aboutgitcodebugslistschat
diff options
context:
space:
mode:
-rw-r--r--conf.c6
-rw-r--r--fwd.c2
-rw-r--r--isolation.c28
-rw-r--r--log.c2
-rw-r--r--netlink.c4
-rw-r--r--passt.c12
-rw-r--r--pasta.c18
-rw-r--r--pcap.c8
-rw-r--r--tap.c14
-rw-r--r--tcp.c24
-rw-r--r--util.c12
11 files changed, 53 insertions, 77 deletions
diff --git a/conf.c b/conf.c
index 1d1f9a1..3db8d4d 100644
--- a/conf.c
+++ b/conf.c
@@ -461,7 +461,7 @@ static void get_dns(struct ctx *c)
}
if (line_len < 0)
- warn("Error reading /etc/resolv.conf: %s", strerror(errno));
+ warn_perror("Error reading /etc/resolv.conf");
close(fd);
out:
@@ -623,6 +623,7 @@ static unsigned int conf_ip4(unsigned int ifi,
int rc = nl_link_get_mac(nl_sock, ifi, mac);
if (rc < 0) {
char ifname[IFNAMSIZ];
+
err("Couldn't discover MAC address for %s: %s",
if_indextoname(ifi, ifname), strerror(-rc));
return 0;
@@ -1496,8 +1497,7 @@ void conf(struct ctx *c, int argc, char **argv)
break;
case 'i':
if (!(ifi4 = ifi6 = if_nametoindex(optarg)))
- die("Invalid interface name %s: %s", optarg,
- strerror(errno));
+ die_perror("Invalid interface name %s", optarg);
break;
case 'o':
if (inet_pton(AF_INET6, optarg, &c->ip6.addr_out) &&
diff --git a/fwd.c b/fwd.c
index b3d5a37..d3f1798 100644
--- a/fwd.c
+++ b/fwd.c
@@ -52,7 +52,7 @@ static void procfs_scan_listen(int fd, unsigned int lstate,
return;
if (lseek(fd, 0, SEEK_SET)) {
- warn("lseek() failed on /proc/net file: %s", strerror(errno));
+ warn_perror("lseek() failed on /proc/net file");
return;
}
diff --git a/isolation.c b/isolation.c
index c936674..4956d7e 100644
--- a/isolation.c
+++ b/isolation.c
@@ -105,7 +105,7 @@ static void drop_caps_ep_except(uint64_t keep)
int i;
if (syscall(SYS_capget, &hdr, data))
- die("Couldn't get current capabilities: %s", strerror(errno));
+ die_perror("Couldn't get current capabilities");
for (i = 0; i < CAP_WORDS; i++) {
uint32_t mask = keep >> (32 * i);
@@ -115,7 +115,7 @@ static void drop_caps_ep_except(uint64_t keep)
}
if (syscall(SYS_capset, &hdr, data))
- die("Couldn't drop capabilities: %s", strerror(errno));
+ die_perror("Couldn't drop capabilities");
}
/**
@@ -152,19 +152,17 @@ static void clamp_caps(void)
*/
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) &&
errno != EINVAL && errno != EPERM)
- die("Couldn't drop cap %i from bounding set: %s",
- i, strerror(errno));
+ die_perror("Couldn't drop cap %i from bounding set", i);
}
if (syscall(SYS_capget, &hdr, data))
- die("Couldn't get current capabilities: %s", strerror(errno));
+ die_perror("Couldn't get current capabilities");
for (i = 0; i < CAP_WORDS; i++)
data[i].inheritable = 0;
if (syscall(SYS_capset, &hdr, data))
- die("Couldn't drop inheritable capabilities: %s",
- strerror(errno));
+ die_perror("Couldn't drop inheritable capabilities");
}
/**
@@ -234,34 +232,30 @@ void isolate_user(uid_t uid, gid_t gid, bool use_userns, const char *userns,
if (setgroups(0, NULL)) {
/* If we don't have CAP_SETGID, this will EPERM */
if (errno != EPERM)
- die("Can't drop supplementary groups: %s",
- strerror(errno));
+ die_perror("Can't drop supplementary groups");
}
if (setgid(gid) != 0)
- die("Can't set GID to %u: %s", gid, strerror(errno));
+ die_perror("Can't set GID to %u", gid);
if (setuid(uid) != 0)
- die("Can't set UID to %u: %s", uid, strerror(errno));
+ die_perror("Can't set UID to %u", uid);
if (*userns) { /* If given a userns, join it */
