From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 92FFA5A004E for ; Thu, 20 Jun 2024 02:23:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1718842982; bh=1rKa+F6TW2ls+AQ0Sau/XVvsl2JvfUN0GZJeZs09LHQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=O9glWoUzxX1UCrWJa0tPOwdmL3rHvz6Vt6Cu7n8E2kSqw+rl+IRqhfwCXZI8pk+OL rFOqe21Ts2h7tZbZgwochPlRI/fyMeJxhaX2FsSInt4pnT9djzZypiHCxaTZggkRRR eF6an0u42lvq7KxExypxMZ2J5n/q6txdtChUZb1dTWYGyiY9WOuPAbZhw4OSG7wdLA yBeAYvXBnZ4cL2XwKL5gjm++OrkFYCQuEjRsAHiC8UmvjbcK7H3L7LwPxlh1xyEJKQ V6Ldc6kACSznyRD7D0xZft1uEvdONWDQAQ+RhnrCmz2adWTlzf4kC6Cr2i9NbCRPW3 cjRqTVHX+b/IQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4W4Lmk6PC9z4wyg; Thu, 20 Jun 2024 10:23:02 +1000 (AEST) Date: Thu, 20 Jun 2024 10:22:56 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH v2] netlink: Strip nexthop identifiers when duplicating routes Message-ID: References: <20240619162147.2836458-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="oOUbVJQM6vFhBCNw" Content-Disposition: inline In-Reply-To: <20240619162147.2836458-1-sbrivio@redhat.com> Message-ID-Hash: NWJ5PONUWVOW6HFZZVCKOJPIZMHD3LFM X-Message-ID-Hash: NWJ5PONUWVOW6HFZZVCKOJPIZMHD3LFM X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --oOUbVJQM6vFhBCNw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 19, 2024 at 06:21:47PM +0200, Stefano Brivio wrote: > If routing daemons set up host routes, for example FRR via OSPF as in > the reported issue, they might add nexthop identifiers (not objects) > that are generally not valid in the target namespace. Strip them off > as well, otherwise we'll get EINVAL from the kernel. >=20 > Link: https://github.com/containers/podman/issues/22960 > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > v2: oops, it looks like I didn't run this through clang-tidy :( and it > reported a bugprone-branch-clone if I have two branches both doing > the same thing (rta->rta_type =3D RTA_UNSPEC). I condensed comments > under the same branch, probably more elegant than carrying around > yet another suppression. >=20 > netlink.c | 23 ++++++++++++++++------- > 1 file changed, 16 insertions(+), 7 deletions(-) >=20 > diff --git a/netlink.c b/netlink.c > index 2c9e71f..c082991 100644 > --- a/netlink.c > +++ b/netlink.c > @@ -600,13 +600,22 @@ int nl_route_dup(int s_src, unsigned int ifi_src, > =20 > if (discard) > break; > - } else if (rta->rta_type =3D=3D RTA_PREFSRC) { > - /* Host routes might include a preferred source > - * address, which must be one of the host's > - * addresses. However, with -a pasta will use a > - * different namespace address, making such a > - * route invalid in the namespace. Strip off > - * RTA_PREFSRC attributes to avoid that. */ > + } else if (rta->rta_type =3D=3D RTA_PREFSRC || > + rta->rta_type =3D=3D RTA_NH_ID) { > + /* Strip RTA_PREFSRC attributes: host routes > + * might include a preferred source address, > + * which must be one of the host's addresses. > + * However, with -a, pasta will use a different > + * namespace address, making such a route > + * invalid in the namespace. > + * > + * Strip RTA_NH_ID attributes: host routes set > + * up via routing protocols (e.g. OSPF) might > + * contain a nexthop ID (and not nexthop > + * objects, which are taken care of in the > + * RTA_MULTIPATH case above) that's not valid > + * in the target namespace. > + */ > rta->rta_type =3D RTA_UNSPEC; > } > } --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --oOUbVJQM6vFhBCNw Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmZzdl8ACgkQzQJF27ox 2GeTXhAAmP5iX944IgOGkWh+UwI91ZaOl2eUijsKUf2Xrr6xsXPXLIYFk1mNv/sB j6u64K9PmFkB+CLYtNR8/1yeZ6E9P2JQw1nRLuLpx9wMlThyojlGgax7kojnqd5w SmwdP8nNKUXjGu1FKDY9FaZp0NiwNCVusmBRWidmTdFklwvu3cNFzOzoyvRTE1L/ Yh7AziXY9ocDk3DOGLW6PvGtHiYhrdwTGPpI1VWlB/TKcRDpivL6h5JMAgoLE2SJ mDOk/4XKaZtoh/Jmyi+R30LJB4WX1CF4EqfNjbemvDaCjcqt27IAwCJdevTt4ol3 oIz5MKjzHwtPMUf+FZmQdtKalOxuN3JAxniGvKgEbRttlh9vfDko9K8WaKsxdCSU K4d7R6Q/dEA6eXylr+u6zd8Am8ZKZYaJ68E0VP/57dii/gbC6JJDCwbycgtZWGuL 9qFG2PGQk72iXrN7vtd44MKbYG0qPwuSbX9ncMTh2u702F5wwcmftQbhYlW/2tSO pL4fgdSXXM44oFrCqNauwJvRYs4ifz2BkMlUwTKnu1G/Flgo1aEJYXbWGdxcPmwG q7r0w1mimy9+eT9ZPWVrBGDVW377wiHKVa8oxFZ2crzbRKbAIusUHIE1NuCq1jdg csJvFuJIkjemszzkQ1F9flKxS9DETXQrlwNott3Jnx/cjhTsm7E= =khP4 -----END PGP SIGNATURE----- --oOUbVJQM6vFhBCNw--