From mboxrd@z Thu Jan  1 00:00:00 1970
Received: by passt.top (Postfix, from userid 1000)
	id E05DF5A0050; Tue, 18 Jun 2024 08:21:12 +0200 (CEST)
From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH] netlink: Strip nexthop identifiers when duplicating routes
Date: Tue, 18 Jun 2024 08:21:12 +0200
Message-ID: <20240618062112.1519953-1-sbrivio@redhat.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: NDEFRNNDN67DTMV52TTHMGXPTBQILP76
X-Message-ID-Hash: NDEFRNNDN67DTMV52TTHMGXPTBQILP76
X-MailFrom: sbrivio@passt.top
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240618062112.1519953-1-sbrivio@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/NDEFRNNDN67DTMV52TTHMGXPTBQILP76/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

If routing daemons set up host routes, for example FRR via OSPF as in
the reported issue, they might add nexthop identifiers (not objects)
that are generally not valid in the target namespace. Strip them off
as well, otherwise we'll get EINVAL from the kernel.

Link: https://github.com/containers/podman/issues/22960
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 netlink.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/netlink.c b/netlink.c
index 4dbddb2..58822e9 100644
--- a/netlink.c
+++ b/netlink.c
@@ -608,6 +608,15 @@ int nl_route_dup(int s_src, unsigned int ifi_src,
 				 * route invalid in the namespace.  Strip off
 				 * RTA_PREFSRC attributes to avoid that. */
 				rta->rta_type = RTA_UNSPEC;
+			} else if (rta->rta_type == RTA_NH_ID) {
+				/* Host routes set up via routing protocols
+				 * (e.g. OSPF) might contain a nexthop ID (and
+				 * not nexthop objects, which are taken care of
+				 * in the RTA_MULTIPATH case above) that's not
+				 * valid in the target namespace. Strip those as
+				 * well.
+				 */
+				rta->rta_type = RTA_UNSPEC;
 			}
 		}
 
-- 
2.43.0