From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 293D05A0272 for ; Tue, 23 Apr 2024 03:03:40 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1713834215; bh=JMIWVXGuIM97Y4cf53obAhwrZkyZiCce7iDPEXpSlmE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=aZzz0UfTi/ys2BMkDcyJrfV3lF/hyg+nQ8/LxMq9CAnbd3FEidaCke+g1x1vA0umA pfjHbKhMTjd6Ksg98AFIwHkynak+ZntM3mvZ6nXygripJn/tuavWMmoIBYhBvoPhvh sv2iuJ9O5ldExz93dTSbb37Sy23oAASmy8Dijm6guAMsp4syABDZEcUtQhDngKPwVZ 3lQ5zIC0Kert8qmuVMS7GDgh6Q3VezG8RjSxx4zHzKM+800qXs58RDoEo//Or5oXf6 UQ/x/8gVhaYqRSgZvg7TdadpWMxv0f0wzFmXNNKlrxx4HHJXAEtXDoUPVhJs4YTgKh YuKti+P2azXBw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4VNkQH5DTGz4wcp; Tue, 23 Apr 2024 11:03:35 +1000 (AEST) Date: Tue, 23 Apr 2024 11:02:43 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] netlink: Drop point-to-point peer information when we copy addresses Message-ID: References: <20240411221800.548178-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7cFDvqQnS/il7QeY" Content-Disposition: inline In-Reply-To: <20240411221800.548178-1-sbrivio@redhat.com> Message-ID-Hash: SCN6QH5XEQS7UGUZPI6LPE2P2YUC2P4U X-Message-ID-Hash: SCN6QH5XEQS7UGUZPI6LPE2P2YUC2P4U X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --7cFDvqQnS/il7QeY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 12, 2024 at 12:18:00AM +0200, Stefano Brivio wrote: > If the template host interface is of type tun, and it's configured > with a point-to-point peer address (that's what happens for example > with openvpn and '--topology net30'), pasta will copy the peer > information onto the namespace interface. >=20 > But the namespace interface is not actually a point-to-point tunnel, > and we won't resolve the peer address via ARP either, so we have > to drop this information to get the expected behaviour (traffic > regularly sent over our tap interface). >=20 > Link: https://github.com/containers/podman/issues/22320 > Signed-off-by: Stefano Brivio > --- > netlink.c | 23 ++++++++++++++++++++++- > 1 file changed, 22 insertions(+), 1 deletion(-) >=20 > diff --git a/netlink.c b/netlink.c > index 89c0641..73aaa4b 100644 > --- a/netlink.c > +++ b/netlink.c > @@ -792,8 +792,8 @@ int nl_addr_dup(int s_src, unsigned int ifi_src, > =20 > seq =3D nl_send(s_src, &req, RTM_GETADDR, NLM_F_DUMP, sizeof(req)); > nl_foreach_oftype(nh, status, s_src, buf, seq, RTM_NEWADDR) { > + struct rtattr *rta, *rta_local =3D NULL; > struct ifaddrmsg *ifa; > - struct rtattr *rta; > size_t na; > =20 > ifa =3D (struct ifaddrmsg *)NLMSG_DATA(nh); > @@ -804,12 +804,33 @@ int nl_addr_dup(int s_src, unsigned int ifi_src, > =20 > ifa->ifa_index =3D ifi_dst; > =20 > + for (rta =3D IFA_RTA(ifa), na =3D IFA_PAYLOAD(nh); RTA_OK(rta, na); > + rta =3D RTA_NEXT(rta, na)) { > + if (rta->rta_type =3D=3D IFA_LOCAL) { > + rta_local =3D rta; > + break; > + } > + } > + > for (rta =3D IFA_RTA(ifa), na =3D IFA_PAYLOAD(nh); RTA_OK(rta, na); > rta =3D RTA_NEXT(rta, na)) { > /* Strip label and expiry (cacheinfo) information */ > if (rta->rta_type =3D=3D IFA_LABEL || > rta->rta_type =3D=3D IFA_CACHEINFO) > rta->rta_type =3D IFA_UNSPEC; > + > + /* Different values for IFA_ADDRESS and IFA_LOCAL mean > + * that IFA_LOCAL is the locally configured address, and > + * IFA_ADDRESS is the peer address for a point-to-point > + * interface. But our namespace interface isn't really a > + * point-to-point tunnel, and we can't resolve that peer > + * address via ARP: simply drop it, and keep the local > + * address. Could we just unconditionally remove IFA_ADDRESS properties (by setting them to IFA_UNSPEC)? That we we could avoid having two passes through the attributes. > + */ > + if (rta->rta_type =3D=3D IFA_ADDRESS && rta_local) { > + memcpy(RTA_DATA(rta), RTA_DATA(rta_local), > + RTA_PAYLOAD(rta)); > + } > } > =20 > rc =3D nl_do(s_dst, nh, RTM_NEWADDR, --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --7cFDvqQnS/il7QeY Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmYnCK4ACgkQzQJF27ox 2Gf9Gg//WI8nYWFqKeyrphZs/vs4Q4QJsM6yqgeGZ7VWCYcnTtx1GtVF2psqiuBs Jinyjj3/B7lIr8R9O/RoIMi2HdmepCCK01GOviFEt5lKhyqY7b1AT14EQIk/CFiW Rzh1UnZlYMRrHzmb+rQxIXXnQdJajaBiw+sC8R6cOTNQ35qK108c1VrrnDfH4OcW gYXJXzOL44l6cV3dCJLqh8CnkTsh23+bEZmtbKdIyG7bbLsb7URu/dO/GFejnQKF 11bqBw11UvPn1J9Z8WI0ql2bSmPWrqUl+qF1qsSmxSCSovEDmYaqDqnxttFRlLZU a2loow8DRp6z1tzZGYuTiymFsejGnb5Vgb+SCtf+A+P14+QaTX8/gbgiDEj0OQGF VzmqvmVMNDPmBfcX2pvV6mhIBHj54AhM1V4svDGkMHoKU+AF7RLG0pWzF8S2lsUE y897zsOA69BxYu+J/JwH/8HgypALH8NtGAYi+P3Tf9IUKOuLz+UCqbfbfN5t0GhV Xg71GLsiZUeMSLkOsiZodgubpl5tgNjNUefzb+1147OU2FotqSe3bHIqIAp1eCWs sJFHhEbCm//EzDr/nNeHwB2xfVsq6AmFaBMJNh50HM4WiKehzpsOa5gNXbA88QiL edxy2Hrjykv0fobeC7+j6yd1peFj66jV4/K62/Qgp3JsqKXgT5k= =vGT4 -----END PGP SIGNATURE----- --7cFDvqQnS/il7QeY--