg(tmpl, RTM_NEWROUTE, NLM_F_CREATE | flags);
}
int rtnl_route_add(struct nl_handle *handle, struct rtnl_route *route,
int flags)
{
struct nl_msg *msg;
int err;
msg = rtnl_route_build_add_request(route, flags);
if (!msg)
return nl_get_errno();
err = nl_send_auto_complete(handle, msg);
nlmsg_free(msg);
if (err < 0)
return err;
return nl_wait_for_ack(handle);
}
struct nl_msg *rtnl_route_build_del_request(struct rtnl_route *tmpl, int flags)
{
return build_route_msg(tmpl, RTM_DELROUTE, flags);
}
int rtnl_route_del(struct nl_handle *handle, struct rtnl_route *route,
int flags)
{
struct nl_msg *msg;
int err;
msg = rtnl_route_build_del_request(route, flags);
if (!msg)
return nl_get_errno();
err = nl_send_auto_complete(handle, msg);
nlmsg_free(msg);
if (err < 0)
return err;
return nl_wait_for_ack(handle);
}
/** @} */
static struct nl_af_group route_groups[] = {
{ AF_INET, RTNLGRP_IPV4_ROUTE },
{ AF_INET6, RTNLGRP_IPV6_ROUTE },
{ AF_DECnet, RTNLGRP_DECnet_ROUTE },
{ END_OF_GROUP_LIST },
};
static struct nl_cache_ops rtnl_route_ops = {
.co_name = "route/route",
.co_hdrsize = sizeof(struct rtmsg),
.co_msgtypes = {
{ RTM_NEWROUTE, NL_ACT_NEW, "new" },
{ RTM_DELROUTE, NL_ACT_DEL, "del" },
{ RTM_GETROUTE, NL_ACT_GET, "get" },
END_OF_MSGTYPES_LIST,
},
.co_protocol = NETLINK_ROUTE,
.co_groups = route_groups,
.co_request_update = route_request_update,
.co_msg_parser = route_msg_parser,
.co_obj_ops = &route_obj_ops,
};
static void __init route_init(void)
{
nl_cache_mngt_register(&rtnl_route_ops);
}
static void __exit route_exit(void)
{
nl_cache_mngt_unregister(&rtnl_route_ops);
}
int main(int argc, char *argv[])
{
struct nl_handle *nlh;
struct nl_cache *link_cache, *route_cache;
struct nl_addr *dst;
struct rtnl_route *route;
struct ip_lookup_res res;
struct nl_dump_params params = {
.dp_fd = stdout,
.dp_type = NL_DUMP_FULL
};
int err = 1;
if (argc < 2 || !strcmp(argv[1], "-h"))
print_usage();
if (nltool_init(argc, argv) < 0)
goto errout;
nlh = nltool_alloc_handle();
if (!nlh)
goto errout;
route = rtnl_route_alloc();
if (!route)
goto errout_free_handle;
if (nltool_connect(nlh, NETLINK_ROUTE) < 0)
goto errout_free_route;
link_cache = nltool_alloc_link_cache(nlh);
if (!link_cache)
goto errout_close;
dst = nltool_addr_parse(argv[1]);
if (!dst)
goto errout_link_cache;
route_cache = nltool_alloc_route_cache(nlh);
if (!route_cache)
goto errout_addr_put;
{
struct nl_msg *m;
struct rtmsg rmsg = {
.rtm_family = nl_addr_get_family(dst),
.rtm_dst_len = nl_addr_get_prefixlen(dst),
};
m = nlmsg_alloc_simple(RTM_GETROUTE, 0);
nlmsg_append(m, &rmsg, sizeof(rmsg), NLMSG_ALIGNTO);
nla_put_addr(m, RTA_DST, dst);
if ((err = nl_send_auto_complete(nlh, m)) < 0) {
nlmsg_free(m);
fprintf(stderr, "%s\n", nl_geterror());
goto errout_route_cache;
}
nlmsg_free(m);
nl_socket_modify_cb(nlh, NL_CB_VALID, NL_CB_CUSTOM, cb,
route_cache);
if (nl_recvmsgs_default(nlh) < 0) {
fprintf(stderr, "%s\n", nl_geterror());
goto errout_route_cache;
}
}
rtnl_route_set_dst(route, dst);
nl_cache_dump_filter(route_cache, ¶ms, (struct nl_object *) route);
memset(&res, 0, sizeof(res));
nl_cache_foreach_filter(route_cache, (struct nl_object *) route, route_proc_cb,