int ufd;
ufd = open(userns, O_RDONLY | O_CLOEXEC);
if (ufd < 0)
- die("Couldn't open user namespace %s: %s",
- userns, strerror(errno));
+ die_perror("Couldn't open user namespace %s", userns);
if (setns(ufd, CLONE_NEWUSER) != 0)
- die("Couldn't enter user namespace %s: %s",
- userns, strerror(errno));
+ die_perror("Couldn't enter user namespace %s", userns);
close(ufd);
} else if (use_userns) { /* Create and join a new userns */
if (unshare(CLONE_NEWUSER) != 0)
- die("Couldn't create user namespace: %s",
- strerror(errno));
+ die_perror("Couldn't create user namespace");
}
/* Joining a new userns gives us full capabilities; drop the
diff --git a/log.c b/log.c
index 528ee51..a72b871 100644
--- a/log.c
+++ b/log.c
@@ -212,7 +212,7 @@ void logfile_init(const char *name, const char *path, size_t size)
log_file = open(path, O_CREAT | O_TRUNC | O_APPEND | O_RDWR | O_CLOEXEC,
S_IRUSR | S_IWUSR);
if (log_file == -1)
- die("Couldn't open log file %s: %s", path, strerror(errno));
+ die_perror("Couldn't open log file %s", path);
log_size = size ? size : LOGFILE_SIZE_DEFAULT;
diff --git a/netlink.c b/netlink.c
index c082991..093de26 100644
--- a/netlink.c
+++ b/netlink.c
@@ -133,7 +133,7 @@ static uint32_t nl_send(int s, void *req, uint16_t type,
n = send(s, req, len, 0);
if (n < 0)
- die("netlink: Failed to send(): %s", strerror(errno));
+ die_perror("netlink: Failed to send()");
else if (n < len)
die("netlink: Short send (%zd of %zd bytes)", n, len);
@@ -189,7 +189,7 @@ static struct nlmsghdr *nl_next(int s, char *buf, struct nlmsghdr *nh, ssize_t *
*n = recv(s, buf, NLBUFSIZ, 0);
if (*n < 0)
- die("netlink: Failed to recv(): %s", strerror(errno));
+ die_perror("netlink: Failed to recv()");
nh = (struct nlmsghdr *)buf;
if (!NLMSG_OK(nh, *n))
diff --git a/passt.c b/passt.c
index a48c5f6..13f3eb6 100644
--- a/passt.c
+++ b/passt.c
@@ -227,15 +227,11 @@ int main(int argc, char **argv)
__openlog("pasta", 0, LOG_DAEMON);
sa.sa_handler = pasta_child_handler;
- if (sigaction(SIGCHLD, &sa, NULL)) {
- die("Couldn't install signal handlers: %s",
- strerror(errno));
- }
+ if (sigaction(SIGCHLD, &sa, NULL))
+ die_perror("Couldn't install signal handlers");
- if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
- die("Couldn't set disposition for SIGPIPE: %s",
- strerror(errno));
- }
+ if (signal(SIGPIPE, SIG_IGN) == SIG_ERR)
+ die_perror("Couldn't set disposition for SIGPIPE");
c.mode = MODE_PASTA;
} else if (strstr(name, "passt")) {
diff --git a/pasta.c b/pasta.c
index d08391f..084288c 100644
--- a/pasta.c
+++ b/pasta.c
@@ -138,17 +138,15 @@ void pasta_open_ns(struct ctx *c, const char *netns)
int nfd = -1;
nfd = open(netns, O_RDONLY | O_CLOEXEC);
- if (nfd < 0) {
- die("Couldn't open network namespace %s: %s",
- netns, strerror(errno));
- }
+ if (nfd < 0)
+ die_perror("Couldn't open network namespace %s", netns);
c->pasta_netns_fd = nfd;
NS_CALL(ns_check, c);
if (c->pasta_netns_fd < 0)
- die("Couldn't switch to pasta namespaces: %s", strerror(errno));
+ die_perror("Couldn't switch to pasta namespaces");
if (!c->no_netns_quit) {
char buf[PATH_MAX] = { 0 };
@@ -184,7 +182,7 @@ static int pasta_spawn_cmd(void *arg)
/* We run in a detached PID and mount namespace: mount /proc over */
if (mount("", "/proc", "proc", 0, NULL))
- warn("Couldn't mount /proc: %s", strerror(errno));
+ warn_perror("Couldn't mount /proc");
