From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=fail reason="key not found in DNS" header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202312 header.b=A6RBj8X/;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 12D7A5A0275
	for <passt-dev@passt.top>; Thu, 15 Aug 2024 05:43:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1723693394;
	bh=Xkze0WL951jRUiqDNQMYeWM1F/mihtDES+r7gATj+Xk=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=A6RBj8X/a6f6PlVfgQ1Ksz0WSy4pPIMpu0KrEYa3gGKxT+4EnuwDQs+KpMrtVauhf
	 SgWJ6GR1dsdGpuJGbJs8T+7EjYrE/pfu4XewyBXBvCurtmwiwiDBLsdTFNUdvuGm+f
	 rg/Aev9RriA1rYSAaOtJalO6nXs2gyQZEvCRFRRAeMS7j96PV6GFewcmeJqyaJ63bD
	 TgJyv0S1bqYYJ7Dn85j3m6oGr9vkEaMgzuUrYfZoNQuNHnDd42ow352GncqVC5zWRJ
	 BrJ+r8E7a73cs7xC4C0Mrso+HHwGNNAteOtvc/98kyuhFCTpFULX9L9XBCSE+oe9Wj
	 Os3EVHnP93Qnw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4WkrYt0Srlz4x5M; Thu, 15 Aug 2024 13:43:14 +1000 (AEST)
Date: Thu, 15 Aug 2024 13:04:42 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH 5/7] netlink, pasta: Fetch link-local address from
 namespace interface once it's up
Message-ID: <Zr1wSrzT_lzakOjT@zatzit.fritz.box>
References: <20240814225429.3707908-1-sbrivio@redhat.com>
 <20240814225429.3707908-6-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="xgVn8U7jRGGfWMxJ"
Content-Disposition: inline
In-Reply-To: <20240814225429.3707908-6-sbrivio@redhat.com>
Message-ID-Hash: 3Y23RC6G4B7KMSLX4LDAQCV2BT4Y4KLU
X-Message-ID-Hash: 3Y23RC6G4B7KMSLX4LDAQCV2BT4Y4KLU
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Paul Holzinger <pholzing@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Zr1wSrzT_lzakOjT@zatzit.fritz.box/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/3Y23RC6G4B7KMSLX4LDAQCV2BT4Y4KLU/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--xgVn8U7jRGGfWMxJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 15, 2024 at 12:54:27AM +0200, Stefano Brivio wrote:
> As soon as we bring up the interface, the Linux kernel will set up a
> link-local address for it, so we can fetch it and start using right
> away, if we need a link-local address to communicate to the container
> before we see any traffic coming from it.
>=20
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> ---
>  netlink.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
>  netlink.h |  1 +
>  pasta.c   |  7 +++++++
>  3 files changed, 55 insertions(+)
>=20
> diff --git a/netlink.c b/netlink.c
> index 4b49de1..3b37087 100644
> --- a/netlink.c
> +++ b/netlink.c
> @@ -836,6 +836,53 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t=
 af,
>  	return status;
>  }
> =20
> +/**
> + * nl_addr_get_ll() - Get first IPv6 link-local address for a given inte=
rface
> + * @s:		Netlink socket
> + * @ifi:	Interface index in outer network namespace
> + * @addr:	Link-local address to fill
> + *
> + * Return: 0 on success, negative error code on failure
> + */
> +int nl_addr_get_ll(int s, unsigned int ifi, void *addr)

Given this is explicitly for IPv6, I don't see a reason not to use
(struct in6_addr *addr) for greater type safety.