&res);
printf("ip lookup result: oif idx: %d oif name %s ",
res.oif, res.oifname);
if (res.nh_addr) {
char buf[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &res.nh_addr, buf, sizeof(buf));
printf("via %s", buf);
}
printf ("\n");
err = 0;
errout_route_cache:
nl_cache_free(route_cache);
errout_addr_put:
nl_addr_put(dst);
errout_link_cache:
nl_cache_free(link_cache);
errout_close:
nl_close(nlh);
errout_free_route:
rtnl_route_put(route);
errout_free_handle:
nl_handle_destroy(nlh);
errout:
return err;
}
/**
* _route_add:
* @route: the route to add
* @family: address family, either %AF_INET or %AF_INET6
* @dest: the route destination address, either a struct in_addr or a struct
* in6_addr depending on @family
* @dest_prefix: the CIDR prefix of @dest
* @gateway: the gateway through which to reach @dest, if any; given as a
* struct in_addr or struct in6_addr depending on @family
* @flags: flags to pass to rtnl_route_add(), eg %NLM_F_REPLACE
*
* Returns: zero if succeeded or the netlink error otherwise.
**/
static int
_route_add (struct rtnl_route *route,
int family,
const void *dest, /* in_addr or in6_addr */
int dest_prefix,
const void *gateway, /* in_addr or in6_addr */
int flags)
{
struct nl_sock *sk;
struct nl_addr *dest_addr, *gw_addr;
void *tmp_addr;
int addrlen, err, log;
if (family == AF_INET) {
addrlen = sizeof (struct in_addr);
log = LOGD_IP4;
} else if (family == AF_INET6) {
addrlen = sizeof (struct in6_addr);
log = LOGD_IP6;
} else
g_assert_not_reached ();
sk = nm_netlink_get_default_handle ();
/* Build up the destination address */
if (dest) {
/* Copy to preserve const */
tmp_addr = g_malloc0 (addrlen);
memcpy (tmp_addr, dest, addrlen);
dest_addr = nl_addr_build (family, tmp_addr, addrlen);
g_free (tmp_addr);
g_return_val_if_fail (dest_addr != NULL, -NLE_INVAL);
nl_addr_set_prefixlen (dest_addr, dest_prefix);
rtnl_route_set_dst (route, dest_addr);
nl_addr_put (dest_addr);
}
/* Build up the gateway address */
if (gateway) {
tmp_addr = g_malloc0 (addrlen);
memcpy (tmp_addr, gateway, addrlen);
gw_addr = nl_addr_build (family, tmp_addr, addrlen);
g_free (tmp_addr);
if (gw_addr) {
nl_addr_set_prefixlen (gw_addr, 0);
rtnl_route_set_gateway (route, gw_addr);
rtnl_route_set_scope (route, RT_SCOPE_UNIVERSE);
nl_addr_put (gw_addr);
} else
nm_log_err (LOGD_DEVICE | log, "Invalid gateway");
}
err = rtnl_route_add (sk, route, flags);
/* LIBNL Bug: Aliased ESRCH */
if (err == -NLE_FAILURE)
err = -NLE_OBJ_NOTFOUND;
return err;
}
int main(int argc, char *argv[])
{
char *unikernel;
enum {
QEMU,
KVM,
UKVM,
UNIX
} hypervisor;
if (argc < 3) {
fprintf(stderr, "usage: runner HYPERVISOR UNIKERNEL [ ARGS... ]\n");
fprintf(stderr, "HYPERVISOR: qemu | kvm | ukvm | unix\n");
return 1;
}
if (strcmp(argv[1], "qemu") == 0)
hypervisor = QEMU;
else if (strcmp(argv[1], "kvm") == 0)
hypervisor = KVM;
else if (strcmp(argv[1], "ukvm") == 0)
hypervisor = UKVM;
else if (strcmp(argv[1], "unix") == 0)
hypervisor = UNIX;
else {
warnx("error: Invalid hypervisor: %s", argv[1]);
return 1;
}
unikernel = argv[2];
/*
* Remaining arguments are to be passed on to the unikernel.
