From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id BB64C5A0282
	for <passt-dev@passt.top>; Mon, 22 May 2023 10:54:02 +0200 (CEST)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4QPrpb3P9Cz4x4J; Mon, 22 May 2023 18:53:59 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1684745639;
	bh=mEUW8MEIaNRRfbVxIbWfTHSdqroAexnYph1bqEpEy9Y=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=o6jIItnkuMkPjnt/ZI/U5jeJLrOWlY+UNJaM7GOyUoTQeBZYLwHv2LpX34XcKd1z/
	 WtNPRYt7SPzMNlz1RSX2mJ6ACTQKiATwcFzWPHvgXhLAilDsmCZQakBmxuCC4LUgSn
	 E0nFV0OhHAiwiQwrkltJlyV+ZkEIY8ySwevXDVqE=
Date: Mon, 22 May 2023 18:48:39 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v2 07/10] conf: Don't exit if sourced default route has
 no gateway
Message-ID: <ZGssZ5vYyxXnerQQ@yekko>
References: <20230521234224.2770015-1-sbrivio@redhat.com>
 <20230521234224.2770015-8-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="iFkhv2jQsIyT5kqc"
Content-Disposition: inline
In-Reply-To: <20230521234224.2770015-8-sbrivio@redhat.com>
Message-ID-Hash: 5BRND5CVDIZQE7CXZZ4SVMVQLYKRZA4A
X-Message-ID-Hash: 5BRND5CVDIZQE7CXZZ4SVMVQLYKRZA4A
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Callum Parsey <callum@neoninteger.au>, me@yawnt.com, lemmi@nerd2nerd.org, Andrea Arcangeli <aarcange@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZGssZ5vYyxXnerQQ@yekko/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/5BRND5CVDIZQE7CXZZ4SVMVQLYKRZA4A/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--iFkhv2jQsIyT5kqc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 22, 2023 at 01:42:21AM +0200, Stefano Brivio wrote:
> If we use a template interface without a gateway on the default
> route, we can still offer almost complete functionality, except that,
> of course, we can't map the gateway address to the outer namespace or
> host, and that we have no obvious server address or identifier for
> use in DHCP's siaddr and option 54 (Server identifier, mandatory).
>=20
> Continue, if we have a default route but no default gateway, and
> imply --no-map-gw and --no-dhcp in that case. NDP responder and
> DHCPv6 should be able to work as usual because we require a
> link-local address to be present, and we'll fall back to that.

Implying (rather than requiring) --no-map-gw and --no-dhcp does worry
me a bit.  I feel like it might violate the principle of least
surprise.

> Together with the previous commits implementing an actual copy of
> routes from the outer namespace, this should finally fix the
> operation of 'pasta --config-net' for cases where we have a default
> route on the host, but no default gateway, as it's the case for
> tap-style routes, including typical Wireguard endpoints.

