conf, pasta: Make -g and -a skip route/addresses copy for matching IP version only
Paul reports that setting IPv4 address and gateway manually, using --address and --gateway, causes pasta to fail inserting IPv6 routes in a setup where multiple, inter-dependent IPv6 routes are present on the host. That's because, currently, any -g option implies --no-copy-routes altogether, and any -a implies --no-copy-addrs. Limit this implication to the matching IP version, instead, by having two copies of no_copy_routes and no_copy_addrs in the context structure, separately for IPv4 and IPv6. While at it, change them to 'bool': we had them as 'int' because getopt_long() used to set them directly, but it hasn't been the case for a while already. Reported-by: Paul Holzinger <pholzing@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
parent
ee36266a55
commit
fbb0c9523e
4 changed files with 36 additions and 22 deletions
32
conf.c
32
conf.c
|
@ -1379,14 +1379,16 @@ void conf(struct ctx *c, int argc, char **argv)
|
||||||
die("--no-copy-routes is for pasta mode only");
|
die("--no-copy-routes is for pasta mode only");
|
||||||
|
|
||||||
warn("--no-copy-routes will be dropped soon");
|
warn("--no-copy-routes will be dropped soon");
|
||||||
c->no_copy_routes = copy_routes_opt = true;
|
c->ip4.no_copy_routes = c->ip6.no_copy_routes = true;
|
||||||
|
copy_routes_opt = true;
|
||||||
break;
|
break;
|
||||||
case 19:
|
case 19:
|
||||||
if (c->mode != MODE_PASTA)
|
if (c->mode != MODE_PASTA)
|
||||||
die("--no-copy-addrs is for pasta mode only");
|
die("--no-copy-addrs is for pasta mode only");
|
||||||
|
|
||||||
warn("--no-copy-addrs will be dropped soon");
|
warn("--no-copy-addrs will be dropped soon");
|
||||||
c->no_copy_addrs = copy_addrs_opt = true;
|
c->ip4.no_copy_addrs = c->ip6.no_copy_addrs = true;
|
||||||
|
copy_addrs_opt = true;
|
||||||
break;
|
break;
|
||||||
case 20:
|
case 20:
|
||||||
if (c->mode != MODE_PASTA)
|
if (c->mode != MODE_PASTA)
|
||||||
|
@ -1465,23 +1467,26 @@ void conf(struct ctx *c, int argc, char **argv)
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case 'a':
|
case 'a':
|
||||||
if (c->mode == MODE_PASTA)
|
|
||||||
c->no_copy_addrs = 1;
|
|
||||||
|
|
||||||
if (inet_pton(AF_INET6, optarg, &c->ip6.addr) &&
|
if (inet_pton(AF_INET6, optarg, &c->ip6.addr) &&
|
||||||
!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr) &&
|
!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr) &&
|
||||||
!IN6_IS_ADDR_LOOPBACK(&c->ip6.addr) &&
|
!IN6_IS_ADDR_LOOPBACK(&c->ip6.addr) &&
|
||||||
!IN6_IS_ADDR_V4MAPPED(&c->ip6.addr) &&
|
!IN6_IS_ADDR_V4MAPPED(&c->ip6.addr) &&
|
||||||
!IN6_IS_ADDR_V4COMPAT(&c->ip6.addr) &&
|
!IN6_IS_ADDR_V4COMPAT(&c->ip6.addr) &&
|
||||||
!IN6_IS_ADDR_MULTICAST(&c->ip6.addr))
|
!IN6_IS_ADDR_MULTICAST(&c->ip6.addr)) {
|
||||||
|
if (c->mode == MODE_PASTA)
|
||||||
|
c->ip6.no_copy_addrs = true;
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if (inet_pton(AF_INET, optarg, &c->ip4.addr) &&
|
if (inet_pton(AF_INET, optarg, &c->ip4.addr) &&
|
||||||
!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.addr) &&
|
!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.addr) &&
|
||||||
!IN4_IS_ADDR_BROADCAST(&c->ip4.addr) &&
|
!IN4_IS_ADDR_BROADCAST(&c->ip4.addr) &&
|
||||||
!IN4_IS_ADDR_LOOPBACK(&c->ip4.addr) &&
|
!IN4_IS_ADDR_LOOPBACK(&c->ip4.addr) &&
|
||||||
!IN4_IS_ADDR_MULTICAST(&c->ip4.addr))
|
!IN4_IS_ADDR_MULTICAST(&c->ip4.addr)) {
