[PATCH v3] netlink: Return prefix length for IPv6 addresses in nl_addr

public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed

* [PATCH v3] netlink: Return prefix length for IPv6 addresses in nl_addr_get()
@ 2026-03-07 18:41 Jon Maloy
  2026-03-09  9:47 ` David Gibson
  2026-03-09  9:56 ` Stefano Brivio
  0 siblings, 2 replies; 3+ messages in thread
From: Jon Maloy @ 2026-03-07 18:41 UTC (permalink / raw)
  To: sbrivio, dgibson, david, jmaloy, passt-dev

nl_addr_get() was not setting the prefix_len output parameter for
IPv6 addresses, only for IPv4. This meant callers always got 0 for
IPv6, forcing them to use a hardcoded default (64).

Fix by assigning *prefix_len even in the IPv6 case.

We also add another functional change. We now check for if an AF_INET
address is link local, in which case we have to skip it. Although it
is conventional to set the scope of such addresses to RT_SCOPE_LINK,
this is not stated in any RFC, and we cannot trust it to have been set
correctly by the user, just as we cannot trust it to have been set
correctly for any other AF_INET address. We therefore add this check
explicitly on the address itself.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>

---
v2: - Simplified according to feedback from S. Brivio
    - Added test for AF_INET link local property
v3: - Corrected claim about convention for IPv4 link local address
      scope in commit log.
---
 netlink.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/netlink.c b/netlink.c
index 82a2f0c..f0e8fa7 100644
--- a/netlink.c
+++ b/netlink.c
@@ -752,7 +752,7 @@ int nl_addr_set_ll_nodad(int s, unsigned int ifi)
  * @ifi:	Interface index in outer network namespace
  * @af:		Address family
  * @addr:	Global address to fill
- * @prefix_len:	Mask or prefix length, to fill (for IPv4)
+ * @prefix_len:	Mask or prefix length, to fill
  * @addr_l:	Link-scoped address to fill (for IPv6)
  *
  * Return: 0 on success, negative error code on failure
@@ -777,6 +777,7 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t af,
 	nl_foreach_oftype(nh, status, s, buf, seq, RTM_NEWADDR) {
 		struct ifaddrmsg *ifa = (struct ifaddrmsg *)NLMSG_DATA(nh);
 		struct rtattr *rta;
+		bool link_local;
 		size_t na;
 
 		if (ifa->ifa_index != ifi || ifa->ifa_flags & IFA_F_DEPRECATED)
@@ -788,18 +789,14 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t af,
 			    (af == AF_INET6 && rta->rta_type != IFA_ADDRESS))
 				continue;
 
-			if (af == AF_INET && ifa->ifa_prefixlen > prefix_max) {
-				memcpy(addr, RTA_DATA(rta), RTA_PAYLOAD(rta));
+			link_local = (af == AF_INET6) ?
+				ifa->ifa_scope >= RT_SCOPE_LINK :
+				IN4_IS_ADDR_LINKLOCAL(RTA_DATA(rta));
 
-				prefix_max = *prefix_len = ifa->ifa_prefixlen;
-			} else if (af == AF_INET6 && addr &&
-				   ifa->ifa_scope < RT_SCOPE_LINK &&
-				   ifa->ifa_prefixlen > prefix_max) {
+			if (ifa->ifa_prefixlen > prefix_max && !link_local) {
 				memcpy(addr, RTA_DATA(rta), RTA_PAYLOAD(rta));
-
-				prefix_max = ifa->ifa_prefixlen;
+				prefix_max = *prefix_len = ifa->ifa_prefixlen;
 			}
-
 			if (addr_l &&
 			    af == AF_INET6 && ifa->ifa_scope == RT_SCOPE_LINK &&
 			    ifa->ifa_prefixlen > prefix_max_ll) {
-- 
2.52.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v3] netlink: Return prefix length for IPv6 addresses in nl_addr_get()
  2026-03-07 18:41 [PATCH v3] netlink: Return prefix length for IPv6 addresses in nl_addr_get() Jon Maloy
@ 2026-03-09  9:47 ` David Gibson
  2026-03-09  9:56 ` Stefano Brivio
  1 sibling, 0 replies; 3+ messages in thread
From: David Gibson @ 2026-03-09  9:47 UTC (permalink / raw)
  To: Jon Maloy; +Cc: sbrivio, dgibson, passt-dev

[-- Attachment #1: Type: text/plain, Size: 3315 bytes --]

