nspawn-expose-ports.c revision b26fa1a2fbcfee7d03b0c8fd15ec3aa64ae70b9f
/***
This file is part of systemd.
Copyright 2015 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include "sd-netlink.h"
#include "alloc-util.h"
#include "fd-util.h"
#include "firewall-util.h"
#include "in-addr-util.h"
#include "local-addresses.h"
#include "netlink-util.h"
#include "nspawn-expose-ports.h"
#include "parse-util.h"
#include "socket-util.h"
#include "string-util.h"
#include "util.h"
int expose_port_parse(ExposePort **l, const char *s) {
const char *split, *e;
int protocol;
ExposePort *p;
int r;
assert(l);
assert(s);
if ((e = startswith(s, "tcp:")))
else if ((e = startswith(s, "udp:")))
else {
e = s;
}
if (split) {
char v[split - e + 1];
v[split - e] = 0;
r = safe_atou16(v, &host_port);
if (r < 0 || host_port <= 0)
return -EINVAL;
} else {
r = safe_atou16(e, &container_port);
}
if (r < 0 || container_port <= 0)
return -EINVAL;
LIST_FOREACH(ports, p, *l)
return -EEXIST;
if (!p)
return -ENOMEM;
p->container_port = container_port;
LIST_PREPEND(ports, *l, p);
return 0;
}
void expose_port_free_all(ExposePort *p) {
while (p) {
ExposePort *q = p;
LIST_REMOVE(ports, p, q);
free(q);
}
}
ExposePort *p;
if (!l)
return 0;
return 0;
log_debug("Lost IP address.");
LIST_FOREACH(ports, p, l) {
r = fw_add_local_dnat(false,
af,
p->protocol,
NULL,
NULL, 0,
NULL, 0,
p->host_port,
p->container_port,
NULL);
if (r < 0)
log_warning_errno(r, "Failed to modify firewall: %m");
}
*exposed = IN_ADDR_NULL;
return 0;
}
union in_addr_union new_exposed;
ExposePort *p;
bool add;
/* Invoked each time an address is added or removed inside the
* container */
if (!l)
return 0;
if (r < 0)
return log_error_errno(r, "Failed to enumerate local addresses: %m");
add = r > 0 &&
if (!add)
return expose_port_flush(l, exposed);
return 0;
LIST_FOREACH(ports, p, l) {
r = fw_add_local_dnat(true,
af,
p->protocol,
NULL,
NULL, 0,
NULL, 0,
p->host_port,
p->container_port,
if (r < 0)
log_warning_errno(r, "Failed to modify firewall: %m");
}
*exposed = new_exposed;
return 0;
}
int expose_port_send_rtnl(int send_fd) {
int r;
if (fd < 0)
/* Store away the fd in the socket, so that it stays open as
* long as we run the child */
if (r < 0)
return log_error_errno(r, "Failed to send netlink fd: %m");
return 0;
}
int recv_fd,
union in_addr_union *exposed,
sd_netlink **ret) {
int fd, r;
if (fd < 0)
if (r < 0) {
safe_close(fd);
return log_error_errno(r, "Failed to create rtnl object: %m");
}
if (r < 0)
return log_error_errno(r, "Failed to subscribe to RTM_NEWADDR messages: %m");
if (r < 0)
return log_error_errno(r, "Failed to subscribe to RTM_DELADDR messages: %m");
if (r < 0)
return log_error_errno(r, "Failed to add to even loop: %m");
return 0;
}