|
||||||
|
if (c->mode == MODE_PASTA)
|
||||||
|
c->ip4.no_copy_addrs = true;
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
die("Invalid address: %s", optarg);
|
die("Invalid address: %s", optarg);
|
||||||
break;
|
break;
|
||||||
|
@ -1495,19 +1500,22 @@ void conf(struct ctx *c, int argc, char **argv)
|
||||||
parse_mac(c->mac, optarg);
|
parse_mac(c->mac, optarg);
|
||||||
break;
|
break;
|
||||||
case 'g':
|
case 'g':
|
||||||
if (c->mode == MODE_PASTA)
|
|
||||||
c->no_copy_routes = 1;
|
|
||||||
|
|
||||||
if (inet_pton(AF_INET6, optarg, &c->ip6.gw) &&
|
if (inet_pton(AF_INET6, optarg, &c->ip6.gw) &&
|
||||||
!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.gw) &&
|
!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.gw) &&
|
||||||
!IN6_IS_ADDR_LOOPBACK(&c->ip6.gw))
|
!IN6_IS_ADDR_LOOPBACK(&c->ip6.gw)) {
|
||||||
|
if (c->mode == MODE_PASTA)
|
||||||
|
c->ip6.no_copy_routes = true;
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if (inet_pton(AF_INET, optarg, &c->ip4.gw) &&
|
if (inet_pton(AF_INET, optarg, &c->ip4.gw) &&
|
||||||
!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.gw) &&
|
!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.gw) &&
|
||||||
!IN4_IS_ADDR_BROADCAST(&c->ip4.gw) &&
|
!IN4_IS_ADDR_BROADCAST(&c->ip4.gw) &&
|
||||||
!IN4_IS_ADDR_LOOPBACK(&c->ip4.gw))
|
!IN4_IS_ADDR_LOOPBACK(&c->ip4.gw)) {
|
||||||
|
if (c->mode == MODE_PASTA)
|
||||||
|
c->ip4.no_copy_routes = true;
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
die("Invalid gateway address: %s", optarg);
|
die("Invalid gateway address: %s", optarg);
|
||||||
break;
|
break;
|
||||||
|
|
4
passt.1
4
passt.1
|
@ -589,7 +589,7 @@ or sourced from the host, and bring up the tap interface.
|
||||||
.BR \-\-no-copy-routes " " (DEPRECATED)
|
.BR \-\-no-copy-routes " " (DEPRECATED)
|
||||||
With \-\-config-net, do not copy all the routes associated to the interface we
|
With \-\-config-net, do not copy all the routes associated to the interface we
|
||||||
derive addresses and routes from: set up only the default gateway. Implied by
|
derive addresses and routes from: set up only the default gateway. Implied by
|
||||||
-g, \-\-gateway.
|
-g, \-\-gateway, for the corresponding IP version only.
|
||||||
|
|
||||||
Default is to copy all the routing entries from the interface in the outer
|
Default is to copy all the routing entries from the interface in the outer
|
||||||
namespace to the target namespace, translating the output interface attribute to
|
namespace to the target namespace, translating the output interface attribute to
|
||||||
|
@ -604,7 +604,7 @@ below.
|
||||||
.BR \-\-no-copy-addrs " " (DEPRECATED)
|
.BR \-\-no-copy-addrs " " (DEPRECATED)
|
||||||
With \-\-config-net, do not copy all the addresses associated to the interface
|
With \-\-config-net, do not copy all the addresses associated to the interface
|
||||||
we derive addresses and routes from: set up a single one. Implied by \-a,
|
we derive addresses and routes from: set up a single one. Implied by \-a,
|
||||||
\-\-address.
|
\-\-address, for the corresponding IP version only.
|
||||||
|
|
||||||
Default is to copy all the addresses, except for link-local ones, from the
|
Default is to copy all the addresses, except for link-local ones, from the
|
||||||
interface from the outer namespace to the target namespace.
|
interface from the outer namespace to the target namespace.
