From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 14ED35A027A for ; Wed, 2 Aug 2023 05:15:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1690946145; bh=wP/DKXmP2k+U9TcX46I6dBXLvCGyud9oo2hQvN2+pU4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B+QuyzSLOIPJPaJsVu8fpkNozee9xsMpH9wQiJl0h9LvqXZdjgolDPBNGQFkHB+oN pUwamnLpjIqd8V4F5dVSx2pkum/becNEpXcBTYoUwkKNup0/OwM04Ad20AW3GwTGEf f0favN9E+L/qziELi+NJfE40fat5DVOpddKeLxng= Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4RFxv53Tzvz4yLY; Wed, 2 Aug 2023 13:15:45 +1000 (AEST) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH 1/3] util: Make ns_enter() a void function and report setns() errors Date: Wed, 2 Aug 2023 13:15:40 +1000 Message-ID: <20230802031542.2726758-2-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230802031542.2726758-1-david@gibson.dropbear.id.au> References: <20230802031542.2726758-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: 4QUZ6NVW7UZIB5RAYQTIA5GDQWXCI4FF X-Message-ID-Hash: 4QUZ6NVW7UZIB5RAYQTIA5GDQWXCI4FF X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Paul Holzinger , David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: ns_enter() returns an integer... but it's always zero. If we actually fail the function doesn't return. Therefore it makes more sense for this to be a function returning void, and we can remove the cases where we pointlessly checked its return value. In addition ns_enter() is usually called from an ephemeral thread created by NS_CALL(). That means that the exit(EXIT_FAILURE) there usually won't be reported (since NS_CALL() doesn't wait() for the thread). So, use die() instead to print out some information in the unlikely event that our setns() here does fail. Signed-off-by: David Gibson --- conf.c | 3 ++- tap.c | 4 ++-- udp.c | 6 ++---- util.c | 8 +++----- util.h | 2 +- 5 files changed, 10 insertions(+), 13 deletions(-) diff --git a/conf.c b/conf.c index 78eaf2d..a0622d2 100644 --- a/conf.c +++ b/conf.c @@ -101,9 +101,10 @@ static int get_bound_ports_ns(void *arg) struct get_bound_ports_ns_arg *a = (struct get_bound_ports_ns_arg *)arg; struct ctx *c = a->c; - if (!c->pasta_netns_fd || ns_enter(c)) + if (!c->pasta_netns_fd) return 0; + ns_enter(c); get_bound_ports(c, 1, a->proto); return 0; diff --git a/tap.c b/tap.c index a6a73d3..0f90cab 100644 --- a/tap.c +++ b/tap.c @@ -1182,9 +1182,9 @@ static int tap_ns_tun(void *arg) struct ctx *c = (struct ctx *)arg; memcpy(ifr.ifr_name, c->pasta_ifn, IFNAMSIZ); + ns_enter(c); - if (ns_enter(c) || - (tun_ns_fd = open("/dev/net/tun", flags)) < 0 || + if ((tun_ns_fd = open("/dev/net/tun", flags)) < 0 || ioctl(tun_ns_fd, TUNSETIFF, &ifr) || !(c->pasta_ifi = if_nametoindex(c->pasta_ifn))) { if (tun_ns_fd != -1) diff --git a/udp.c b/udp.c index 39c59d4..7be73f5 100644 --- a/udp.c +++ b/udp.c @@ -473,8 +473,7 @@ static int udp_splice_new_ns(void *arg) a = (struct udp_splice_new_ns_arg *)arg; - if (ns_enter(a->c)) - return 0; + ns_enter(a->c); a->s = udp_splice_new(a->c, a->v6, a->src, true); @@ -1068,8 +1067,7 @@ int udp_sock_init_ns(void *arg) struct ctx *c = (struct ctx *)arg; unsigned dst; - if (ns_enter(c)) - return 0; + ns_enter(c); for (dst = 0; dst < NUM_PORTS; dst++) { if (!bitmap_isset(c->udp.fwd_out.f.map, dst)) diff --git a/util.c b/util.c index 1d00404..2f9c27d 100644 --- a/util.c +++ b/util.c @@ -378,16 +378,14 @@ void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, * ns_enter() - Enter configured user (unless already joined) and network ns * @c: Execution context * - * Return: 0, won't return on failure + * Won't return on failure * * #syscalls:pasta setns */ -int ns_enter(const struct ctx *c) +void ns_enter(const struct ctx *c) { if (setns(c->pasta_netns_fd, CLONE_NEWNET)) - exit(EXIT_FAILURE); - - return 0; + die("setns() failed entering netns: %s", strerror(errno)); } /** diff --git a/util.h b/util.h index 26892aa..23dcad5 100644 --- a/util.h +++ b/util.h @@ -216,7 +216,7 @@ int bitmap_isset(const uint8_t *map, int bit); char *line_read(char *buf, size_t len, int fd); void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, uint8_t *map, uint8_t *exclude); -int ns_enter(const struct ctx *c); +void ns_enter(const struct ctx *c); bool ns_is_init(void); void write_pidfile(int fd, pid_t pid); int __daemon(int pidfile_fd, int devnull_fd); -- 2.41.0