From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=fail reason="key not found in DNS" header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202312 header.b=A6RBj8X/; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 12D7A5A0275 for ; Thu, 15 Aug 2024 05:43:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1723693394; bh=Xkze0WL951jRUiqDNQMYeWM1F/mihtDES+r7gATj+Xk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=A6RBj8X/a6f6PlVfgQ1Ksz0WSy4pPIMpu0KrEYa3gGKxT+4EnuwDQs+KpMrtVauhf SgWJ6GR1dsdGpuJGbJs8T+7EjYrE/pfu4XewyBXBvCurtmwiwiDBLsdTFNUdvuGm+f rg/Aev9RriA1rYSAaOtJalO6nXs2gyQZEvCRFRRAeMS7j96PV6GFewcmeJqyaJ63bD TgJyv0S1bqYYJ7Dn85j3m6oGr9vkEaMgzuUrYfZoNQuNHnDd42ow352GncqVC5zWRJ BrJ+r8E7a73cs7xC4C0Mrso+HHwGNNAteOtvc/98kyuhFCTpFULX9L9XBCSE+oe9Wj Os3EVHnP93Qnw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4WkrYt0Srlz4x5M; Thu, 15 Aug 2024 13:43:14 +1000 (AEST) Date: Thu, 15 Aug 2024 13:04:42 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH 5/7] netlink, pasta: Fetch link-local address from namespace interface once it's up Message-ID: References: <20240814225429.3707908-1-sbrivio@redhat.com> <20240814225429.3707908-6-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xgVn8U7jRGGfWMxJ" Content-Disposition: inline In-Reply-To: <20240814225429.3707908-6-sbrivio@redhat.com> Message-ID-Hash: 3Y23RC6G4B7KMSLX4LDAQCV2BT4Y4KLU X-Message-ID-Hash: 3Y23RC6G4B7KMSLX4LDAQCV2BT4Y4KLU X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --xgVn8U7jRGGfWMxJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 15, 2024 at 12:54:27AM +0200, Stefano Brivio wrote: > As soon as we bring up the interface, the Linux kernel will set up a > link-local address for it, so we can fetch it and start using right > away, if we need a link-local address to communicate to the container > before we see any traffic coming from it. >=20 > Signed-off-by: Stefano Brivio > --- > netlink.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ > netlink.h | 1 + > pasta.c | 7 +++++++ > 3 files changed, 55 insertions(+) >=20 > diff --git a/netlink.c b/netlink.c > index 4b49de1..3b37087 100644 > --- a/netlink.c > +++ b/netlink.c > @@ -836,6 +836,53 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t= af, > return status; > } > =20 > +/** > + * nl_addr_get_ll() - Get first IPv6 link-local address for a given inte= rface > + * @s: Netlink socket > + * @ifi: Interface index in outer network namespace > + * @addr: Link-local address to fill > + * > + * Return: 0 on success, negative error code on failure > + */ > +int nl_addr_get_ll(int s, unsigned int ifi, void *addr) Given this is explicitly for IPv6, I don't see a reason not to use (struct in6_addr *addr) for greater type safety. > +{ > + struct req_t { > + struct nlmsghdr nlh; > + struct ifaddrmsg ifa; > + } req =3D { > + .ifa.ifa_family =3D AF_INET6, > + .ifa.ifa_index =3D ifi, > + }; > + struct nlmsghdr *nh; > + bool found =3D false; > + char buf[NLBUFSIZ]; > + ssize_t status; > + uint32_t seq; > + > + seq =3D nl_send(s, &req, RTM_GETADDR, NLM_F_DUMP, sizeof(req)); > + nl_foreach_oftype(nh, status, s, buf, seq, RTM_NEWADDR) { > + struct ifaddrmsg *ifa =3D (struct ifaddrmsg *)NLMSG_DATA(nh); > + struct rtattr *rta; > + size_t na; > + > + if (ifa->ifa_index !