On Sat, Mar 07, 2026 at 01:41:57PM -0500, Jon Maloy wrote:
> nl_addr_get() was not setting the prefix_len output parameter for
> IPv6 addresses, only for IPv4. This meant callers always got 0 for
> IPv6, forcing them to use a hardcoded default (64).
> 
> Fix by assigning *prefix_len even in the IPv6 case.
> 
> We also add another functional change. We now check for if an AF_INET
> address is link local, in which case we have to skip it. Although it
> is conventional to set the scope of such addresses to RT_SCOPE_LINK,
> this is not stated in any RFC, and we cannot trust it to have been set
> correctly by the user, just as we cannot trust it to have been set
> correctly for any other AF_INET address. We therefore add this check
> explicitly on the address itself.
> 
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>
> 
> ---
> v2: - Simplified according to feedback from S. Brivio
>     - Added test for AF_INET link local property
> v3: - Corrected claim about convention for IPv4 link local address
>       scope in commit log.
> ---
>  netlink.c | 17 +++++++----------
>  1 file changed, 7 insertions(+), 10 deletions(-)
> 
> diff --git a/netlink.c b/netlink.c
> index 82a2f0c..f0e8fa7 100644
> --- a/netlink.c
> +++ b/netlink.c
> @@ -752,7 +752,7 @@ int nl_addr_set_ll_nodad(int s, unsigned int ifi)
>   * @ifi:	Interface index in outer network namespace
>   * @af:		Address family
>   * @addr:	Global address to fill
> - * @prefix_len:	Mask or prefix length, to fill (for IPv4)
> + * @prefix_len:	Mask or prefix length, to fill
>   * @addr_l:	Link-scoped address to fill (for IPv6)
>   *
>   * Return: 0 on success, negative error code on failure
> @@ -777,6 +777,7 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t af,
>  	nl_foreach_oftype(nh, status, s, buf, seq, RTM_NEWADDR) {
>  		struct ifaddrmsg *ifa = (struct ifaddrmsg *)NLMSG_DATA(nh);
>  		struct rtattr *rta;
> +		bool link_local;
>  		size_t na;
>  
>  		if (ifa->ifa_index != ifi || ifa->ifa_flags & IFA_F_DEPRECATED)
> @@ -788,18 +789,14 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t af,
>  			    (af == AF_INET6 && rta->rta_type != IFA_ADDRESS))
>  				continue;
>  
> -			if (af == AF_INET && ifa->ifa_prefixlen > prefix_max) {
> -				memcpy(addr, RTA_DATA(rta), RTA_PAYLOAD(rta));
> +			link_local = (af == AF_INET6) ?
> +				ifa->ifa_scope >= RT_SCOPE_LINK :
> +				IN4_IS_ADDR_LINKLOCAL(RTA_DATA(rta));


Is ifa->ifa_scope not populatedcorrectly for IPv4 link local addresses?
>  
> -				prefix_max = *prefix_len = ifa->ifa_prefixlen;
> -			} else if (af == AF_INET6 && addr &&
> -				   ifa->ifa_scope < RT_SCOPE_LINK &&
> -				   ifa->ifa_prefixlen > prefix_max) {
> +			if (ifa->ifa_prefixlen > prefix_max && !link_local) {
>  				memcpy(addr, RTA_DATA(rta), RTA_PAYLOAD(rta));
> -
> -				prefix_max = ifa->ifa_prefixlen;
> +				prefix_max = *prefix_len = ifa->ifa_prefixlen;
>  			}
> -
>  			if (addr_l &&
>  			    af == AF_INET6 && ifa->ifa_scope == RT_SCOPE_LINK &&
>  			    ifa->ifa_prefixlen > prefix_max_ll) {
> -- 
> 2.52.0
> 

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v3] netlink: Return prefix length for IPv6 addresses in nl_addr_get()
  2026-03-07 18:41 [PATCH v3] netlink: Return prefix length for IPv6 addresses in nl_addr_get() Jon Maloy
  2026-03-09  9:47 ` David Gibson
@ 2026-03-09  9:56 ` Stefano Brivio
  1 sibling, 0 replies; 3+ messages in thread
From: Stefano Brivio @ 2026-03-09  9:56 UTC (permalink / raw)
  To: Jon Maloy; +Cc: dgibson, david, passt-dev

The patch looks good to me now, but I have two questions:

On Sat,  7 Mar 2026 13:41:57 -0500
Jon Maloy <jmaloy@redhat.com> wrote:

> nl_addr_get() was not setting the prefix_len output parameter for
> IPv6 addresses, only for IPv4. This meant callers always got 0 for
> IPv6, forcing them to use a hardcoded default (64).
> 
> Fix by assigning *prefix_len even in the IPv6 case.
> 
> We also add another functional change. We now check for if an AF_INET
> address is link local, in which case we have to skip it.

The reason why the original code skipped IPv6 link-local addresses and
not IPv4 link-local ones is that copying a IPv6 link-local address
clearly makes no sense and breaks things.

For IPv4 I wasn't quite sure, and it seemed to work just like other
addresses, so I never took care of excluding them.

I tend to think it's correct to exclude them, also for consistency with
IPv6, but I'm not quite sure if we risk breaking something. I have some
vague recollection of link-local addresses being used in some cloud
(probably Google Computing Platform), at least for some Podman tests.
I'll try to find some pointers to it.

Did you already look into the matter, though?

By the way, this makes things inconsistent with nl_addr_dup() (used by
the vast majority of users), where IPv4 link-local addresses are copied
just like all the other ones.

> Although it
> is conventional to set the scope of such addresses to RT_SCOPE_LINK,

You mean that users manually do that? I think it's kind of rare
actually. Does the kernel do that? Or configuration agents such as
NetworkManager? I wonder a bit what you consider as "user" here.

> this is not stated in any RFC, and we cannot trust it to have been set
> correctly by the user, just as we cannot trust it to have been set
> correctly for any other AF_INET address. We therefore add this check
> explicitly on the address itself.

-- 
Stefano

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-03-09  9:56 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-07 18:41 [PATCH v3] netlink: Return prefix length for IPv6 addresses in nl_addr_get() Jon Maloy
2026-03-09  9:47 ` David Gibson
2026-03-09  9:56 ` Stefano Brivio

Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).