*/
argv += 3;
argc -= 3;
/*
* Check we have CAP_NET_ADMIN.
*/
if (capng_get_caps_process() != 0) {
warnx("error: capng_get_caps_process() failed");
return 1;
}
if (!capng_have_capability(CAPNG_EFFECTIVE, CAP_NET_ADMIN)) {
warnx("error: CAP_NET_ADMIN is required");
return 1;
}
/*
* Connect to netlink, load link cache from kernel.
*/
struct nl_sock *sk;
struct nl_cache *link_cache;
int err;
sk = nl_socket_alloc();
assert(sk);
err = nl_connect(sk, NETLINK_ROUTE);
if (err < 0) {
warnx("nl_connect() failed: %s", nl_geterror(err));
return 1;
}
err = rtnl_link_alloc_cache(sk, AF_UNSPEC, &link_cache);
if (err < 0) {
warnx("rtnl_link_alloc_cache() failed: %s", nl_geterror(err));
return 1;
}
/*
* Retrieve container network configuration -- IP address and
* default gateway.
*/
struct rtnl_link *l_veth;
l_veth = rtnl_link_get_by_name(link_cache, VETH_LINK_NAME);
if (l_veth == NULL) {
warnx("error: Could not get link information for %s", VETH_LINK_NAME);
return 1;
}
struct nl_addr *veth_addr;
err = get_link_inet_addr(sk, l_veth, &veth_addr);
if (err) {
warnx("error: Unable to determine IP address of %s",
VETH_LINK_NAME);
return 1;
}
struct nl_addr *gw_addr;
err = get_default_gw_inet_addr(sk, &gw_addr);
if (err) {
warnx("error: get_deGfault_gw_inet_addr() failed");
return 1;
}
if (gw_addr == NULL) {
warnx("error: No default gateway found. This is currently "
"not supported");
return 1;
}
/*
* Create bridge and tap interface, enslave veth and tap interfaces to
* bridge.
*/
err = create_bridge_link(sk, BRIDGE_LINK_NAME);
if (err < 0) {
warnx("create_bridge_link(%s) failed: %s", BRIDGE_LINK_NAME,
nl_geterror(err));
return 1;
}
int tap_fd;
if (hypervisor == UKVM)
err = create_tap_link(TAP_LINK_NAME, &tap_fd);
else
err = create_tap_link(TAP_LINK_NAME, NULL);
if (err != 0) {
warnx("create_tap_link(%s) failed: %s", TAP_LINK_NAME, strerror(err));
return 1;
}
/* Refill link cache with newly-created interfaces */
nl_cache_refill(sk, link_cache);
struct rtnl_link *l_bridge;
l_bridge = rtnl_link_get_by_name(link_cache, BRIDGE_LINK_NAME);
if (l_bridge == NULL) {
warnx("error: Could not get link information for %s", BRIDGE_LINK_NAME);
return 1;
}
struct rtnl_link *l_tap;
l_tap = rtnl_link_get_by_name(link_cache, TAP_LINK_NAME);
if (l_tap == NULL) {
warnx("error: Could not get link information for %s", TAP_LINK_NAME);
return 1;
}
err = rtnl_link_enslave(sk, l_bridge, l_veth);
if (err < 0) {
warnx("error: Unable to enslave %s to %s: %s", VETH_LINK_NAME,
BRIDGE_LINK_NAME, nl_geterror(err));
return 1;
}
err = rtnl_link_enslave(sk, l_bridge, l_tap);
if (err < 0) {
warnx("error: Unable to enslave %s to %s: %s", TAP_LINK_NAME,
BRIDGE_LINK_NAME, nl_geterror(err));
return 1;
}
/*
* Flush all IPv4 addresses from the veth interface. This is now safe
* as we are good to commit and have retrieved the existing configuration.
