yanguangshaonian
/
rocker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

网络设备防止同名设备出现

Browse Source
main
阳光少年 1 year ago
parent fc78c57942
commit 8db6ac26b9
2 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File

13
src/main.rs
Unescape Escape View File

@ -7,6 +7,7 @@ use sync::OnceLock;
use nix::sched::{clone, CloneCb, CloneFlags, setns}; use nix::sched::{clone, CloneCb, CloneFlags, setns};
use nix::sys::wait::{waitpid, WaitPidFlag}; use nix::sys::wait::{waitpid, WaitPidFlag};
use nix::sys::signal::sigaction;
use nix::unistd::{dup2, pivot_root, setgid, setgroups, sethostname, setuid, Gid, Pid, Uid, User}; use nix::unistd::{dup2, pivot_root, setgid, setgroups, sethostname, setuid, Gid, Pid, Uid, User};
use nix::mount::{mount, MntFlags, MsFlags, umount2}; use nix::mount::{mount, MntFlags, MsFlags, umount2};
use uuid; use uuid;
@ -26,7 +27,8 @@ static USER_NAME: &str = "rocker";
static INFO_FILE: &str = "info.toml"; static INFO_FILE: &str = "info.toml";
static mut STACK: [u8; 1024*1024*1] = [0; 1024*1024*1]; static mut STACK: [u8; 1024*1024*1] = [0; 1024*1024*1];
// 在/usr/src目录执行 "find . -name "*.h" -exec grep -H "CLONE_NEWTIME" {} \;" 查找时间的namespac的值 // 在/usr/src目录执行 "find . -name "*.h" -exec grep -H "CLONE_NEWTIME" {} \;" 查找时间的namespac的值
static CLONE_FLAG: i32 = 0b1101100000000100000000000000000 | 0x00000080; // CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET; static CLONE_NEWTIME: i32 = 0x00000080;
static CLONE_FLAG: i32 = 0b1101100000000100000000000000000 | CLONE_NEWTIME; // CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | CLONE_NEWTIME;
static START_T: OnceLock<time::Instant> = OnceLock::new(); static START_T: OnceLock<time::Instant> = OnceLock::new();
static LOGO: &str = r#" static LOGO: &str = r#"
@ -344,10 +346,10 @@ fn check_container_is_running(pid: &Pid, main_exe: &Path) -> Result<bool> {
fn init_exec_ns(pid: i32) -> Result<()>{ fn init_exec_ns(pid: i32) -> Result<()>{
// 把当前进程加入到指定pid的namespace // 把当前进程加入到指定pid的namespace
for ns_name in vec!["ipc", "uts", "net", "pid", "mnt", "time"] { for (ns_name, clone_flag) in [("ipc", CloneFlags::CLONE_NEWIPC), ("uts", CloneFlags::CLONE_NEWUTS), ("net", CloneFlags::CLONE_NEWNET), ("pid", CloneFlags::CLONE_NEWPID), ("mnt", CloneFlags::CLONE_NEWNS), ("time", CloneFlags::from_bits_retain(CLONE_NEWTIME))] {
let ns_path = format!("/proc/{pid}/ns/{ns_name}"); let ns_path = format!("/proc/{pid}/ns/{ns_name}");
if let Ok(ns_fild) = fs::File::open(ns_path) { if let Ok(ns_fild) = fs::File::open(ns_path) {
setns(ns_fild.as_fd(), CloneFlags::from_bits_retain(0))? setns(ns_fild.as_fd(), clone_flag)?
} }
} }
Ok(()) Ok(())
@ -440,11 +442,9 @@ fn run_container(container_info: &ContainerInfo, is_exec_cmd: Option<&String>) -
let _cb = || { let _cb = || {
init_exec_ns(container_info.procs[0]).unwrap(); init_exec_ns(container_info.procs[0]).unwrap();
clear_env(); clear_env();
let env_vec = get_env_vec(&Default::default()).unwrap();
if container_info.root == false { if container_info.root == false {
init_container_user(rocker_uid, rocker_gid).unwrap(); init_container_user(rocker_uid, rocker_gid).unwrap();
} }
init_container_env(&env_vec).unwrap(); init_container_env(&env_vec).unwrap();
create_pause(container_root_pause_path).unwrap(); create_pause(container_root_pause_path).unwrap();
while container_merged_pause_path.exists() { while container_merged_pause_path.exists() {
@ -685,6 +685,9 @@ fn stop_container(containers_id: &str, is_remove: bool) -> Result<()> {
Ok(()) Ok(())
} }
extern "C" fn signal_handler(i: i32) {
println!("收到信号,准备退出... {}", i);
}
fn main() -> Result<()>{ fn main() -> Result<()>{
println!("{LOGO}"); println!("{LOGO}");

15
src/network.rs
Unescape Escape View File

@ -165,21 +165,28 @@ pub fn remove_network(uuid_name: &str) {
pub fn create_network(uuid_name: &str, pid: i32) -> bool { pub fn create_network(uuid_name: &str, pid: i32) -> bool {
let pid = pid.to_string(); let pid = pid.to_string();
let bridge_name = format!("ro_{uuid_name}_1");
let master_veth_name = format!("ro_{uuid_name}_2");
let slave_veth_name = format!("ro_{uuid_name}_3");
// 创建一个随机地址段的 没分配过的ip // 创建一个随机地址段的 没分配过的ip
let mut all_network = take_all_network(); let mut all_network = take_all_network();
if all_network.iter().any(|n|n.bridge_name == bridge_name) {
println!("{uuid_name} 已经存在一个网卡, 无法再次创建");
return false;
}
let mut rg = rand::thread_rng(); let mut rg = rand::thread_rng();
let network = loop { let network = loop {
// 生成一个随机桥ip // 生成一个随机桥ip
let base_addr = format!("10.{}.{}", rg.gen_range(0..255), rg.gen_range(0..255)); let base_addr = format!("10.{}.{}", rg.gen_range(1..255), rg.gen_range(1..255));
let gateway_addr = format!("{base_addr}.0"); let gateway_addr = format!("{base_addr}.0");
let bridge_addr = format!("{base_addr}.1"); let bridge_addr = format!("{base_addr}.1");
let slave_addr = format!("{base_addr}.3"); let slave_addr = format!("{base_addr}.3");
if all_network.iter().any(|n|n.bridge_addr == bridge_addr) == false { if all_network.iter().any(|n|n.bridge_addr == bridge_addr) == false {
let bridge_name = format!("ro_{uuid_name}_1");
let master_veth_name = format!("ro_{uuid_name}_2");
let slave_veth_name = format!("ro_{uuid_name}_3");
let net_work = NetWrok { let net_work = NetWrok {
gateway_addr, gateway_addr,
bridge_addr, bridge_addr,

Write Preview
Loading…
Cancel
Save