if (write_file("/proc/sys/net/ipv4/ping_group_range", "0 0"))
warn("Cannot set ping_group_range, ICMP requests might fail");
@@ -265,7 +263,7 @@ void pasta_start_ns(struct ctx *c, uid_t uid, gid_t gid,
NS_CALL(pasta_wait_for_ns, c);
if (c->pasta_netns_fd < 0)
- die("Failed to join network namespace: %s", strerror(errno));
+ die_perror("Failed to join network namespace");
}
/**
@@ -369,12 +367,12 @@ static int pasta_netns_quit_timer(void)
struct itimerspec it = { { 1, 0 }, { 1, 0 } }; /* one-second interval */
if (fd == -1) {
- err("timerfd_create(): %s", strerror(errno));
+ err_perror("Failed to create timerfd for quit timer");
return -errno;
}
if (timerfd_settime(fd, 0, &it, NULL) < 0) {
- err("timerfd_settime(): %s", strerror(errno));
+ err_perror("Failed to set interval for quit timer");
close(fd);
return -errno;
}
@@ -467,7 +465,7 @@ void pasta_netns_quit_timer_handler(struct ctx *c, union epoll_ref ref)
n = read(ref.fd, &expirations, sizeof(expirations));
if (n < 0)
- die("Namespace watch timer read() error: %s", strerror(errno));
+ die_perror("Namespace watch timer read() error");
if ((size_t)n < sizeof(expirations))
warn("Namespace watch timer: short read(): %zi", n);
diff --git a/pcap.c b/pcap.c
index 507be2a..46cc4b0 100644
--- a/pcap.c
+++ b/pcap.c
@@ -89,10 +89,8 @@ static void pcap_frame(const struct iovec *iov, size_t iovcnt,
struct iovec hiov = { &h, sizeof(h) };
if (write_remainder(pcap_fd, &hiov, 1, 0) < 0 ||
- write_remainder(pcap_fd, iov, iovcnt, offset) < 0) {
- debug("Cannot log packet, length %zu: %s",
- l2len, strerror(errno));
- }
+ write_remainder(pcap_fd, iov, iovcnt, offset) < 0)
+ debug_perror("Cannot log packet, length %zu", l2len);
}
/**
@@ -178,5 +176,5 @@ void pcap_init(struct ctx *c)
info("Saving packet capture to %s", c->pcap);
if (write(pcap_fd, &pcap_hdr, sizeof(pcap_hdr)) < 0)
- warn("Cannot write PCAP header: %s", strerror(errno));
+ warn_perror("Cannot write PCAP header");
}
diff --git a/tap.c b/tap.c
index c9aeff1..ec994a2 100644
--- a/tap.c
+++ b/tap.c
@@ -325,7 +325,7 @@ static size_t tap_send_frames_pasta(const struct ctx *c,
size_t framelen = iov_size(iov + i, bufs_per_frame);
if (rc < 0) {
- debug("tap write: %s", strerror(errno));
+ debug_perror("tap write");
switch (errno) {
case EAGAIN:
@@ -387,7 +387,7 @@ static size_t tap_send_frames_passt(const struct ctx *c,
size_t rembufs = bufs_per_frame - (i % bufs_per_frame);
if (write_remainder(c->fd_tap, &iov[i], rembufs, buf_offset) < 0) {
- err("tap: partial frame send: %s", strerror(errno));
+ err_perror("tap: partial frame send");
return i;
}
i += rembufs;
@@ -1122,7 +1122,7 @@ int tap_sock_unix_open(char *sock_path)
int i;
if (fd < 0)
- die("UNIX socket: %s", strerror(errno));
+ die_perror("Failed to open UNIX domain socket");
for (i = 1; i < UNIX_SOCK_MAX; i++) {
char *path = addr.sun_path;
@@ -1135,7 +1135,7 @@ int tap_sock_unix_open(char *sock_path)
ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
if (ex < 0)
- die("UNIX domain socket check: %s", strerror(errno));
+ die_perror("Failed to check for UNIX domain conflicts");
ret = connect(ex, (const struct sockaddr *)&addr, sizeof(addr));
if (!ret || (errno != ENOENT && errno != ECONNREFUSED &&
@@ -1155,7 +1155,7 @@ int tap_sock_unix_open(char *sock_path)
}
if (i == UNIX_SOCK_MAX)
- die("UNIX socket bind: %s", strerror(errno));
+ die_perror("Failed to bind UNIX domain socket");
