From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=S3mnXjoN; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id AEA2E5A0623 for ; Fri, 30 Jan 2026 22:45:06 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1769809505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=A4KrWkwxxFXpzrQZjuXp4pNr5dUsbsvKbGGrw92Ut5o=; b=S3mnXjoNLdIT9Ry2C4colPvGjqWW4i3ar7mRAY0fSx9HaVtlasVZgT8kRsNP12dXb81imS SYbsiW+WY+QoS1ErAIIHe1WtSyba8UICBglwNFTeiTpZZF+KJrCRkpTJlQVt6pmCDCLOFs goh1CeL23AS8rI5ifMDGc7oKU3I29ZM= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-639-VHyUKjSCMXWwDKbKSa6m1g-1; Fri, 30 Jan 2026 16:45:02 -0500 X-MC-Unique: VHyUKjSCMXWwDKbKSa6m1g-1 X-Mimecast-MFC-AGG-ID: VHyUKjSCMXWwDKbKSa6m1g_1769809501 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 383B31954204; Fri, 30 Jan 2026 21:45:01 +0000 (UTC) Received: from jmaloy-thinkpadp16vgen1.rmtcaqc.csb (unknown [10.22.65.201]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 238D818002A6; Fri, 30 Jan 2026 21:45:00 +0000 (UTC) From: Jon Maloy To: sbrivio@redhat.com, dgibson@redhat.com, david@gibson.dropbear.id.au, jmaloy@redhat.com, passt-dev@passt.top Subject: [PATCH v3 07/11] conf: Allow multiple -a/--address options per address family Date: Fri, 30 Jan 2026 16:44:43 -0500 Message-ID: <20260130214447.2540791-8-jmaloy@redhat.com> In-Reply-To: <20260130214447.2540791-1-jmaloy@redhat.com> References: <20260130214447.2540791-1-jmaloy@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 2PSAUtvxBZ-bSwx_1u1mrj8Qf0-OSsVjFCt7GhYt8W4_1769809501 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true Message-ID-Hash: 2YFCZU4GD5AY7L6NKVW3UVLYOPGDMGUQ X-Message-ID-Hash: 2YFCZU4GD5AY7L6NKVW3UVLYOPGDMGUQ X-MailFrom: jmaloy@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: We enable configuration of multiple IPv4 and IPv6 addresses by allowing repeated use of the -a/--address option. - We update option parsing to append addresses to the unified addrs[] array, with limit checks for IP4_MAX_ADDRS and IP6_MAX_ADDRS. - Each address specified via -a, but with no prefix length indicated, gets a class-based default prefix length. - If no -a option is given, addresses/prefix lengths are inherited from the template interface. - If a prefix length is to be added, it has to be done in CIDR format, except for the very first address. - We configure all indicated addresses in the namespace interface using the for_each_addr() macro. Signed-off-by: Jon Maloy --- v2: - Adapted to previous code changes v3: - Adapted to single-array strategy - Changes according to feedback from S. Brivio and G Gibson. --- conf.c | 23 ++++++++++++++++------- pasta.c | 21 ++++++++++++++------- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/conf.c b/conf.c index bb6bcf8..d73a3dd 100644 --- a/conf.c +++ b/conf.c @@ -803,13 +803,13 @@ static unsigned int conf_ip6(unsigned int ifi, struct ctx *c) } e = first_v6(c); - c->ip6.addr_seen = e->addr.a6; + if (e) + c->ip6.addr_seen = e->addr.a6; if (IN6_IS_ADDR_LINKLOCAL(&c->ip6.guest_gw)) c->ip6.our_tap_ll = c->ip6.guest_gw; - if (IN6_IS_ADDR_UNSPECIFIED(&e->addr.a6) || - IN6_IS_ADDR_UNSPECIFIED(&c->ip6.our_tap_ll)) + if (!count_v6(c) || IN6_IS_ADDR_UNSPECIFIED(&c->ip6.our_tap_ll)) return 0; return ifi; @@ -901,9 +901,11 @@ static void