*/
struct rtnl_addr *flush_addr;
flush_addr = rtnl_addr_alloc();
assert(flush_addr);
rtnl_addr_set_ifindex(flush_addr, rtnl_link_get_ifindex(l_veth));
rtnl_addr_set_family(flush_addr, AF_INET);
rtnl_addr_set_local(flush_addr, veth_addr);
err = rtnl_addr_delete(sk, flush_addr, 0);
if (err < 0) {
warnx("error: Could not flush addresses on %s: %s", VETH_LINK_NAME,
nl_geterror(err));
return 1;
}
rtnl_addr_put(flush_addr);
/*
* Bring up the tap and bridge interfaces.
*/
struct rtnl_link *l_up;
l_up = rtnl_link_alloc();
assert(l_up);
/* You'd think set_operstate was the thing to do here. It's not. */
rtnl_link_set_flags(l_up, IFF_UP);
err = rtnl_link_change(sk, l_tap, l_up, 0);
if (err < 0) {
warnx("error: rtnl_link_change(%s, UP) failed: %s", TAP_LINK_NAME,
nl_geterror(err));
return 1;
}
err = rtnl_link_change(sk, l_bridge, l_up, 0);
if (err < 0) {
warnx("error: rtnl_link_change(%s, UP) failed: %s", BRIDGE_LINK_NAME,
nl_geterror(err));
return 1;
}
rtnl_link_put(l_up);
/*
* Collect network configuration data.
*/
char ip[AF_INET_BUFSIZE];
if (inet_ntop(AF_INET, nl_addr_get_binary_addr(veth_addr), ip,
sizeof ip) == NULL) {
perror("inet_ntop()");
return 1;
}
char uarg_ip[AF_INET_BUFSIZE];
unsigned int prefixlen = nl_addr_get_prefixlen(veth_addr);
snprintf(uarg_ip, sizeof uarg_ip, "%s/%u", ip, prefixlen);
char uarg_gw[AF_INET_BUFSIZE];
if (inet_ntop(AF_INET, nl_addr_get_binary_addr(gw_addr), uarg_gw,
sizeof uarg_gw) == NULL) {
perror("inet_ntop()");
return 1;
}
/*
* Build unikernel and hypervisor arguments.
*/
ptrvec* uargpv = pvnew();
char *uarg_buf;
/*
* QEMU/KVM:
* /usr/bin/qemu-system-x86_64 <qemu args> -kernel <unikernel> -append "<unikernel args>"
*/
if (hypervisor == QEMU || hypervisor == KVM) {
pvadd(uargpv, "/usr/bin/qemu-system-x86_64");
pvadd(uargpv, "-nodefaults");
pvadd(uargpv, "-no-acpi");
pvadd(uargpv, "-display");
pvadd(uargpv, "none");
pvadd(uargpv, "-serial");
pvadd(uargpv, "stdio");
pvadd(uargpv, "-m");
pvadd(uargpv, "512");
if (hypervisor == KVM) {
pvadd(uargpv, "-enable-kvm");
pvadd(uargpv, "-cpu");
pvadd(uargpv, "host");
}
else {
/*
* Required for AESNI use in Mirage.