info("UNIX domain socket bound at %s", addr.sun_path);
if (!*sock_path)
@@ -1261,11 +1261,11 @@ static int tap_ns_tun(void *arg)
fd = open("/dev/net/tun", flags);
if (fd < 0)
- die("Failed to open() /dev/net/tun: %s", strerror(errno));
+ die_perror("Failed to open() /dev/net/tun");
rc = ioctl(fd, TUNSETIFF, &ifr);
if (rc < 0)
- die("TUNSETIFF failed: %s", strerror(errno));
+ die_perror("TUNSETIFF ioctl on /dev/net/tun failed");
if (!(c->pasta_ifi = if_nametoindex(c->pasta_ifn)))
die("Tap device opened but no network interface found");
diff --git a/tcp.c b/tcp.c
index a2e81d5..698e7ec 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1553,19 +1553,15 @@ static void tcp_bind_outbound(const struct ctx *c, int s, sa_family_t af)
.sin_addr = c->ip4.addr_out,
};
- if (bind(s, (struct sockaddr *)&addr4, sizeof(addr4))) {
- debug("Can't bind IPv4 TCP socket address: %s",
- strerror(errno));
- }
+ if (bind(s, (struct sockaddr *)&addr4, sizeof(addr4)))
+ debug_perror("IPv4 TCP socket address bind");
}
if (*c->ip4.ifname_out) {
if (setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE,
c->ip4.ifname_out,
- strlen(c->ip4.ifname_out))) {
- debug("Can't bind IPv4 TCP socket to interface:"
- " %s", strerror(errno));
- }
+ strlen(c->ip4.ifname_out)))
+ debug_perror("IPv4 TCP socket interface bind");
}
} else if (af == AF_INET6) {
if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr_out)) {
@@ -1575,19 +1571,15 @@ static void tcp_bind_outbound(const struct ctx *c, int s, sa_family_t af)
.sin6_addr = c->ip6.addr_out,
};
- if (bind(s, (struct sockaddr *)&addr6, sizeof(addr6))) {
- debug("Can't bind IPv6 TCP socket address: %s",
- strerror(errno));
- }
+ if (bind(s, (struct sockaddr *)&addr6, sizeof(addr6)))
+ debug_perror("IPv6 TCP socket address bind");
}
if (*c->ip6.ifname_out) {
if (setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE,
c->ip6.ifname_out,
- strlen(c->ip6.ifname_out))) {
- debug("Can't bind IPv6 TCP socket to interface:"
- " %s", strerror(errno));
- }
+ strlen(c->ip6.ifname_out)))
+ debug_perror("IPv6 TCP socket interface bind");
}
}
}
diff --git a/util.c b/util.c
index 77448ec..dd2e57f 100644
--- a/util.c
+++ b/util.c
@@ -315,7 +315,7 @@ void bitmap_or(uint8_t *dst, size_t size, const uint8_t *a, const uint8_t *b)
void ns_enter(const struct ctx *c)
{
if (setns(c->pasta_netns_fd, CLONE_NEWNET))
- die("setns() failed entering netns: %s", strerror(errno));
+ die_perror("setns() failed entering netns");
}
/**
@@ -330,10 +330,8 @@ bool ns_is_init(void)
bool ret = true;
int fd;
- if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) {
- die("Can't determine if we're in init namespace: %s",
- strerror(errno));
- }
+ if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0)
+ die_perror("Can't determine if we're in init namespace");
if (read(fd, buf, sizeof(root_uid_map)) != sizeof(root_uid_map) - 1 ||
strncmp(buf, root_uid_map, sizeof(root_uid_map)))
@@ -509,7 +507,7 @@ int write_file(const char *path, const char *buf)
size_t len = strlen(buf);
if (fd < 0) {
- warn("Could not open %s: %s", path, strerror(errno));
+ warn_perror("Could not open %s", path);
return -1;
}
@@ -517,7 +515,7 @@ int write_file(const char *path, const char *buf)
ssize_t rc = write(fd, buf, len);
if (rc <= 0) {
- warn("Couldn't write to %s: %s", path, strerror(errno));
+ warn_perror("Couldn't write to %s", path);
break;
}