Logic looks sound, though, so

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

>=20
> Reported-by: me@yawnt.com
> Link: https://bugs.passt.top/show_bug.cgi?id=3D49
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> ---
>  conf.c  | 10 +++++++---
>  passt.1 |  6 ++++--
>  2 files changed, 11 insertions(+), 5 deletions(-)
>=20
> diff --git a/conf.c b/conf.c
> index 1392da5..c07b697 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -665,8 +665,7 @@ static unsigned int conf_ip4(unsigned int ifi,
>  	if (MAC_IS_ZERO(mac))
>  		nl_link(0, ifi, mac, 0, 0);
> =20
> -	if (IN4_IS_ADDR_UNSPECIFIED(&ip4->gw) ||
> -	    IN4_IS_ADDR_UNSPECIFIED(&ip4->addr) ||
> +	if (IN4_IS_ADDR_UNSPECIFIED(&ip4->addr) ||
>  	    MAC_IS_ZERO(mac))
>  		return 0;
> =20
> @@ -708,7 +707,6 @@ static unsigned int conf_ip6(unsigned int ifi,
>  		nl_link(0, ifi, mac, 0, 0);
> =20
>  	if (IN6_IS_ADDR_UNSPECIFIED(&ip6->gw) ||
> -	    IN6_IS_ADDR_UNSPECIFIED(&ip6->addr) ||
>  	    IN6_IS_ADDR_UNSPECIFIED(&ip6->addr_ll) ||
>  	    MAC_IS_ZERO(mac))
>  		return 0;
> @@ -1658,6 +1656,12 @@ void conf(struct ctx *c, int argc, char **argv)
>  	    (*c->ip6.ifname_out && !c->ifi6))
>  		die("External interface not usable");
> =20
> +	if (c->ifi4 && IN4_IS_ADDR_UNSPECIFIED(&c->ip4.gw))
> +		c->no_map_gw =3D c->no_dhcp =3D 1;
> +
> +	if (c->ifi6 && IN6_IS_ADDR_UNSPECIFIED(&c->ip6.gw))
> +		c->no_map_gw =3D 1;
> +
>  	/* Inbound port options can be parsed now (after IPv4/IPv6 settings) */
>  	optind =3D 1;
>  	do {
> diff --git a/passt.1 b/passt.1
> index 10c96ae..f965c34 100644
> --- a/passt.1
> +++ b/passt.1
> @@ -281,7 +281,8 @@ guest or target namespace will be silently dropped.
>  .TP
>  .BR \-\-no-dhcp
>  Disable the DHCP server. DHCP client requests coming from guest or target
> -namespace will be silently dropped.
> +namespace will be silently dropped. Implied if there is no gateway on the
> +selected IPv4 default route.
> =20
>  .TP
>  .BR \-\-no-ndp
> @@ -301,7 +302,8 @@ namespace will be ignored.
>  .TP
>  .BR \-\-no-map-gw
>  Don't remap TCP connections and untracked UDP traffic, with the gateway =
address
> -as destination, to the host.
> +as destination, to the host. Implied if there is no gateway on the selec=
ted
> +default route for any of the enabled address families.
> =20
>  .TP
>  .BR \-4 ", " \-\-ipv4-only

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--iFkhv2jQsIyT5kqc
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmRrLGEACgkQzQJF27ox
2Gf78Q/+Ld50ltCSvJn+NItBEmZJBa9kcBm1ziBohas55K1Cx4d6pcQIyNwuAeLY
qH+mcjPMVVYrO505FR4vbYedzcJxoMkAQiakGcnHe2LN+lNzvCHQ0Bd6kvgaGfXr
la/RI5Uo6d5BpvVCIz04wLxXstuZ5iIjm0Zj3OriUooxqPxurPJs+YnnWdkZYx0M
rkT4bhLeQtaNdG23CCHVzybIY1mg35FsVN5Zw9w0b1UjKsYB7oNNOP7m5Xn1wKpI
GUuXz94Pltxpa3tHZlHb7jLWe8wPSYxsAEm4cKw/rxO1s7iU90w0L7eGl7g7ZVO+
gXukIsSZPLZ26A91sTWO3z6QCSPIFktRG9dimwBWz6fj2ni6jc4h2RdVpmTLmlQf
wvZr8TC3ta261rQHHyVNIiF9MOexyhWvpV9ayxm1ztc7aBJ2QL/J1q79BzMqTRRQ
NFfrGpTgCjOJkCfeIShTFMFxu8aJvKHqnw2/NRKr0JGNSwAVvLPfb0LOGddzEj9D
XbucqwO1AO35VwF2MR0hkNC/MAHoMpxoxzd3EosAnVaEYsNtxcq1wjtn+D6YwfdT
kkWR5NgI3+oEWF37bqJM/7FUPTuRKFPy6AFX4GbQSMJLjBvtNxiqieN+jZ8WqSSF
p1KGayAkxrL1Ymze5/bjupSwP0szyf7frzAEsqH2bt13lzxy1Ns=
=xhw2
-----END PGP SIGNATURE-----

--iFkhv2jQsIyT5kqc--