From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id D85D15A0272 for ; Thu, 3 Aug 2023 09:20:09 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1691047199; bh=XoTbYIa4caZH8xQouDz3YASLOB9Yq4Dc4IzXbeGMfFc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mf26LCZ/gcDjNrOlveAhEBybsaAgCNwha0vk9oLVxOtnw9f27XL52OE+AMg1z50lp stbFVS71MKNiRhtGIwYh9EuGbfGF8DOItBCOejo3DLOQt/uKoxt347EguEVRx0kqo/ s4QzAbm7rXAL3Wmoe2xgBlHUHRH1ccAT6I26jIZ8= Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4RGgGR6wyZz4wyc; Thu, 3 Aug 2023 17:19:59 +1000 (AEST) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v2 14/17] netlink: Propagate errors for "set" operations Date: Thu, 3 Aug 2023 17:19:53 +1000 Message-ID: <20230803071956.3198452-15-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230803071956.3198452-1-david@gibson.dropbear.id.au> References: <20230803071956.3198452-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: XNRLAFWUP22HOLSXOWL3DNUEDDJDUXHT X-Message-ID-Hash: XNRLAFWUP22HOLSXOWL3DNUEDDJDUXHT X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Currently if anything goes wrong while we're configuring the namespace network with --config-net, we'll just ignore it and carry on. This might lead to a silently unconfigured or misconfigured namespace environment. For simple "set" operations based on nl_do() we can now detect failures reported via netlink. Propagate those errors up to pasta_ns_conf() and report them usefully. Link: https://bugs.passt.top/show_bug.cgi?id=60 Signed-off-by: David Gibson --- netlink.c | 26 +++++++++++++++++--------- netlink.h | 10 +++++----- pasta.c | 42 ++++++++++++++++++++++++++++++++---------- 3 files changed, 54 insertions(+), 24 deletions(-) diff --git a/netlink.c b/netlink.c index 6a2bab2..09ee518 100644 --- a/netlink.c +++ b/netlink.c @@ -354,8 +354,10 @@ void nl_route_get_def(int s, unsigned int ifi, sa_family_t af, void *gw) * @ifi: Interface index in target namespace * @af: Address family * @gw: Default gateway to set + * + * Return: 0 on success, negative error code on failure */ -void nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw) +int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw) { struct req_t { struct nlmsghdr nlh; @@ -413,7 +415,7 @@ void nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw) req.set.r4.rta_gw.rta_len = rta_len; } - nl_do(s, &req, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, len); + return nl_do(s, &req, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, len); } /** @@ -558,9 +560,11 @@ void nl_addr_get(int s, unsigned int ifi, sa_family_t af, * @af: Address family * @addr: Global address to set * @prefix_len: Mask or prefix length to set + * + * Return: 0 on success, negative error code on failure */ -void nl_addr_set(int s, unsigned int ifi, sa_family_t af, - void *addr, int prefix_len) +int nl_addr_set(int s, unsigned int ifi, sa_family_t af, + void *addr, int prefix_len) { struct req_t { struct nlmsghdr nlh; @@ -613,7 +617,7 @@ void nl_addr_set(int s, unsigned int ifi, sa_family_t af, req.set.a4.rta_a.rta_type = IFA_ADDRESS; } - nl_do(s, &req, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, len); + return nl_do(s, &req, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, len); } /** @@ -713,8 +717,10 @@ void nl_link_get_mac(int s, unsigned int ifi, void *mac) * @ns: Use netlink socket in namespace * @ifi: Interface index * @mac: MAC address to set + * + * Return: 0 on success, negative error code on failure */ -void nl_link_set_mac(int s, unsigned int ifi, void *mac) +int nl_link_set_mac(int s, unsigned int ifi, void *mac) { struct req_t { struct nlmsghdr nlh; @@ -730,7 +736,7 @@ void nl_link_set_mac(int s, unsigned int ifi, void *mac) memcpy(req.mac, mac, ETH_ALEN); - nl_do(s, &req, RTM_NEWLINK, 0, sizeof(req)); + return nl_do(s, &req, RTM_NEWLINK, 0, sizeof(req)); } /** @@ -738,8 +744,10 @@ void nl_link_set_mac(int s, unsigned int ifi, void *mac) * @s: Netlink socket * @ifi: