From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id D577A5A004F
	for <passt-dev@passt.top>; Wed, 19 Jun 2024 03:50:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1718761854;
	bh=GzcvJJBu6TQHNwVcKN7StAULe49r7f2BzvTqC57YhXU=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=avRO9eCDeD8MztkkY2YyefPCUdjwfiGkShsDKF4oxze5kNyBneKkyL0Kicu12FWsN
	 8DQQhjxIvK663QmAOAiRT0vfiJ1eY3x0j+cptKyrjBdyR3Jb+xQRRQwZLGv8nRLVmi
	 dzw+u3dGq2+5YgQxGKnhkOLmPOedhFwFmUVjWf49JA3lSm7l9yYVLfb4eaJ8KAX9Ys
	 KEb3/bRodLwZG/nQS+rR98Y2NGjlqlMxAuVuGwzesp/PHckdqYRCImeDNABr8brQdL
	 m/j8Y0VqXrAYkEvuPzo0GdRtZ7rHU8a7On7uAXCUvBd+XbXPEMd6XoYE8n/9XNXzIy
	 CnFqun5LUJ06A==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4W3mmZ2zfMz4wcp; Wed, 19 Jun 2024 11:50:54 +1000 (AEST)
Date: Wed, 19 Jun 2024 11:22:22 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] netlink: Strip nexthop identifiers when duplicating
 routes
Message-ID: <ZnIyzioi2BvgUjI2@zatzit>
References: <20240618062112.1519953-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="1ErbmYPIjYkIr2k2"
Content-Disposition: inline
In-Reply-To: <20240618062112.1519953-1-sbrivio@redhat.com>
Message-ID-Hash: 725OZ3EW6D5GIWKPHHENNVTGM6R5CWEZ
X-Message-ID-Hash: 725OZ3EW6D5GIWKPHHENNVTGM6R5CWEZ
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZnIyzioi2BvgUjI2@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/725OZ3EW6D5GIWKPHHENNVTGM6R5CWEZ/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--1ErbmYPIjYkIr2k2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 18, 2024 at 08:21:12AM +0200, Stefano Brivio wrote:
> If routing daemons set up host routes, for example FRR via OSPF as in
> the reported issue, they might add nexthop identifiers (not objects)
> that are generally not valid in the target namespace. Strip them off
> as well, otherwise we'll get EINVAL from the kernel.
>=20
> Link: https://github.com/containers/podman/issues/22960
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  netlink.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>=20
> diff --git a/netlink.c b/netlink.c
> index 4dbddb2..58822e9 100644
> --- a/netlink.c
> +++ b/netlink.c
> @@ -608,6 +608,15 @@ int nl_route_dup(int s_src, unsigned int ifi_src,
>  				 * route invalid in the namespace.  Strip off
>  				 * RTA_PREFSRC attributes to avoid that. */
>  				rta->rta_type =3D RTA_UNSPEC;
> +			} else if (rta->rta_type =3D=3D RTA_NH_ID) {
> +				/* Host routes set up via routing protocols
> +				 * (e.g. OSPF) might contain a nexthop ID (and
> +				 * not nexthop objects, which are taken care of
> +				 * in the RTA_MULTIPATH case above) that's not
> +				 * valid in the target namespace. Strip those as
> +				 * well.
> +				 */
> +				rta->rta_type =3D RTA_UNSPEC;
>  			}
>  		}
> =20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--1ErbmYPIjYkIr2k2
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmZyMr4ACgkQzQJF27ox
2Ge6ow//VlGDLOM/s4xzA2AsJT8ZyF1PcKQvnhOil0kxN7q+46HWXhrew2F964Yq
fa7Se1ZX+Y5zhmqswM6BFHQZiE4+3Fw4/C2hSrTmt8HVwmJcFdeV66Y3PRK0km0y
1uEM4LL5ALs0ydMV/kSesnJD67MSdCJBWvs5cH9PoEdYWkpLy18fblm4fqarevPv
fJ2qgdh+8z+gD/EpXH3QG6AwYJskwy7/8GD3sxDhzKy7QZvbc5uUHuYlI0Yeu0Qu
XD7NtsNYakBcKPWzl6SYyV2n4TrxVY8TPbT7zyneElWXdAN4CHhBJx3Vh7MDogWx
qxdCU9P8wnBJ3UkwLMjNiWDfWhj+REUdHnrD/l6Xpt6ZnWiRFZfOeQMbl2xshMTb
dzBEGKjx9OKZ4MYlBGI/DsAx79VPb28kL56/FU+GiaTFDJCIt0q4f6MGidTfXB6g
VtitgR7+qj/bHfNrffm+/zm25A4MvJIsc5tDjNoXHnCQDWEWP6ug3iA3LN+n8Rc6
uPCS/xsqBrsFS1AuIWGKi3dV9O3tzdsJqrgDr15dWzdtNU3xT/xrFv/5CcoHDamW
JBH5WKkepKwpvnDblC+J7NQ2XEfxjlrs1018BXrr7CPobUeiOOPLyTRdazECSiRo
I6IxhR2L1uhzoF2tIDY4uPBZ0gJlNznfFTUk93yjESo6sDi992s=
=sYu+
-----END PGP SIGNATURE-----

--1ErbmYPIjYkIr2k2--