usage(const char *name, FILE *f, int status) " default: 65520: maximum 802.3 MTU minus 802.3 header\n" " length, rounded to 32 bits (IPv4 words)\n" " -a, --address ADDR Assign IPv4 or IPv6 address ADDR[/PREFIXLEN]\n" - " can be specified zero to two times (for IPv4 and IPv6)\n" + " can be specified multiple times (limit: %d IPv4, %d IPv6)\n" " default: use addresses from interface with default route\n" - " -n, --netmask MASK Assign IPv4 MASK, dot-decimal or bits\n" + " -n, --netmask MASK Assign IPv4 MASK, dot-decimal or bits\n", + IP4_MAX_ADDRS, IP6_MAX_ADDRS); + FPRINTF(f, " default: netmask from matching address on the host\n" " -M, --mac-addr ADDR Use source MAC address ADDR\n" " default: 9a:55:9a:55:9a:55 (locally administered)\n" @@ -1836,6 +1838,9 @@ void conf(struct ctx *c, int argc, char **argv) die("Can't mix CIDR with -n"); if (af == AF_INET) { + if (count_v4(c) >= IP4_MAX_ADDRS) + die("Too many IPv4 addresses"); + e = &c->addrs[c->addr_count]; e->addr = addr; e->prefix_len = prefix_len ? prefix_len : @@ -1845,6 +1850,9 @@ void conf(struct ctx *c, int argc, char **argv) if (c->mode == MODE_PASTA) c->ip4.no_copy_addrs = true; } else if (af == AF_INET6) { + if (count_v6(c) >= IP6_MAX_ADDRS) + die("Too many IPv6 addresses"); + e = &c->addrs[c->addr_count]; e->addr = addr; e->prefix_len = prefix_len ? prefix_len : 64; @@ -1861,6 +1869,8 @@ void conf(struct ctx *c, int argc, char **argv) struct inany_addr_entry *e; int plen; + if (count_v4(c) > 1) + die("-n can only be used with first address"); if (prefix_from_cidr) die("Can't use both -n and CIDR prefix length"); plen = conf_ip4_prefix(optarg); @@ -2156,8 +2166,7 @@ void conf(struct ctx *c, int argc, char **argv) if (!c->ifi6) { c->no_ndp = 1; c->no_dhcpv6 = 1; - } else if (!first_v6(c) || - IN6_IS_ADDR_UNSPECIFIED(&first_v6(c)->addr.a6)) { + } else if (!count_v6(c)) { c->no_dhcpv6 = 1; } diff --git a/pasta.c b/pasta.c index de0ba14..8cb5873 100644 --- a/pasta.c +++ b/pasta.c @@ -312,10 +312,14 @@ static void pasta_ns_conf_ip4(struct ctx *c) int rc = 0; if (c->ip4.no_copy_addrs) { - struct inany_addr_entry *e = first_v4(c); + const struct inany_addr_entry *e; - rc = nl_addr_set(nl_sock_ns, c->pasta_ifi, AF_INET, - inany_v4(&e->addr), e->prefix_len - 96); + for_each_addr(c, e, AF_INET) { + rc = nl_addr_set(nl_sock_ns, c->pasta_ifi, AF_INET, + inany_v4(&e->addr), e->prefix_len - 96); + if (rc < 0) + break; + } } else { rc = nl_addr_dup(nl_sock, c->ifi4, nl_sock_ns, c->pasta_ifi, AF_INET); @@ -346,7 +350,6 @@ static void pasta_ns_conf_ip4(struct ctx *c) */ static void pasta_ns_conf_ip6(struct ctx *c) { - struct inany_addr_entry *e; int rc = 0; rc = nl_addr_get_ll(nl_sock_ns, c->pasta_ifi, &c->ip6.addr_ll_seen); @@ -365,11 +368,15 @@ static void pasta_ns_conf_ip6(struct ctx *c) nl_link_set_flags(nl_sock_ns, c->pasta_ifi, 0, IFF_NOARP); if (c->ip6.no_copy_addrs) { - e = first_v6(c); + const struct inany_addr_entry *e; - if (e && !IN6_IS_ADDR_UNSPECIFIED(&e->addr.a6)) { + for_each_addr(c, e, AF_INET6) { + if (IN6_IS_ADDR_UNSPECIFIED(&e->addr.a6)) + continue; rc = nl_addr_set(nl_sock_ns, c->pasta_ifi, - AF_INET6, &e->addr.a6, 64); + AF_INET6, &e->addr.a6, e->prefix_len); + if (rc < 0) + break; } } else { rc = nl_addr_dup(nl_sock, c->ifi6, -- 2.52.0