On Thu, Apr 04, 2024 at 06:37:55PM +0200, Stefano Brivio wrote:
> As pasta duplicates host routes into the target namespaces, interface
> indices might not match, so we go through RTA_OIF attributes and fix
> them up to match the identifier in the namespace.
> 
> But RTA_OIF is not the ony attribute specifying interfaces for routes:
> multipath routes use RTA_MULTIPATH attributes with nexthop objects,
> which contain in turn interface indices. Fix them up as well.
> 
> If we don't, and we have at least two host interfaces, and the host
> interface we use as template isn't the first one (hence the
> mismatching indices), we'll fail to insert multipath routes with
> nexthop objects, and ultimately refuse to start as the kernel
> unexpectedly gives us ENODEV.
> 
> Link: https://github.com/containers/podman/issues/22192
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> ---
> v2: s/interfaces/interface/ in comment

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> 
>  netlink.c | 15 +++++++++++----
>  1 file changed, 11 insertions(+), 4 deletions(-)
> 
> diff --git a/netlink.c b/netlink.c
> index 9b3dba2..59e9e33 100644
> --- a/netlink.c
> +++ b/netlink.c
> @@ -546,12 +546,19 @@ int nl_route_dup(int s_src, unsigned int ifi_src,
>  
>  		for (rta = RTM_RTA(rtm), na = RTM_PAYLOAD(nh); RTA_OK(rta, na);
>  		     rta = RTA_NEXT(rta, na)) {
> +			/* RTA_OIF and RTA_MULTIPATH attributes carry the
> +			 * identifier of a host interface. Change them to match
> +			 * the corresponding identifier in the target namespace.
> +			 */
>  			if (rta->rta_type == RTA_OIF) {
> -				/* The host obviously list's the host interface
> -				 * id here, we need to change it to the
> -				 * namespace's interface id
> -				 */
>  				*(unsigned int *)RTA_DATA(rta) = ifi_dst;
> +			} else if (rta->rta_type == RTA_MULTIPATH) {
> +				struct rtnexthop *rtnh;
> +
> +				for (rtnh = (struct rtnexthop *)RTA_DATA(rta);
> +				     RTNH_OK(rtnh, RTA_PAYLOAD(rta));
> +				     rtnh = RTNH_NEXT(rtnh))
> +					rtnh->rtnh_ifindex = ifi_dst;
>  			} else if (rta->rta_type == RTA_PREFSRC) {
>  				/* Host routes might include a preferred source
>  				 * address, which must be one of the host's

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson