From a194a90ae4ed4114ac9acee4e14fbf9adf2a4163 Mon Sep 17 00:00:00 2001
From: Jagger <robert@swiecki.net>
Date: Mon, 29 Feb 2016 22:12:01 +0100
Subject: [PATCH] Use NL3 for macvlan if present

---
 Makefile |  5 +++++
 net.c    | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 3611b3d..eacd943 100644
--- a/Makefile
+++ b/Makefile
@@ -29,6 +29,11 @@ SRCS = nsjail.c cmdline.c contain.c log.c net.c subproc.c sandbox.c util.c secco
 OBJS = $(SRCS:.c=.o)
 BIN = nsjail
 
+ifeq ("$(wildcard /usr/include/libnl3/netlink/route/link/macvlan.h)","/usr/include/libnl3/netlink/route/link/macvlan.h")
+	CFLAGS += -DNSJAIL_NL3_WITH_MACVLAN -I/usr/include/libnl3
+	LDFLAGS += -lnl-3 -lnl-route-3
+endif
+
 .c.o: %.c
 	$(CC) $(CFLAGS) $< -o $@
 
diff --git a/net.c b/net.c
index 0c52c84..d1f75d9 100644
--- a/net.c
+++ b/net.c
@@ -42,6 +42,61 @@
 
 #include "log.h"
 
+#define IFACE_NAME "vs"
+
+#if defined(NSJAIL_NL3_WITH_MACVLAN)
+#include <netlink/route/link.h>
+#include <netlink/route/link/macvlan.h>
+bool netCloneMacVtapAndNS(struct nsjconf_t *nsjconf, int pid)
+{
+	struct nl_sock *sk;
+	struct nl_cache *link_cache;
+	int err, master_index;
+	bool ret = false;
+
+	sk = nl_socket_alloc();
+	if ((err = nl_connect(sk, NETLINK_ROUTE)) < 0) {
+		LOG_E("Unable to connect socket: %s", nl_geterror(err));
+		goto out_sock;
+	}
+
+	struct rtnl_link *rmv = rtnl_link_macvlan_alloc();
+
+	if (rmv == NULL) {
+		LOG_E("rtnl_link_macvlan_alloc(): %s", nl_geterror(err));
+		goto out_sock;
+	}
+
+	if ((err = rtnl_link_alloc_cache(sk, AF_UNSPEC, &link_cache)) < 0) {
+		LOG_E("rtnl_link_alloc_cache(): %s", nl_geterror(err));
+		goto out_link;
+	}
+
+	if (!(master_index = rtnl_link_name2i(link_cache, nsjconf->iface))) {
+		LOG_E("rtnl_link_name2i(): %s", nl_geterror(master_index));
+		goto out_cache;
+	}
+
+	rtnl_link_set_name(rmv, IFACE_NAME);
+	rtnl_link_set_link(rmv, master_index);
+	rtnl_link_set_type(rmv, "bridge");
+	rtnl_link_set_ns_pid(rmv, pid);
+
+	if ((err = rtnl_link_add(sk, rmv, NLM_F_CREATE)) < 0) {
+		LOG_E("rtnl_link_add(): %s", nl_geterror(err));
+		goto out_cache;
+	}
+
+	ret = true;
+ out_cache:
+	nl_cache_free(link_cache);
+ out_link:
+	rtnl_link_put(rmv);
+ out_sock:
+	nl_socket_free(sk);
+	return ret;
+}
+#else				// defined(NSJAIL_NL3_WITH_MACVLAN)
 static bool netSystemSbinIp(struct nsjconf_t *nsjconf, char *const *argv)
 {
 	if (nsjconf->clone_newnet == false) {
@@ -86,7 +141,6 @@ static bool netSystemSbinIp(struct nsjconf_t *nsjconf, char *const *argv)
 	}
 }
 
-#define IFACE_NAME "vs"
 bool netCloneMacVtapAndNS(struct nsjconf_t *nsjconf, int pid)
 {
 	if (nsjconf->iface == NULL) {
@@ -107,6 +161,7 @@ bool netCloneMacVtapAndNS(struct nsjconf_t *nsjconf, int pid)
 
 	return true;
 }
+#endif				// defined(NSJAIL_NL3_WITH_MACVLAN)
 
 static bool netIsSocket(int fd)
 {
@@ -264,6 +319,7 @@ bool netIfaceUp(const char *ifacename)
 	}
 
 	struct ifreq ifr;
+	memset(&ifr, '\0', sizeof(ifr));
 	snprintf(ifr.ifr_name, IF_NAMESIZE, "%s", ifacename);
 
 	if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {
@@ -287,6 +343,7 @@ bool netIfaceUp(const char *ifacename)
 bool netConfigureVs(struct nsjconf_t * nsjconf)
 {
 	struct ifreq ifr;
+	memset(&ifr, '\0', sizeof(ifr));
 	snprintf(ifr.ifr_name, IF_NAMESIZE, "%s", IFACE_NAME);
 	struct in_addr addr;