[systemd-commits] src/nspawn
Lennart Poettering
lennart at kemper.freedesktop.org
Mon Aug 4 10:15:42 PDT 2014
src/nspawn/nspawn.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
New commits:
commit 4f758c23981342f1fb838f4b2630812eb89a3faa
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Aug 4 19:15:07 2014 +0200
nspawn: make sure that when --network-veth is used both the host and the container side get fixed MAC addresses
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index ae09f93..d01da45 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1606,9 +1606,10 @@ static int reset_audit_loginuid(void) {
return 0;
}
-#define HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
+#define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1)
+#define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
-static int get_mac(struct ether_addr *mac) {
+static int generate_mac(struct ether_addr *mac, sd_id128_t hash_key) {
int r;
uint8_t result[8];
@@ -1630,7 +1631,7 @@ static int get_mac(struct ether_addr *mac) {
/* Let's hash the host machine ID plus the container name. We
* use a fixed, but originally randomly created hash key here. */
- siphash24(result, v, sz, HASH_KEY.bytes);
+ siphash24(result, v, sz, hash_key.bytes);
assert_cc(ETH_ALEN <= sizeof(result));
memcpy(mac->ether_addr_octet, result, ETH_ALEN);
@@ -1645,7 +1646,7 @@ static int get_mac(struct ether_addr *mac) {
static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) {
_cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
_cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL;
- struct ether_addr mac;
+ struct ether_addr mac_host, mac_container;
int r, i;
if (!arg_private_network)
@@ -1659,9 +1660,15 @@ static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) {
snprintf(iface_name, IFNAMSIZ, "%s-%s",
arg_network_bridge ? "vb" : "ve", arg_machine);
- r = get_mac(&mac);
+ r = generate_mac(&mac_container, CONTAINER_HASH_KEY);
if (r < 0) {
- log_error("Failed to generate predictable MAC address for host0");
+ log_error("Failed to generate predictable MAC address for container side");
+ return r;
+ }
+
+ r = generate_mac(&mac_host, HOST_HASH_KEY);
+ if (r < 0) {
+ log_error("Failed to generate predictable MAC address for host side");
return r;
}
@@ -1683,6 +1690,12 @@ static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) {
return r;
}
+ r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac_host);
+ if (r < 0) {
+ log_error("Failed to add netlink MAC address: %s", strerror(-r));
+ return r;
+ }
+
r = sd_rtnl_message_open_container(m, IFLA_LINKINFO);
if (r < 0) {
log_error("Failed to open netlink container: %s", strerror(-r));
@@ -1707,7 +1720,7 @@ static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) {
return r;
}
- r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
+ r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac_container);
if (r < 0) {
log_error("Failed to add netlink MAC address: %s", strerror(-r));
return r;
More information about the systemd-commits
mailing list