ns_enter() returns an integer... but it's always zero. If we actually fail the function doesn't return. Therefore it makes more sense for this to be a function returning void, and we can remove the cases where we pointlessly checked its return value. In addition ns_enter() is usually called from an ephemeral thread created by NS_CALL(). That means that the exit(EXIT_FAILURE) there usually won't be reported (since NS_CALL() doesn't wait() for the thread). So, use die() instead to print out some information in the unlikely event that our setns() here does fail. Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au> --- conf.c | 3 ++- tap.c | 4 ++-- udp.c | 6 ++---- util.c | 8 +++----- util.h | 2 +- 5 files changed, 10 insertions(+), 13 deletions(-) diff --git a/conf.c b/conf.c index 78eaf2d..a0622d2 100644 --- a/conf.c +++ b/conf.c @@ -101,9 +101,10 @@ static int get_bound_ports_ns(void *arg) struct get_bound_ports_ns_arg *a = (struct get_bound_ports_ns_arg *)arg; struct ctx *c = a->c; - if (!c->pasta_netns_fd || ns_enter(c)) + if (!c->pasta_netns_fd) return 0; + ns_enter(c); get_bound_ports(c, 1, a->proto); return 0; diff --git a/tap.c b/tap.c index a6a73d3..0f90cab 100644 --- a/tap.c +++ b/tap.c @@ -1182,9 +1182,9 @@ static int tap_ns_tun(void *arg) struct ctx *c = (struct ctx *)arg; memcpy(ifr.ifr_name, c->pasta_ifn, IFNAMSIZ); + ns_enter(c); - if (ns_enter(c) || - (tun_ns_fd = open("/dev/net/tun", flags)) < 0 || + if ((tun_ns_fd = open("/dev/net/tun", flags)) < 0 || ioctl(tun_ns_fd, TUNSETIFF, &ifr) || !(c->pasta_ifi = if_nametoindex(c->pasta_ifn))) { if (tun_ns_fd != -1) diff --git a/udp.c b/udp.c index 39c59d4..7be73f5 100644 --- a/udp.c +++ b/udp.c @@ -473,8 +473,7 @@ static int udp_splice_new_ns(void *arg) a = (struct udp_splice_new_ns_arg *)arg; - if (ns_enter(a->c)) - return 0; + ns_enter(a->c); a->s = udp_splice_new(a->c, a->v6, a->src, true); @@ -1068,8 +1067,7 @@ int udp_sock_init_ns(void *arg) struct ctx *c = (struct ctx *)arg; unsigned dst; - if (ns_enter(c)) - return 0; + ns_enter(c); for (dst = 0; dst < NUM_PORTS; dst++) { if (!bitmap_isset(c->udp.fwd_out.f.map, dst)) diff --git a/util.c b/util.c index 1d00404..2f9c27d 100644 --- a/util.c +++ b/util.c @@ -378,16 +378,14 @@ void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, * ns_enter() - Enter configured user (unless already joined) and network ns * @c: Execution context * - * Return: 0, won't return on failure + * Won't return on failure * * #syscalls:pasta setns */ -int ns_enter(const struct ctx *c) +void ns_enter(const struct ctx *c) { if (setns(c->pasta_netns_fd, CLONE_NEWNET)) - exit(EXIT_FAILURE); - - return 0; + die("setns() failed entering netns: %s", strerror(errno)); } /** diff --git a/util.h b/util.h index 26892aa..23dcad5 100644 --- a/util.h +++ b/util.h @@ -216,7 +216,7 @@ int bitmap_isset(const uint8_t *map, int bit); char *line_read(char *buf, size_t len, int fd); void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, uint8_t *map, uint8_t *exclude); -int ns_enter(const struct ctx *c); +void ns_enter(const struct ctx *c); bool ns_is_init(void); void write_pidfile(int fd, pid_t pid); int __daemon(int pidfile_fd, int devnull_fd); -- 2.41.0