From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=Ei3gIvWR;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id D6C175A0626
	for <passt-dev@passt.top>; Mon, 15 Dec 2025 11:38:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202512; t=1765795096;
	bh=NAnkz/6eAjjhAAfFVknyvL2N0+hTbBNXiL3xe3PMG1I=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=Ei3gIvWRsxj2vMeNVPxAoTYYi6H0FMjT2KZtwZcIXPDquanXIhRcPvNYZOfuTLnVL
	 l7aAUsp7ehJp6kOvlStp4XnqiFkXUtJiw0QRcEVReXcWIm9GWqIK8cLl2u0JJwtDia
	 QjUX8xLdzoXLq7Sa4zYX4d4rNuvRoP2vgNjuLwr6BOGS2FjaqeyE4OeXXF81SLrv//
	 G6TXobsKGVzDjIEiPA8u0mXuf9OND6xMXawYyXK0xF9UToufRnb8BSFpYh+9XxBtKa
	 bedxaSDAtKnLk2mZ1E6R6rQ4s5OC1CErgAmy5XrHtXkaBlTq6r+NaApr0vvzi0OoUM
	 Q3FB2xkQaHnJw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4dVGk03ts8z4wD0; Mon, 15 Dec 2025 21:38:16 +1100 (AEDT)
Date: Mon, 15 Dec 2025 21:38:08 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [RFC  08/12] netlink: Subscribe to route changes in namespace
Message-ID: <aT_lENnpQx1epiCH@zatzit>
References: <20251215015441.887736-1-jmaloy@redhat.com>
 <20251215015441.887736-9-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="zYohYyAV7vU7Wog4"
Content-Disposition: inline
In-Reply-To: <20251215015441.887736-9-jmaloy@redhat.com>
Message-ID-Hash: ZRQAGFHM26RLAICIVDF3Y2UKJSNHSUMG
X-Message-ID-Hash: ZRQAGFHM26RLAICIVDF3Y2UKJSNHSUMG
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: sbrivio@redhat.com, dgibson@redhat.com, passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aT_lENnpQx1epiCH@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/ZRQAGFHM26RLAICIVDF3Y2UKJSNHSUMG/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--zYohYyAV7vU7Wog4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Dec 14, 2025 at 08:54:37PM -0500, Jon Maloy wrote:
> We add subscriptions to RTMGRP_IPV4_ROUTE and RTMGRP_IPV6_ROUTE, so
> that we receive notifications when routes change on the namespace
> interface.

No, we'd need to listen in the host netns, so we can transfer those
route changes to the guest netns.

> When default routes change on the pasta interface, we update guest_gw
> (and our_tap_addr for IPv4) to reflect the new gateway. This handles
> both routes propagated from the host and routes configured manually
> by the user inside the namespace.
>=20
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>
> ---
>  netlink.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
>  1 file changed, 46 insertions(+), 3 deletions(-)
>=20
> diff --git a/netlink.c b/netlink.c
> index 7492f17..a8d3116 100644
> --- a/netlink.c
> +++ b/netlink.c
> @@ -195,7 +195,7 @@ static bool nl_addr6_add(struct ctx *c, const struct =
in6_addr *addr,
>  	idx =3D c->ip6.addr_count++;
>  	c->ip6.addrs[idx].addr =3D *addr;
>  	c->ip6.addrs[idx].prefix_len =3D prefix_len;
> -	c->ip6.addrs[idx].permanent =3D 0;
> +	c->ip6.addrs[idxyes].permanent =3D 0;

Um... what?

>  	return true;
>  }
> =20
> @@ -359,6 +359,49 @@ static void nl_linkaddr_msg_read(struct ctx *c, cons=
t struct nlmsghdr *nh)
>  				}
>  			}
>  		}
> +		return;
> +	}
> +
> +	if (nh->nlmsg_type =3D=3D RTM_NEWROUTE || nh->nlmsg_type =3D=3D RTM_DEL=
ROUTE) {
> +		bool is_new =3D (nh->nlmsg_type =3D=3D RTM_NEWROUTE);
> +		const struct rtmsg *rtm =3D NLMSG_DATA(nh);
> +		struct rtattr *rta =3D RTM_RTA(rtm);
> +		size_t na =3D RTM_PAYLOAD(nh);
> +		unsigned int oif =3D 0;
> +		void *gw =3D NULL;
> +
> +		/* Only interested in default routes (dst_len =3D=3D 0) */

No, we copy non-default routes as well.