*/
pvadd(uargpv, "-cpu");
pvadd(uargpv, "Westmere");
}
pvadd(uargpv, "-device");
char *guest_mac = generate_mac();
assert(guest_mac);
err = asprintf(&uarg_buf, "virtio-net-pci,netdev=n0,mac=%s", guest_mac);
assert(err != -1);
pvadd(uargpv, uarg_buf);
pvadd(uargpv, "-netdev");
err = asprintf(&uarg_buf, "tap,id=n0,ifname=%s,script=no,downscript=no",
TAP_LINK_NAME);
assert(err != -1);
pvadd(uargpv, uarg_buf);
pvadd(uargpv, "-kernel");
pvadd(uargpv, unikernel);
pvadd(uargpv, "-append");
/*
* TODO: Replace any occurences of ',' with ',,' in -append, because
* QEMU arguments are insane.
*/
char cmdline[1024];
char *cmdline_p = cmdline;
size_t cmdline_free = sizeof cmdline;
for (; *argv; argc--, argv++) {
size_t alen = snprintf(cmdline_p, cmdline_free, "%s%s", *argv,
(argc > 1) ? " " : "");
if (alen >= cmdline_free) {
warnx("error: Command line too long");
return 1;
}
cmdline_free -= alen;
cmdline_p += alen;
}
size_t alen = snprintf(cmdline_p, cmdline_free,
"--ipv4=%s --ipv4-gateway=%s", uarg_ip, uarg_gw);
if (alen >= cmdline_free) {
warnx("error: Command line too long");
return 1;
}
pvadd(uargpv, cmdline);
}
/*
* UKVM:
* /unikernel/ukvm <ukvm args> <unikernel> -- <unikernel args>
*/
else if (hypervisor == UKVM) {
pvadd(uargpv, "/unikernel/ukvm");
err = asprintf(&uarg_buf, "--net=@%d", tap_fd);
assert(err != -1);
pvadd(uargpv, uarg_buf);
pvadd(uargpv, "--");
pvadd(uargpv, unikernel);
for (; *argv; argc--, argv++) {
pvadd(uargpv, *argv);
}
err = asprintf(&uarg_buf, "--ipv4=%s", uarg_ip);
assert(err != -1);
pvadd(uargpv, uarg_buf);
err = asprintf(&uarg_buf, "--ipv4-gateway=%s", uarg_gw);
assert(err != -1);
pvadd(uargpv, uarg_buf);
}
/*
* UNIX:
* <unikernel> <unikernel args>
*/
else if (hypervisor == UNIX) {
pvadd(uargpv, unikernel);
err = asprintf(&uarg_buf, "--interface=%s", TAP_LINK_NAME);
assert(err != -1);
pvadd(uargpv, uarg_buf);
for (; *argv; argc--, argv++) {
pvadd(uargpv, *argv);
}
err = asprintf(&uarg_buf, "--ipv4=%s", uarg_ip);
assert(err != -1);
pvadd(uargpv, uarg_buf);
err = asprintf(&uarg_buf, "--ipv4-gateway=%s", uarg_gw);
assert(err != -1);
pvadd(uargpv, uarg_buf);
}
char **uargv = (char **)pvfinal(uargpv);
/*
* Done with netlink, free all resources and close socket.
*/
rtnl_link_put(l_veth);
rtnl_link_put(l_bridge);
rtnl_link_put(l_tap);
nl_addr_put(veth_addr);
nl_addr_put(gw_addr);
nl_cache_free(link_cache);
nl_close(sk);
nl_socket_free(sk);
/*
* Drop all capabilities except CAP_NET_BIND_SERVICE.
*/
capng_clear(CAPNG_SELECT_BOTH);
capng_update(CAPNG_ADD,
CAPNG_EFFECTIVE | CAPNG_PERMITTED | CAPNG_INHERITABLE,
CAP_NET_BIND_SERVICE);
if (capng_apply(CAPNG_SELECT_BOTH) != 0) {
warnx("error: Could not drop capabilities");
return 1;
}
/*
* Run the unikernel.
*/
err = execv(uargv[0], uargv);
warn("error: execv() of %s failed", uargv[0]);
return 1;
}