From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 293D05A0272
	for <passt-dev@passt.top>; Tue, 23 Apr 2024 03:03:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1713834215;
	bh=JMIWVXGuIM97Y4cf53obAhwrZkyZiCce7iDPEXpSlmE=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=aZzz0UfTi/ys2BMkDcyJrfV3lF/hyg+nQ8/LxMq9CAnbd3FEidaCke+g1x1vA0umA
	 pfjHbKhMTjd6Ksg98AFIwHkynak+ZntM3mvZ6nXygripJn/tuavWMmoIBYhBvoPhvh
	 sv2iuJ9O5ldExz93dTSbb37Sy23oAASmy8Dijm6guAMsp4syABDZEcUtQhDngKPwVZ
	 3lQ5zIC0Kert8qmuVMS7GDgh6Q3VezG8RjSxx4zHzKM+800qXs58RDoEo//Or5oXf6
	 UQ/x/8gVhaYqRSgZvg7TdadpWMxv0f0wzFmXNNKlrxx4HHJXAEtXDoUPVhJs4YTgKh
	 YuKti+P2azXBw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4VNkQH5DTGz4wcp; Tue, 23 Apr 2024 11:03:35 +1000 (AEST)
Date: Tue, 23 Apr 2024 11:02:43 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] netlink: Drop point-to-point peer information when we
 copy addresses
Message-ID: <ZicIs_U6KMwaqyH6@zatzit>
References: <20240411221800.548178-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="7cFDvqQnS/il7QeY"
Content-Disposition: inline
In-Reply-To: <20240411221800.548178-1-sbrivio@redhat.com>
Message-ID-Hash: SCN6QH5XEQS7UGUZPI6LPE2P2YUC2P4U
X-Message-ID-Hash: SCN6QH5XEQS7UGUZPI6LPE2P2YUC2P4U
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZicIs_U6KMwaqyH6@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/SCN6QH5XEQS7UGUZPI6LPE2P2YUC2P4U/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--7cFDvqQnS/il7QeY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Apr 12, 2024 at 12:18:00AM +0200, Stefano Brivio wrote:
> If the template host interface is of type tun, and it's configured
> with a point-to-point peer address (that's what happens for example
> with openvpn and '--topology net30'), pasta will copy the peer
> information onto the namespace interface.
>=20
> But the namespace interface is not actually a point-to-point tunnel,
> and we won't resolve the peer address via ARP either, so we have
> to drop this information to get the expected behaviour (traffic
> regularly sent over our tap interface).
>=20
> Link: https://github.com/containers/podman/issues/22320
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> ---
>  netlink.c | 23 ++++++++++++++++++++++-
>  1 file changed, 22 insertions(+), 1 deletion(-)
>=20
> diff --git a/netlink.c b/netlink.c
> index 89c0641..73aaa4b 100644
> --- a/netlink.c
> +++ b/netlink.c
> @@ -792,8 +792,8 @@ int nl_addr_dup(int s_src, unsigned int ifi_src,
> =20
>  	seq =3D nl_send(s_src, &req, RTM_GETADDR, NLM_F_DUMP, sizeof(req));
>  	nl_foreach_oftype(nh, status, s_src, buf, seq, RTM_NEWADDR) {
> +		struct rtattr *rta, *rta_local =3D NULL;
>  		struct ifaddrmsg *ifa;
> -		struct rtattr *rta;
>  		size_t na;
> =20
>  		ifa =3D (struct ifaddrmsg *)NLMSG_DATA(nh);
> @@ -804,12 +804,33 @@ int nl_addr_dup(int s_src, unsigned int ifi_src,
> =20
>  		ifa->ifa_index =3D ifi_dst;
> =20
> +		for (rta =3D IFA_RTA(ifa), na =3D IFA_PAYLOAD(nh); RTA_OK(rta, na);
> +		     rta =3D RTA_NEXT(rta, na)) {
> +			if (rta->rta_type =3D=3D IFA_LOCAL) {
> +				rta_local =3D rta;
> +				break;
> +			}
> +		}
> +
>  		for (rta =3D IFA_RTA(ifa), na =3D IFA_PAYLOAD(nh); RTA_OK(rta, na);
>  		     rta =3D RTA_NEXT(rta, na)) {
>  			/* Strip label and expiry (cacheinfo) information */
>  			if (rta->rta_type =3D=3D IFA_LABEL ||
>  			    rta->rta_type =3D=3D IFA_CACHEINFO)
>  				rta->rta_type =3D IFA_UNSPEC;
> +
> +			/* Different values for IFA_ADDRESS and IFA_LOCAL mean
> +			 * that IFA_LOCAL is the locally configured address, and
> +			 * IFA_ADDRESS is the peer address for a point-to-point
> +			 * interface. But our namespace interface isn't really a
> +			 * point-to-point tunnel, and we can't resolve that peer
> +			 * address via ARP: simply drop it, and keep the local
> +			 * address.

Could we just unconditionally remove IFA_ADDRESS properties (by
setting them to IFA_UNSPEC)?  That we we could avoid having two passes
through the attributes.

> +			 */
> +			if (rta->rta_type =3D=3D IFA_ADDRESS && rta_local) {
> +				memcpy(RTA_DATA(rta), RTA_DATA(rta_local),
> +				       RTA_PAYLOAD(rta));
> +			}
>  		}
> =20
>  		rc =3D nl_do(s_dst, nh, RTM_NEWADDR,

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--7cFDvqQnS/il7QeY
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmYnCK4ACgkQzQJF27ox
2Gf9Gg//WI8nYWFqKeyrphZs/vs4Q4QJsM6yqgeGZ7VWCYcnTtx1GtVF2psqiuBs
Jinyjj3/B7lIr8R9O/RoIMi2HdmepCCK01GOviFEt5lKhyqY7b1AT14EQIk/CFiW
Rzh1UnZlYMRrHzmb+rQxIXXnQdJajaBiw+sC8R6cOTNQ35qK108c1VrrnDfH4OcW
gYXJXzOL44l6cV3dCJLqh8CnkTsh23+bEZmtbKdIyG7bbLsb7URu/dO/GFejnQKF
11bqBw11UvPn1J9Z8WI0ql2bSmPWrqUl+qF1qsSmxSCSovEDmYaqDqnxttFRlLZU
a2loow8DRp6z1tzZGYuTiymFsejGnb5Vgb+SCtf+A+P14+QaTX8/gbgiDEj0OQGF
VzmqvmVMNDPmBfcX2pvV6mhIBHj54AhM1V4svDGkMHoKU+AF7RLG0pWzF8S2lsUE
y897zsOA69BxYu+J/JwH/8HgypALH8NtGAYi+P3Tf9IUKOuLz+UCqbfbfN5t0GhV
Xg71GLsiZUeMSLkOsiZodgubpl5tgNjNUefzb+1147OU2FotqSe3bHIqIAp1eCWs
sJFHhEbCm//EzDr/nNeHwB2xfVsq6AmFaBMJNh50HM4WiKehzpsOa5gNXbA88QiL
edxy2Hrjykv0fobeC7+j6yd1peFj66jV4/K62/Qgp3JsqKXgT5k=
=vGT4
-----END PGP SIGNATURE-----

--7cFDvqQnS/il7QeY--