From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top
Subject: [PATCH 7/8] Use explicit --netns option rather than multiplexing with PID
Date: Fri, 26 Aug 2022 14:58:38 +1000 [thread overview]
Message-ID: <20220826045839.1112152-8-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20220826045839.1112152-1-david@gibson.dropbear.id.au>
[-- Attachment #1: Type: text/plain, Size: 6896 bytes --]
When attaching to an existing namespace, pasta can take a PID or the name
or path of a network namespace as a non-option parameter. We disambiguate
based on what the parameter looks like. Make this more explicit by using
a --netns option for explicitly giving the path or name, and treating a
non-option argument always as a PID.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
conf.c | 85 ++++++++++++++++++++++++++++++++++++++++-----------------
passt.1 | 16 +++++++++--
2 files changed, 73 insertions(+), 28 deletions(-)
diff --git a/conf.c b/conf.c
index 10b7b9f..2a18124 100644
--- a/conf.c
+++ b/conf.c
@@ -490,19 +490,51 @@ out:
}
/**
- * conf_ns_opt() - Parse non-option argument to namespace paths
+ * conf_netns() - Parse --netns option
+ * @netns: buffer of size PATH_MAX, updated with netns path
+ * @arg: --netns argument
+ *
+ * Return: 0 on success, negative error code otherwise
+ */
+static int conf_netns(char *netns, const char *arg)
+{
+ int ret;
+
+ if (!strchr(arg, '/')) {
+ /* looks like a netns name */
+ ret = snprintf(netns, PATH_MAX, "%s/%s", NETNS_RUN_DIR, arg);
+ } else {
+ /* otherwise assume it's a netns path */
+ ret = snprintf(netns, PATH_MAX, "%s", arg);
+ }
+
+ if (ret <= 0 || ret > PATH_MAX) {
+ err("Network namespace name/path %s too long");
+ return -E2BIG;
+ }
+
+ return 0;
+}
+
+/**
+ * conf_ns_pid() - Parse non-option argument as a PID
* @userns: buffer of size PATH_MAX, initially contains --userns
* argument (may be empty), updated with userns path
- * @netns: buffer of size PATH_MAX, updated with netns path
- * @arg: PID, path or name of network namespace
+ * @netns: buffer of size PATH_MAX, initial contains --netns
+ * argument (may be empty), updated with netns path
+ * @arg: PID of network namespace
*
* Return: 0 on success, negative error code otherwise
*/
-static int conf_ns_opt(char *userns, char *netns, const char *arg)
+static int conf_ns_pid(char *userns, char *netns, const char *arg)
{
char *endptr;
long pidval;
- int ret;
+
+ if (*netns) {
+ err("Both --netns and PID given");
+ return -EINVAL;
+ }
pidval = strtol(arg, &endptr, 10);
if (!*endptr) {
@@ -518,20 +550,7 @@ static int conf_ns_opt(char *userns, char *netns, const char *arg)
return 0;
}
- if (!strchr(arg, '/')) {
- /* looks like a netns name */
- ret = snprintf(netns, PATH_MAX, "%s/%s", NETNS_RUN_DIR, arg);
- } else {
- /* otherwise assume it's a netns path */
- ret = snprintf(netns, PATH_MAX, "%s", arg);
- }
-
- if (ret <= 0 || ret > PATH_MAX) {
- err("Network namespace name/path %s too long");
- return -E2BIG;
- }
-
- return 0;
+ return -EINVAL;
}
/**
@@ -708,10 +727,13 @@ static unsigned int conf_ip6(unsigned int ifi,
static void usage(const char *name)
{
if (strstr(name, "pasta")) {
- info("Usage: %s [OPTION]... [PID|PATH|NAME]", name);
+ info("Usage: %s [OPTION]... [COMMAND] [ARGS]...", name);
+ info(" %s [OPTION]... PID", name);
+ info(" %s [OPTION]... --netns [PATH|NAME]", name);
info("");
- info("Without PID|PATH|NAME, run the default shell in a new");
- info("network and user namespace, and connect it via pasta.");
+ info("Without PID or --netns, run the given command or a");
+ info("default shell in a new network and user namespace, and");
+ info("connect it via pasta.");
} else {
info("Usage: %s [OPTION]...", name);
}
@@ -858,6 +880,7 @@ pasta_opts:
info( " SPEC is as described above");
info( " default: auto");
info( " --userns NSPATH Target user namespace to join");
+ info( " --netns PATH|NAME Target network namespace to join");
info( " --netns-only Don't join existing user namespace");
info( " implied if PATH or NAME are given without --userns");
info( " --config-net Configure tap interface in namespace");
@@ -1038,6 +1061,7 @@ void conf(struct ctx *c, int argc, char **argv)
{"tcp-ns", required_argument, NULL, 'T' },
{"udp-ns", required_argument, NULL, 'U' },
{"userns", required_argument, NULL, 2 },
+ {"netns", required_argument, NULL, 3 },
{"netns-only", no_argument, &c->netns_only, 1 },
{"config-net", no_argument, &c->pasta_conf_ns, 1 },
{"ns-mac-addr", required_argument, NULL, 4 },
@@ -1091,6 +1115,16 @@ void conf(struct ctx *c, int argc, char **argv)
usage(argv[0]);
}
break;
+ case 3:
+ if (c->mode != MODE_PASTA) {
+ err("--netns is for pasta mode only");
+ usage(argv[0]);
+ }
+
+ ret = conf_netns(netns, optarg);
+ if (ret < 0)
+ usage(argv[0]);
+ break;
case 4:
if (c->mode != MODE_PASTA) {
err("--ns-mac-addr is for pasta mode only");
@@ -1447,11 +1481,12 @@ void conf(struct ctx *c, int argc, char **argv)
check_root(c);
if (c->mode == MODE_PASTA && optind + 1 == argc) {
- ret = conf_ns_opt(userns, netns, argv[optind]);
+ ret = conf_ns_pid(userns, netns, argv[optind]);
if (ret < 0)
usage(argv[0]);
- } else if (c->mode == MODE_PASTA && *userns && optind == argc) {
- err("--userns requires PID, PATH or NAME");
+ } else if (c->mode == MODE_PASTA && *userns
+ && !*netns && optind == argc) {
+ err("--userns requires --netns or PID");
usage(argv[0]);
} else if (optind != argc) {
usage(argv[0]);
diff --git a/passt.1 b/passt.1
index bbdadc1..4a09ced 100644
--- a/passt.1
+++ b/passt.1
@@ -15,7 +15,10 @@
[\fIOPTION\fR]...
.br
.B pasta
-[\fIOPTION\fR]... [\fIPID\fR|\fIPATH\fR|\fINAME\fR]
+[\fIOPTION\fR]... [\fIPID\fR]
+.br
+.B pasta
+[\fIOPTION\fR]... \fB--netns\fR [\fIPATH\fR|\fINAME\fR]
.SH DESCRIPTION
@@ -59,7 +62,7 @@ or with the \fBqrap\fR(1) wrapper.
equivalent functionality to network namespaces, as the one offered by
\fBpasst\fR for virtual machines.
-If PID, PATH or NAME are given, \fBpasta\fR associates to an existing user and
+If PID or --netns are given, \fBpasta\fR associates to an existing user and
network namespace. Otherwise, \fBpasta\fR creates a new user and network
namespace, and spawns an interactive shell within this context. A \fItap\fR
device within the network namespace is created to provide network connectivity.
@@ -445,7 +448,14 @@ Default is \fBauto\fR.
Target user namespace to join, as a path. If PID is given, without this option,
the user namespace will be the one of the corresponding process.
-This option requires PID, PATH or NAME to be specified.
+This option requires --netns or a PID to be specified.
+
+.TP
+.BR \-\-netns " " \fIspec
+Target network namespace to join, as a path or a name. A name is treated as
+with \fBip-netns(8)\fR as a equivalent to a path in \fI/run/netns\fR.
+
+This option can't be specified with a PID.
.TP
.BR \-\-netns-only
--
@@ -15,7 +15,10 @@
[\fIOPTION\fR]...
.br
.B pasta
-[\fIOPTION\fR]... [\fIPID\fR|\fIPATH\fR|\fINAME\fR]
+[\fIOPTION\fR]... [\fIPID\fR]
+.br
+.B pasta
+[\fIOPTION\fR]... \fB--netns\fR [\fIPATH\fR|\fINAME\fR]
.SH DESCRIPTION
@@ -59,7 +62,7 @@ or with the \fBqrap\fR(1) wrapper.
equivalent functionality to network namespaces, as the one offered by
\fBpasst\fR for virtual machines.
-If PID, PATH or NAME are given, \fBpasta\fR associates to an existing user and
+If PID or --netns are given, \fBpasta\fR associates to an existing user and
network namespace. Otherwise, \fBpasta\fR creates a new user and network
namespace, and spawns an interactive shell within this context. A \fItap\fR
device within the network namespace is created to provide network connectivity.
@@ -445,7 +448,14 @@ Default is \fBauto\fR.
Target user namespace to join, as a path. If PID is given, without this option,
the user namespace will be the one of the corresponding process.
-This option requires PID, PATH or NAME to be specified.
+This option requires --netns or a PID to be specified.
+
+.TP
+.BR \-\-netns " " \fIspec
+Target network namespace to join, as a path or a name. A name is treated as
+with \fBip-netns(8)\fR as a equivalent to a path in \fI/run/netns\fR.
+
+This option can't be specified with a PID.
.TP
.BR \-\-netns-only
--
2.37.2
next prev parent reply other threads:[~2022-08-26 4:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-26 4:58 [PATCH 0/8] Allow pasta to take a command to spawn instead of shell David Gibson
2022-08-26 4:58 ` [PATCH 1/8] conf: Make the argument to --pcap option mandatory David Gibson
2022-08-26 4:58 ` [PATCH 2/8] conf: Use "-D none" and "-S none" instead of missing empty option arguments David Gibson
2022-08-30 17:41 ` Stefano Brivio
2022-08-26 4:58 ` [PATCH 3/8] Correct manpage for --userns David Gibson
2022-08-26 4:58 ` [PATCH 4/8] Remove --nsrun-dir option David Gibson
2022-08-26 4:58 ` [PATCH 5/8] Move ENOENT error message into conf_ns_opt() David Gibson
2022-08-26 4:58 ` [PATCH 6/8] More deterministic detection of whether argument is a PID, PATH or NAME David Gibson
2022-08-26 4:58 ` David Gibson [this message]
2022-08-29 19:16 ` [PATCH 7/8] Use explicit --netns option rather than multiplexing with PID Stefano Brivio
2022-08-30 1:12 ` David Gibson
2022-08-30 8:25 ` Stefano Brivio
2022-08-26 4:58 ` [PATCH 8/8] Allow pasta to take a command to execute David Gibson
2022-08-29 19:16 ` Stefano Brivio
2022-08-30 1:16 ` David Gibson
2022-08-30 8:26 ` Stefano Brivio
2022-08-30 17:41 ` Stefano Brivio
2022-09-01 10:07 ` [PATCH 0/8] Allow pasta to take a command to spawn instead of shell Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220826045839.1112152-8-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).