> +{
> +	struct req_t {
> +		struct nlmsghdr nlh;
> +		struct ifaddrmsg ifa;
> +	} req =3D {
> +		.ifa.ifa_family		=3D AF_INET6,
> +		.ifa.ifa_index		=3D ifi,
> +	};
> +	struct nlmsghdr *nh;
> +	bool found =3D false;
> +	char buf[NLBUFSIZ];
> +	ssize_t status;
> +	uint32_t seq;
> +
> +	seq =3D nl_send(s, &req, RTM_GETADDR, NLM_F_DUMP, sizeof(req));
> +	nl_foreach_oftype(nh, status, s, buf, seq, RTM_NEWADDR) {
> +		struct ifaddrmsg *ifa =3D (struct ifaddrmsg *)NLMSG_DATA(nh);
> +		struct rtattr *rta;
> +		size_t na;
> +
> +		if (ifa->ifa_index !=3D ifi || ifa->ifa_scope !=3D RT_SCOPE_LINK ||
> +		    found)
> +			continue;
> +
> +		for (rta =3D IFA_RTA(ifa), na =3D IFA_PAYLOAD(nh); RTA_OK(rta, na);
> +		     rta =3D RTA_NEXT(rta, na)) {
> +			if (rta->rta_type !=3D IFA_ADDRESS)
> +				continue;
> +
> +			if (!found) {
> +				memcpy(addr, RTA_DATA(rta), RTA_PAYLOAD(rta));
> +				found =3D true;
> +			}
> +		}
> +	}
> +	return status;
> +}
> +
>  /**
>   * nl_add_set() - Set IP addresses for given interface and address family
>   * @s:		Netlink socket
> diff --git a/netlink.h b/netlink.h
> index 66a44ad..bdfdef0 100644
> --- a/netlink.h
> +++ b/netlink.h
> @@ -19,6 +19,7 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t af,
>  		void *addr, int *prefix_len, void *addr_l);
>  int nl_addr_set(int s, unsigned int ifi, sa_family_t af,
>  		const void *addr, int prefix_len);
> +int nl_addr_get_ll(int s, unsigned int ifi, void *addr);
>  int nl_addr_set_ll_nodad(int s, unsigned int ifi);
>  int nl_addr_dup(int s_src, unsigned int ifi_src,
>  		int s_dst, unsigned int ifi_dst, sa_family_t af);
> diff --git a/pasta.c b/pasta.c
> index 838bbb3..cebf54f 100644
> --- a/pasta.c
> +++ b/pasta.c
> @@ -340,6 +340,13 @@ void pasta_ns_conf(struct ctx *c)
>  		}
> =20
>  		if (c->ifi6) {
> +			rc =3D nl_addr_get_ll(nl_sock_ns, c->pasta_ifi,
> +					    &c->ip6.addr_ll_seen);
> +			if (rc < 0) {
> +				die("Can't fetch LL address from namespace: %s",
> +				    strerror(-rc));

Again, we can generally cope with not having an addr_ll_seen
initially, so I think a warn() would make more sense.

> +			}
> +
>  			rc =3D nl_addr_set_ll_nodad(nl_sock_ns, c->pasta_ifi);
>  			if (rc < 0) {
>  				die("Can't disable DAD for LL in namespace: %s",

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--xgVn8U7jRGGfWMxJ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAma9cEkACgkQzQJF27ox
2Gd/SQ/9FK92TjLAiMIywuqv2/4EGV5ngvtDK1Js6Hf6PjsLKiY8jBvcTftDEWGf
rwoNAgmoFuipoCHUha8S03jiyTakhAWME86KRUfMLuHCPAx0XCAiNg8PiAhFzu3y
3uzgPKBAc6h26ZKgjmQEjytZL3B5xbqYDvRtTVv0qKlYxmizGsgZQUmTQnM2INe0
5u+26BZ4KbQw0thGB5lZc+GBvwk+ZZJ7X5g+eBWrA+b5GOj7obQYD9QeYzie+TQM
IMgC3BAKEyOxQR0m3WRfawVUU/kCoiWr6zQ8wasTD8Dxer6F0/bE3lDC/mP2SSQx
7rNWxnjYg4fa9Pl/TKJFi+eA1wUUYrUAu3Z9zwuKyiRPBpP7Bahl0W7S6oYU/Sva
ZLpGVZkVrVjoGnm8n+0IlyotDo+3TzUMNGKp/FxpXppVpX3yUmnh0dWEtf+WsI7X
NCX7+QQ7imKvXAOAcbDsOnlkb4BGJpu5/mszMSv/Hg7o+z2Fdt4oi/s0XTN26jxP
xiXBHeKwnJ1J/sqbqPkJOIS/q0/g34sWzCO+XYrMMUgYFvsxKGwNY+E4lhj/gsgP
5EkywvIEEuzPCl/MO8Jc6Q/Pcuu+HmqR2uQMJUM7Rw7m6Vo9MYz1JxsVhEJlpPST
PHA7T7upuNswbAFozZf25RjZN/r2Ml2nG2Y0+fBh5JeXT4H3gFQ=
=Xmrs
-----END PGP SIGNATURE-----

--xgVn8U7jRGGfWMxJ--