Interface index * @mtu: If non-zero, set interface MTU + * + * Return: 0 on success, negative error code on failure */ -void nl_link_up(int s, unsigned int ifi, int mtu) +int nl_link_up(int s, unsigned int ifi, int mtu) { struct req_t { struct nlmsghdr nlh; @@ -761,5 +769,5 @@ void nl_link_up(int s, unsigned int ifi, int mtu) /* Shorten request to drop MTU attribute */ len = offsetof(struct req_t, rta); - nl_do(s, &req, RTM_NEWLINK, 0, len); + return nl_do(s, &req, RTM_NEWLINK, 0, len); } diff --git a/netlink.h b/netlink.h index 5ca17c6..977244b 100644 --- a/netlink.h +++ b/netlink.h @@ -12,17 +12,17 @@ extern int nl_sock_ns; void nl_sock_init(const struct ctx *c, bool ns); unsigned int nl_get_ext_if(int s, sa_family_t af); void nl_route_get_def(int s, unsigned int ifi, sa_family_t af, void *gw); -void nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw); +int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw); void nl_route_dup(int s_src, unsigned int ifi_src, int s_dst, unsigned int ifi_dst, sa_family_t af); void nl_addr_get(int s, unsigned int ifi, sa_family_t af, void *addr, int *prefix_len, void *addr_l); -void nl_addr_set(int s, unsigned int ifi, sa_family_t af, - void *addr, int prefix_len); +int nl_addr_set(int s, unsigned int ifi, sa_family_t af, + void *addr, int prefix_len); void nl_addr_dup(int s_src, unsigned int ifi_src, int s_dst, unsigned int ifi_dst, sa_family_t af); void nl_link_get_mac(int s, unsigned int ifi, void *mac); -void nl_link_set_mac(int s, unsigned int ifi, void *mac); -void nl_link_up(int s, unsigned int ifi, int mtu); +int nl_link_set_mac(int s, unsigned int ifi, void *mac); +int nl_link_up(int s, unsigned int ifi, int mtu); #endif /* NETLINK_H */ diff --git a/pasta.c b/pasta.c index 5a1bc36..54c2afa 100644 --- a/pasta.c +++ b/pasta.c @@ -272,49 +272,71 @@ void pasta_start_ns(struct ctx *c, uid_t uid, gid_t gid, */ void pasta_ns_conf(struct ctx *c) { - nl_link_up(nl_sock_ns, 1 /* lo */, 0); + int rc = 0; + + rc = nl_link_up(nl_sock_ns, 1 /* lo */, 0); + if (rc < 0) + die("Couldn't bring up loopback interface in namespace: %s", + strerror(-rc)); /* Get or set MAC in target namespace */ if (MAC_IS_ZERO(c->mac_guest)) nl_link_get_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest); else - nl_link_set_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest); + rc = nl_link_set_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest); + if (rc < 0) + die("Couldn't set MAC address in namespace: %s", + strerror(-rc)); if (c->pasta_conf_ns) { nl_link_up(nl_sock_ns, c->pasta_ifi, c->mtu); if (c->ifi4) { if (c->no_copy_addrs) - nl_addr_set(nl_sock_ns, c->pasta_ifi, AF_INET, - &c->ip4.addr, c->ip4.prefix_len); + rc = nl_addr_set(nl_sock_ns, c->pasta_ifi, + AF_INET, + &c->ip4.addr, + c->ip4.prefix_len); else nl_addr_dup(nl_sock, c->ifi4, nl_sock_ns, c->pasta_ifi, AF_INET); + if (rc < 0) + die("Couldn't set IPv4 address(es) in namespace: %s", + strerror(-rc)); if (c->no_copy_routes) - nl_route_set_def(nl_sock_ns, c->pasta_ifi, - AF_INET, &c->ip4.gw); + rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi, + AF_INET, &c->ip4.gw); else nl_route_dup(nl_sock, c->ifi4, nl_sock_ns, c->pasta_ifi, AF_INET); + if (rc < 0) + die("Couldn't set IPv4 route(s) in guest: %s", + strerror(-rc)); } if (c->ifi6) { if (c->no_copy_addrs) - nl_addr_set(nl_sock_ns, c->pasta_ifi, - AF_INET6, &c->ip6.addr, 64); + rc = nl_addr_set(nl_sock_ns, c->pasta_ifi, + AF_INET6, &c->ip6.addr, 64); else nl_addr_dup(nl_sock, c->ifi6, nl_sock_ns, c->pasta_ifi, AF_INET6); + if (rc < 0) + die("Couldn't set IPv6 address(es) in namespace: %s", + strerror(-rc)); if (c->no_copy_routes) - nl_route_set_def(nl_sock_ns, c->pasta_ifi, - AF_INET6, &c->ip6.gw); + rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi, + AF_INET6, &c->ip6.gw); else nl_route_dup(nl_sock, c->ifi6, nl_sock_ns, c->pasta_ifi, AF_INET6); + if (rc < 0) + die("Couldn't set IPv6 route(s) in guest: %s", + strerror(-rc)); } } -- 2.41.0