=3D ifi || ifa->ifa_scope !=3D RT_SCOPE_LINK || > + found) > + continue; > + > + for (rta =3D IFA_RTA(ifa), na =3D IFA_PAYLOAD(nh); RTA_OK(rta, na); > + rta =3D RTA_NEXT(rta, na)) { > + if (rta->rta_type !=3D IFA_ADDRESS) > + continue; > + > + if (!found) { > + memcpy(addr, RTA_DATA(rta), RTA_PAYLOAD(rta)); > + found =3D true; > + } > + } > + } > + return status; > +} > + > /** > * nl_add_set() - Set IP addresses for given interface and address family > * @s: Netlink socket > diff --git a/netlink.h b/netlink.h > index 66a44ad..bdfdef0 100644 > --- a/netlink.h > +++ b/netlink.h > @@ -19,6 +19,7 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t af, > void *addr, int *prefix_len, void *addr_l); > int nl_addr_set(int s, unsigned int ifi, sa_family_t af, > const void *addr, int prefix_len); > +int nl_addr_get_ll(int s, unsigned int ifi, void *addr); > int nl_addr_set_ll_nodad(int s, unsigned int ifi); > int nl_addr_dup(int s_src, unsigned int ifi_src, > int s_dst, unsigned int ifi_dst, sa_family_t af); > diff --git a/pasta.c b/pasta.c > index 838bbb3..cebf54f 100644 > --- a/pasta.c > +++ b/pasta.c > @@ -340,6 +340,13 @@ void pasta_ns_conf(struct ctx *c) > } > =20 > if (c->ifi6) { > + rc =3D nl_addr_get_ll(nl_sock_ns, c->pasta_ifi, > + &c->ip6.addr_ll_seen); > + if (rc < 0) { > + die("Can't fetch LL address from namespace: %s", > + strerror(-rc)); Again, we can generally cope with not having an addr_ll_seen initially, so I think a warn() would make more sense. > + } > + > rc =3D nl_addr_set_ll_nodad(nl_sock_ns, c->pasta_ifi); > if (rc < 0) { > die("Can't disable DAD for LL in namespace: %s", --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --xgVn8U7jRGGfWMxJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAma9cEkACgkQzQJF27ox 2Gd/SQ/9FK92TjLAiMIywuqv2/4EGV5ngvtDK1Js6Hf6PjsLKiY8jBvcTftDEWGf rwoNAgmoFuipoCHUha8S03jiyTakhAWME86KRUfMLuHCPAx0XCAiNg8PiAhFzu3y 3uzgPKBAc6h26ZKgjmQEjytZL3B5xbqYDvRtTVv0qKlYxmizGsgZQUmTQnM2INe0 5u+26BZ4KbQw0thGB5lZc+GBvwk+ZZJ7X5g+eBWrA+b5GOj7obQYD9QeYzie+TQM IMgC3BAKEyOxQR0m3WRfawVUU/kCoiWr6zQ8wasTD8Dxer6F0/bE3lDC/mP2SSQx 7rNWxnjYg4fa9Pl/TKJFi+eA1wUUYrUAu3Z9zwuKyiRPBpP7Bahl0W7S6oYU/Sva ZLpGVZkVrVjoGnm8n+0IlyotDo+3TzUMNGKp/FxpXppVpX3yUmnh0dWEtf+WsI7X NCX7+QQ7imKvXAOAcbDsOnlkb4BGJpu5/mszMSv/Hg7o+z2Fdt4oi/s0XTN26jxP xiXBHeKwnJ1J/sqbqPkJOIS/q0/g34sWzCO+XYrMMUgYFvsxKGwNY+E4lhj/gsgP 5EkywvIEEuzPCl/MO8Jc6Q/Pcuu+HmqR2uQMJUM7Rw7m6Vo9MYz1JxsVhEJlpPST PHA7T7upuNswbAFozZf25RjZN/r2Ml2nG2Y0+fBh5JeXT4H3gFQ= =Xmrs -----END PGP SIGNATURE----- --xgVn8U7jRGGfWMxJ--