Re: [PATCH v4] treewide: Introduce 'local mode' for disconnected setups

[Paul Holzinger <pholzing@redhat.com>]

On 27/11/2024 05:27, Stefano Brivio wrote:
> There are setups where no host interface is available or configured
> at all, intentionally or not, temporarily or not, but users expect
> (Podman) containers to run in any case as they did with slirp4netns,
> and we're now getting reports that we broke such setups at a rather
> alarming rate.
>
> To this end, if we don't find any usable host interface, instead of
> exiting:
>
> - for IPv4, use 169.254.2.1 as guest/container address and 169.254.2.2
>    as default gateway
>
> - for IPv6, don't assign any address (forcibly disable DHCPv6), and
>    use the *first* link-local address we observe to represent the
>    guest/container. Advertise fe80::1 as default gateway
>
> - use 'tap0' as default interface name for pasta
>
> Change ifi4 and ifi6 in struct ctx to int and accept a special -1
> value meaning that no host interface was selected, but the IP family
> is enabled. The fact that the kernel uses unsigned int values for
> those is not an issue as 1. one can't create so many interfaces
> anyway and 2. we otherwise handle those values transparently.
>
> Fix a botched conditional in conf_print() to actually skip printing
> DHCPv6 information if DHCPv6 is disabled (and skip printing NDP
> information if NDP is disabled).
>
> Link: https://github.com/containers/podman/issues/24614
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Just for completeness sake, I know it is already applied. so it doesn't 
matter.

Tested-by: Paul Holzinger <pholzing@redhat.com>

> ---
> v4: In conf(), leave the
>      (*c->ip4.ifname_out && !c->ifi4) || (*c->ip6.ifname_out && !c->ifi6)
>      case alone: there, the user gave outbound interfaces explicitly
>      but we couldn't use them
>
> v3: Coverity reports that, in conf(), we might supply a negative
>      c->ifi4 to if_indextoname() after checking that (!*c->pasta_ifn).
>
>      That's a false positive, because if c->ifi4 is -1, we already set
>      c->pasta_ifn to "tap0", so we won't call if_indextoname() at all,
>      but, to make my life simpler, add a redundant check on c->ifi4
>      and c->ifi6 before calling if_indextoname() on them.
>
> v2:
>   - drop fixed link-local address for IPv6
>   - change addresses to be reminiscent of libslirp's default choices
>   - add man page changes and commit message
>   - fix several things around, from testing (checked with several
>     --map-guest-addr and --map-host-loopback combinations etc.)
>
>   conf.c  | 97 ++++++++++++++++++++++++++++++++++++++++++++-------------
>   passt.1 | 33 +++++++++++++++++---
>   passt.h |  8 ++---
>   pasta.c |  7 +++--
>   tap.c   |  3 ++
>   5 files changed, 116 insertions(+), 32 deletions(-)
>
-- 
Paul Holzinger