From mboxrd@z Thu Jan  1 00:00:00 1970
Received: by passt.top (Postfix, from userid 1000)
	id 1E12B5A0276; Thu, 15 Aug 2024 10:36:49 +0200 (CEST)
From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH v2 0/7] Prevent DAD for link-local addresses in containers
Date: Thu, 15 Aug 2024 10:36:42 +0200
Message-ID: <20240815083649.4188007-1-sbrivio@redhat.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: SXEJ6RMHYRJTHXGWLGVNU7DR27262KNQ
X-Message-ID-Hash: SXEJ6RMHYRJTHXGWLGVNU7DR27262KNQ
X-MailFrom: sbrivio@passt.top
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>, Paul Holzinger <pholzing@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240815083649.4188007-1-sbrivio@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/SXEJ6RMHYRJTHXGWLGVNU7DR27262KNQ/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

There's no point in letting a container perform duplicate address
detection as we'll silently discard neighbour solicitations with
unspecified source addresses anyway, without relaying them to anybody.

And we realised that it's not harmless, see the whole discussion around
https://github.com/containers/podman/pull/23561#discussion_r1711639663:
we can't communicate with the container right away because of that,
which is surely annoying for tests, but it could also be an issue for
use cases with very short-lived containers or namespaces.

Disabling DAD via procfs configuration would be simpler than all this,
but we don't own the namespace (unless we spawn a shell), so we
shouldn't mess up with procfs entries, assuming it's even possible.

Set the nodad attribute, and prevent DAD from being triggered before
on link up, before we can set that attribute.

v2:

- in 4/7, instead of doing the whole nl_routes_dup()-vendored dance
  to keep addresses in a single buffer, send NLM_F_REPLACE requests
  right away, but use nlmsg_send() instead of nl_do(), and check for
  answers to our further requests later. Use warn() instead of die()
  if we can't set nodad attributes

- in 5/7, make nl_addr_get_ll() get a pointer to struct in6_addr
  instead of a generic void pointer, and warn(), don't die(), if
  it fails

Stefano Brivio (7):
  netlink: Fix typo in function comment for nl_addr_get()
  netlink, pasta: Split MTU setting functionality out of nl_link_up()
  netlink, pasta: Turn nl_link_up() into a generic function to set link
    flags
  netlink, pasta: Disable DAD for link-local addresses on namespace
    interface
  netlink, pasta: Fetch link-local address from namespace interface once
    it's up
  pasta: Disable neighbour solicitations on device up to prevent DAD
  netlink: Fix typo in function comment for nl_addr_set()

 netlink.c | 144 +++++++++++++++++++++++++++++++++++++++++++++++++-----
 netlink.h |   6 ++-
 pasta.c   |  29 ++++++++++-
 3 files changed, 164 insertions(+), 15 deletions(-)

-- 
2.43.0