> +		if (rtm->rtm_dst_len !=3D 0)
> +			return;
> +
> +		for (; RTA_OK(rta, na); rta =3D RTA_NEXT(rta, na)) {
> +			if (rta->rta_type =3D=3D RTA_GATEWAY)
> +				gw =3D RTA_DATA(rta);
> +			else if (rta->rta_type =3D=3D RTA_OIF)
> +				oif =3D *(unsigned int *)RTA_DATA(rta);
> +		}
> +
> +		if (!gw)

We copy non-gateway routes too (and may well need to, because there's
typically at least one non-gw route needed to reach the gateway
itself).

> +			return;
> +
> +		/* Only handle our pasta interface */
> +		if (c->mode !=3D MODE_PASTA || oif !=3D c->pasta_ifi)
> +			return;

Again, we need to be listening in the host netns, so pasta_ifi makes
no sense.

> +
> +		if (rtm->rtm_family =3D=3D AF_INET) {
> +			if (is_new) {
> +				c->ip4.guest_gw =3D *(struct in_addr *)gw;
> +				c->ip4.our_tap_addr =3D c->ip4.guest_gw;
> +			} else {
> +				c->ip4.guest_gw =3D (struct in_addr){ 0 };
> +				c->ip4.our_tap_addr =3D (struct in_addr){ 0 };
> +			}
> +		} else if (rtm->rtm_family =3D=3D AF_INET6) {
> +			if (is_new)
> +				c->ip6.guest_gw =3D *(struct in6_addr *)gw;
> +			else
> +				c->ip6.guest_gw =3D (struct in6_addr){ 0 };
> +		}
>  	}
>  }
> =20
> @@ -398,8 +441,8 @@ void nl_linkaddr_notify_handler(struct ctx *c)
>  static int nl_linkaddr_init_do(void *arg)
>  {
>  	struct sockaddr_nl addr =3D { .nl_family =3D AF_NETLINK,
> -		.nl_groups =3D RTMGRP_LINK | RTMGRP_IPV4_IFADDR |
> -			     RTMGRP_IPV6_IFADDR };
> +		.nl_groups =3D RTMGRP_LINK | RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
> +			     RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE };
> =20
>  	if (arg)
>  		ns_enter((struct ctx *)arg);
> --=20
> 2.51.1
>=20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--zYohYyAV7vU7Wog4
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmk/5Q8ACgkQzQJF27ox
2GcFag/8DrjOd98LvnNBBxDEJ2eqn1mK6MM33vxxfIz2NOdR4SnE/ObhSnMX7tRf
xegFdza7q9N+qwqt+A/scpqKA+1nQE0xzAYeCee0R4RN/xK0wumVqk/uObMjlocT
BQr7imcf1WiUxO7gYP8XaQ9d+wzdZ3lxMGrOSEYtHywitHpRpKDTLelapSmpNdtr
zYU/oUQEPMq1RcWI2mUQLmEdTC+2Jogpjdu5W2LyrCqJVK9tPIp3UReDT3PjWwvX
C+eas4S/BLXVx4/1IMBx+XYZDqhQ3aWFlNvfxANXkyW1lqTunFMfSM3UQdcbV/ZK
WYzPYcDuv3tlWQ+Wjw8kMsyOqLxDbL6Z+3DWp1U/7ac5gjglyy2i05FacrLaRewG
ldvWkFVaFta3M5D+2uQ2Isd4+BAdPDqfwaO3SXezQuABFTJeD2RLFFgCMP8S1JvC
bm2GFqj7ECa29KyyMc5LjGAa54oJ8OD81fXk+p4JUwMnKrARUwOyBKecFzRhE00q
Ag4nMDWrUffll8AuQIOa8ReI0PSlBuKqZ1iNQrRxb/RKepyk3Q4gGqrSvr3ktkH9
8V/42mGfW1DATSO80kwrjqJvuHIlvjGqHADPq+dJ7X0eycQ2WjigfkW0eesEIgcP
OZUsHjEzucpdhdp6XvjQOkDO9R0P6woc8VFq7PSwdgOZex3SSOY=
=vshO
-----END PGP SIGNATURE-----

--zYohYyAV7vU7Wog4--