From mboxrd@z Thu Jan 1 00:00:00 1970 Received: by passt.top (Postfix, from userid 1000) id B3A755A0277; Mon, 22 May 2023 01:42:24 +0200 (CEST) From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH v2 09/10] conf, pasta: With --config-net, copy all addresses by default Date: Mon, 22 May 2023 01:42:23 +0200 Message-Id: <20230521234224.2770015-10-sbrivio@redhat.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230521234224.2770015-1-sbrivio@redhat.com> References: <20230521234224.2770015-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: EIPUSKXJXTNWO2PGXDUVZGAC45A4AE7W X-Message-ID-Hash: EIPUSKXJXTNWO2PGXDUVZGAC45A4AE7W X-MailFrom: sbrivio@passt.top X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Callum Parsey , me@yawnt.com, David Gibson , lemmi@nerd2nerd.org, Andrea Arcangeli X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Use the newly-introduced NL_DUP mode for nl_addr() to copy all the addresses associated to the template interface in the outer namespace, unless --no-copy-addrs (also implied by -a) is given. This is done mostly for consistency with routes. It might partially cover the issue at: https://bugs.passt.top/show_bug.cgi?id=47 Support multiple addresses per address family for some use cases, but not the originally intended one: we'll still use a single outbound address (unless the routing table specifies different preferred source addresses depending on the destination), regardless of the address used in the target namespace. Link: https://bugs.passt.top/show_bug.cgi?id=47 Signed-off-by: Stefano Brivio --- conf.c | 16 ++++++++++++++-- passt.1 | 9 +++++++++ passt.h | 2 ++ pasta.c | 5 +++-- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/conf.c b/conf.c index 1ffd05c..e6c68e2 100644 --- a/conf.c +++ b/conf.c @@ -901,6 +901,7 @@ pasta_opts: info( " network namespace is deleted"); info( " --config-net Configure tap interface in namespace"); info( " --no-copy-routes Don't copy all routes to namespace"); + info( " --no-copy-addrs Don't copy all addresses to namespace"); info( " --ns-mac-addr ADDR Set MAC address on tap interface"); exit(EXIT_FAILURE); @@ -1177,6 +1178,7 @@ void conf(struct ctx *c, int argc, char **argv) {"outbound-if6", required_argument, NULL, 16 }, {"config-net", no_argument, NULL, 17 }, {"no-copy-routes", no_argument, NULL, 18 }, + {"no-copy-addrs", no_argument, NULL, 19 }, { 0 }, }; struct get_bound_ports_ns_arg ns_ports_arg = { .c = c }; @@ -1347,6 +1349,12 @@ void conf(struct ctx *c, int argc, char **argv) c->no_copy_routes = 1; break; + case 19: + if (c->mode != MODE_PASTA) + die("--no-copy-addrs is for pasta mode only"); + + c->no_copy_addrs = 1; + break; case 'd': if (c->debug) die("Multiple --debug options given"); @@ -1632,8 +1640,12 @@ void conf(struct ctx *c, int argc, char **argv) if (*c->sock_path && c->fd_tap >= 0) die("Options --socket and --fd are mutually exclusive"); - if (c->mode == MODE_PASTA && c->no_copy_routes && !c->pasta_conf_ns) - die("Option --no-copy-routes needs --config-net"); + if (c->mode == MODE_PASTA && !c->pasta_conf_ns) { + if (c->no_copy_routes) + die("Option --no-copy-routes needs --config-net"); + if (c->no_copy_addrs) + die("Option --no-copy-addrs needs --config-net"); + } if (!ifi4 && *c->ip4.ifname_out) ifi4 = if_nametoindex(c->ip4.ifname_out); diff --git a/passt.1 b/passt.1 index f965c34..87b076d 100644 --- a/passt.1 +++ b/passt.1 @@ -558,6 +558,15 @@ Default is to copy all the routing entries from the interface in the outer namespace to the target namespace, translating the output interface attribute to the outbound interface in the namespace. +.TP +.BR \-\-no-copy-addrs +With \-\-config-net, do not copy all the addresses associated to the interface +we derive addresses and routes from: set up a single one. Implied by \-a, +\-\-address. + +Default is to copy all the addresses, except for link-local ones, from the +interface from the outer namespace to the target namespace. + .TP .BR \-\-ns-mac-addr " " \fIaddr Configure MAC address \fIaddr\fR on the tap interface in the namespace. diff --git a/passt.h b/passt.h index d314596..b51a1e5 100644 --- a/passt.h +++ b/passt.h @@ -183,6 +183,7 @@ struct ip6_ctx { * @pasta_ifn: Index of namespace interface for pasta * @pasta_conf_ns: Configure namespace after creating it * @no_copy_routes: Don't copy all routes when configuring target namespace + * @no_copy_addrs: Don't copy all addresses when configuring namespace * @no_tcp: Disable TCP operation * @tcp: Context for TCP protocol handler * @no_tcp: Disable UDP operation @@ -242,6 +243,7 @@ struct ctx { unsigned int pasta_ifi; int pasta_conf_ns; int no_copy_routes; + int no_copy_addrs; int no_tcp; struct tcp_ctx tcp; diff --git a/pasta.c b/pasta.c index 99ef3fc..4054e9a 100644 --- a/pasta.c +++ b/pasta.c @@ -274,11 +274,12 @@ void pasta_ns_conf(struct ctx *c) if (c->pasta_conf_ns) { enum nl_op op_routes = c->no_copy_routes ? NL_SET : NL_DUP; + enum nl_op op_addrs = c->no_copy_addrs ? NL_SET : NL_DUP; nl_link(1, c->pasta_ifi, c->mac_guest, 1, c->mtu); if (c->ifi4) { - nl_addr(NL_SET, c->ifi4, c->pasta_ifi, AF_INET, + nl_addr(op_addrs, c->ifi4, c->pasta_ifi, AF_INET, &c->ip4.addr, &c->ip4.prefix_len, NULL); nl_route(op_routes, c->ifi4, c->pasta_ifi, AF_INET, &c->ip4.gw); @@ -286,7 +287,7 @@ void pasta_ns_conf(struct ctx *c) if (c->ifi6) { int prefix_len = 64; - nl_addr(NL_SET, c->ifi6, c->pasta_ifi, AF_INET6, + nl_addr(op_addrs, c->ifi6, c->pasta_ifi, AF_INET6, &c->ip6.addr, &prefix_len, NULL); nl_route(op_routes, c->ifi6, c->pasta_ifi, AF_INET6, &c->ip6.gw); -- 2.39.2