7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering This file is part of systemd.
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering Copyright 2015 Lennart Poettering
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering systemd is free software; you can redistribute it and/or modify it
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering under the terms of the GNU Lesser General Public License as published by
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering the Free Software Foundation; either version 2.1 of the License, or
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering (at your option) any later version.
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering systemd is distributed in the hope that it will be useful, but
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering Lesser General Public License for more details.
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering You should have received a copy of the GNU Lesser General Public License
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poetteringint expose_port_parse(ExposePort **l, const char *s) {
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering if (r < 0 || host_port <= 0)
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering r = safe_atou16(split + 1, &container_port);
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering if (r < 0 || container_port <= 0)
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering if (p->protocol == protocol && p->host_port == host_port)
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poetteringvoid expose_port_free_all(ExposePort *p) {
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poetteringint expose_port_flush(ExposePort* l, union in_addr_union *exposed) {
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering log_warning_errno(r, "Failed to modify firewall: %m");
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poetteringint expose_port_execute(sd_netlink *rtnl, ExposePort *l, union in_addr_union *exposed) {
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering _cleanup_free_ struct local_address *addresses = NULL;
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering /* Invoked each time an address is added or removed inside the
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering * container */
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering r = local_addresses(rtnl, 0, af, &addresses);
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering return log_error_errno(r, "Failed to enumerate local addresses: %m");
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering if (in_addr_equal(af, exposed, &new_exposed))
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering in_addr_to_string(af, &new_exposed, &pretty);
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering log_debug("New container IP is %s.", strna(pretty));
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering in_addr_is_null(af, exposed) ? NULL : exposed);
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering log_warning_errno(r, "Failed to modify firewall: %m");
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering fd = socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_ROUTE);
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering return log_error_errno(errno, "Failed to allocate container netlink: %m");
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering /* Store away the fd in the socket, so that it stays open as
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering * long as we run the child */
d960371482d75711e61896f27ea0d3740ea69fe0David Herrmann return log_error_errno(r, "Failed to send netlink fd: %m");
4afd3348c7506dd1d36305b7bcb9feb8952b9d6bLennart Poettering _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
d960371482d75711e61896f27ea0d3740ea69fe0David Herrmann return log_error_errno(fd, "Failed to recv netlink fd: %m");
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering return log_error_errno(r, "Failed to create rtnl object: %m");
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering r = sd_netlink_add_match(rtnl, RTM_NEWADDR, handler, exposed);
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering return log_error_errno(r, "Failed to subscribe to RTM_NEWADDR messages: %m");
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering r = sd_netlink_add_match(rtnl, RTM_DELADDR, handler, exposed);
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering return log_error_errno(r, "Failed to subscribe to RTM_DELADDR messages: %m");
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering r = sd_netlink_attach_event(rtnl, event, 0);
7a8f63251df2202e59a76e537a688fe7500cb1adLennart Poettering return log_error_errno(r, "Failed to add to even loop: %m");