+static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ]) {
+ _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
+ _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL;
+ int r;
+
+ if (!arg_private_network)
+ return 0;
+
+ if (!arg_network_veth)
+ return 0;
+
+ /* Use two different interface name prefixes depending whether
+ * we are in bridge mode or not. */
+ if (arg_network_bridge)
+ memcpy(iface_name, "vb-", 3);
+ else
+ memcpy(iface_name, "ve-", 3);
+
+ strncpy(iface_name+3, arg_machine, IFNAMSIZ - 3);
+
+ r = sd_rtnl_open(&rtnl, 0);
+ if (r < 0) {
+ log_error("Failed to connect to netlink: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
+ if (r < 0) {
+ log_error("Failed to allocate netlink message: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_append_string(m, IFLA_IFNAME, iface_name);
+ if (r < 0) {
+ log_error("Failed to add netlink interface name: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_open_container(m, IFLA_LINKINFO);
+ if (r < 0) {
+ log_error("Failed to open netlink container: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_append_string(m, IFLA_INFO_KIND, "veth");
+ if (r < 0) {
+ log_error("Failed to append netlink kind: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_open_container(m, IFLA_INFO_DATA);
+ if (r < 0) {
+ log_error("Failed to open netlink container: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_open_container(m, VETH_INFO_PEER);
+ if (r < 0) {
+ log_error("Failed to open netlink container: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_append_string(m, IFLA_IFNAME, "host0");
+ if (r < 0) {
+ log_error("Failed to add netlink interface name: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_append_u32(m, IFLA_NET_NS_PID, pid);
+ if (r < 0) {
+ log_error("Failed to add netlink namespace field: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_close_container(m);
+ if (r < 0) {
+ log_error("Failed to close netlink container: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_close_container(m);
+ if (r < 0) {
+ log_error("Failed to close netlink container: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_close_container(m);
+ if (r < 0) {
+ log_error("Failed to close netlink container: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_call(rtnl, m, 0, NULL);
+ if (r < 0) {
+ log_error("Failed to add new veth interfaces: %s", strerror(-r));
+ return r;
+ }
+
+ return 0;
+}
+
+static int setup_bridge(const char veth_name[]) {
+ _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
+ _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL;
+ int r, bridge;
+
+ if (!arg_private_network)
+ return 0;
+
+ if (!arg_network_veth)
+ return 0;
+
+ if (!arg_network_bridge)
+ return 0;
+
+ bridge = (int) if_nametoindex(arg_network_bridge);
+ if (bridge <= 0) {
+ log_error("Failed to resolve interface %s: %m", arg_network_bridge);
+ return -errno;
+ }
+
+ r = sd_rtnl_open(&rtnl, 0);
+ if (r < 0) {
+ log_error("Failed to connect to netlink: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
+ if (r < 0) {
+ log_error("Failed to allocate netlink message: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_append_string(m, IFLA_IFNAME, veth_name);
+ if (r < 0) {
+ log_error("Failed to add netlink interface name field: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_message_append_u32(m, IFLA_MASTER, bridge);
+ if (r < 0) {
+ log_error("Failed to add netlink master field: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_rtnl_call(rtnl, m, 0, NULL);
+ if (r < 0) {
+ log_error("Failed to add veth interface to bridge: %s", strerror(-r));
+ return r;
+ }
+
+ return 0;
+}
+
+static int parse_interface(struct udev *udev, const char *name) {
+ _cleanup_udev_device_unref_ struct udev_device *d = NULL;
+ char ifi_str[2 + DECIMAL_STR_MAX(int)];
+ int ifi;
+
+ ifi = (int) if_nametoindex(name);
+ if (ifi <= 0) {
+ log_error("Failed to resolve interface %s: %m", name);
+ return -errno;
+ }
+
+ sprintf(ifi_str, "n%i", ifi);
+ d = udev_device_new_from_device_id(udev, ifi_str);
+ if (!d) {
+ log_error("Failed to get udev device for interface %s: %m", name);
+ return -errno;
+ }
+
+ if (udev_device_get_is_initialized(d) <= 0) {
+ log_error("Network interface %s is not initialized yet.", name);
+ return -EBUSY;
+ }
+
+ return ifi;
+}
+