This is the translation for the following description:
- lxc.seccomp.notify.proxy (commit 8a64375)
- host side veth device static routes (commit d4a7da4)
- IPVLAN (commit c9f5238)
- Layer 2 proxy mode (commit 6509154)
- gateway device route mode (commit a2f9a67)
and fix typo in English man page.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
This is consistent with veth and ipvlan types.
Also makes the debug message for success occur after up script has run.
Also makes device clean up on error more thorough and consistent.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
The returns_twice attribute tells the compiler that a function may return more
than one time. The compiler will ensure that all registers are dead before
calling such a function and will emit a warning about the variables that may be
clobbered after the second return from the function. Examples of such functions
are setjmp and vfork. The longjmp-like counterpart of such function, if any,
might need to be marked with the noreturn attribute.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Adds ability to specify "dev" as the gateway value, which will cause a device route to be set as default gateway.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
There's an inherent race when reading a process's memory. The easiest way is to
have liblxc get an fd and check that the race was one, send it to the caller
(They are free to ignore it if they don't use recvmsg()).
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Adds the lxc.net.[i].l2proxy flag that can be either 0 or 1.
Defaults to 0.
This, when used with lxc.net.[i].link, will add IP neighbour proxy entries on the linked device
for any IPv4 and IPv6 addresses on the container's network device.
Additionally, for IPv6 addresses it will check the following sysctl values and fail with an error if not set:
net.ipv6.conf.[link].proxy_ndp=1
net.ipv6.conf.[link].forwarding=1
Signed-off-by: tomponline <thomas.parrott@canonical.com>
since apparently there are insane programming languages out there that just
silently remove packed members in structs.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The following functions can be made static for consistency:
lxc_ipv4_dest_add
lxc_ipv6_dest_add
lxc_ip_route_dest_add (renamed)
Signed-off-by: tomponline <thomas.parrott@canonical.com>
Simplify and cleanup some of the seccomp code. This mainly focuses on removing
the open coding of various seccomp settings all over the code place in favor of
centralized helpers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