|
||||||
|
|
14
passt.h
14
passt.h
|
@ -100,6 +100,8 @@ enum passt_modes {
|
||||||
* @dns_host: Use this DNS on the host for forwarding
|
* @dns_host: Use this DNS on the host for forwarding
|
||||||
* @addr_out: Optional source address for outbound traffic
|
* @addr_out: Optional source address for outbound traffic
|
||||||
* @ifname_out: Optional interface name to bind outbound sockets to
|
* @ifname_out: Optional interface name to bind outbound sockets to
|
||||||
|
* @no_copy_routes: Don't copy all routes when configuring target namespace
|
||||||
|
* @no_copy_addrs: Don't copy all addresses when configuring namespace
|
||||||
*/
|
*/
|
||||||
struct ip4_ctx {
|
struct ip4_ctx {
|
||||||
struct in_addr addr;
|
struct in_addr addr;
|
||||||
|
@ -112,6 +114,9 @@ struct ip4_ctx {
|
||||||
|
|
||||||
struct in_addr addr_out;
|
struct in_addr addr_out;
|
||||||
char ifname_out[IFNAMSIZ];
|
char ifname_out[IFNAMSIZ];
|
||||||
|
|
||||||
|
bool no_copy_routes;
|
||||||
|
bool no_copy_addrs;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -126,6 +131,8 @@ struct ip4_ctx {
|
||||||
* @dns_host: Use this DNS on the host for forwarding
|
* @dns_host: Use this DNS on the host for forwarding
|
||||||
* @addr_out: Optional source address for outbound traffic
|
* @addr_out: Optional source address for outbound traffic
|
||||||
* @ifname_out: Optional interface name to bind outbound sockets to
|
* @ifname_out: Optional interface name to bind outbound sockets to
|
||||||
|
* @no_copy_routes: Don't copy all routes when configuring target namespace
|
||||||
|
* @no_copy_addrs: Don't copy all addresses when configuring namespace
|
||||||
*/
|
*/
|
||||||
struct ip6_ctx {
|
struct ip6_ctx {
|
||||||
struct in6_addr addr;
|
struct in6_addr addr;
|
||||||
|
@ -139,6 +146,9 @@ struct ip6_ctx {
|
||||||
|
|
||||||
struct in6_addr addr_out;
|
struct in6_addr addr_out;
|
||||||
char ifname_out[IFNAMSIZ];
|
char ifname_out[IFNAMSIZ];
|
||||||
|
|
||||||
|
bool no_copy_routes;
|
||||||
|
bool no_copy_addrs;
|
||||||
};
|
};
|
||||||
|
|
||||||
#include <netinet/if_ether.h>
|
#include <netinet/if_ether.h>
|
||||||
|
@ -173,8 +183,6 @@ struct ip6_ctx {
|
||||||
* @pasta_ifn: Name of namespace interface for pasta
|
* @pasta_ifn: Name of namespace interface for pasta
|
||||||
* @pasta_ifi: Index of namespace interface for pasta
|
* @pasta_ifi: Index of namespace interface for pasta
|
||||||
* @pasta_conf_ns: Configure namespace after creating it
|
* @pasta_conf_ns: Configure namespace after creating it
|
||||||
* @no_copy_routes: Don't copy all routes when configuring target namespace
|
|
||||||
* @no_copy_addrs: Don't copy all addresses when configuring namespace
|
|
||||||
* @no_tcp: Disable TCP operation
|
* @no_tcp: Disable TCP operation
|
||||||
* @tcp: Context for TCP protocol handler
|
* @tcp: Context for TCP protocol handler
|
||||||
* @no_tcp: Disable UDP operation
|
* @no_tcp: Disable UDP operation
|
||||||
|
@ -233,8 +241,6 @@ struct ctx {
|
||||||
char pasta_ifn[IF_NAMESIZE];
|
char pasta_ifn[IF_NAMESIZE];
|
||||||
unsigned int pasta_ifi;
|
unsigned int pasta_ifi;
|
||||||
int pasta_conf_ns;
|
int pasta_conf_ns;
|
||||||
int no_copy_routes;
|
|
||||||
int no_copy_addrs;
|
|
||||||
|
|
||||||
int no_tcp;
|
int no_tcp;
|
||||||
struct tcp_ctx tcp;
|
struct tcp_ctx tcp;
|
||||||
|
|
8
pasta.c
8
pasta.c
|
@ -306,7 +306,7 @@ void pasta_ns_conf(struct ctx *c)
|
||||||
nl_link_up(nl_sock_ns, c->pasta_ifi, c->mtu);
|
nl_link_up(nl_sock_ns, c->pasta_ifi, c->mtu);
|
||||||
|
|
||||||
if (c->ifi4) {
|
if (c->ifi4) {
|
||||||
if (c->no_copy_addrs) {
|
if (c->ip4.no_copy_addrs) {
|
||||||
rc = nl_addr_set(nl_sock_ns, c->pasta_ifi,
|
rc = nl_addr_set(nl_sock_ns, c->pasta_ifi,
|
||||||
AF_INET,
|
AF_INET,
|
||||||
&c->ip4.addr,
|
&c->ip4.addr,
|
||||||
|
@ -322,7 +322,7 @@ void pasta_ns_conf(struct ctx *c)
|
||||||
strerror(-rc));
|
strerror(-rc));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (c->no_copy_routes) {
|
if (c->ip4.no_copy_routes) {
|
||||||
rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi,
|
rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi,
|
||||||
AF_INET, &c->ip4.gw);
|
AF_INET, &c->ip4.gw);
|
||||||
} else {
|
} else {
|
||||||
|
@ -337,7 +337,7 @@ void pasta_ns_conf(struct ctx *c)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (c->ifi6) {
|
if (c->ifi6) {
|
||||||
if (c->no_copy_addrs) {
|
if (c->ip6.no_copy_addrs) {
|
||||||
rc = nl_addr_set(nl_sock_ns, c->pasta_ifi,
|
rc = nl_addr_set(nl_sock_ns, c->pasta_ifi,
|
||||||
AF_INET6, &c->ip6.addr, 64);
|
AF_INET6, &c->ip6.addr, 64);
|
||||||
} else {
|
} else {
|
||||||
|
@ -351,7 +351,7 @@ void pasta_ns_conf(struct ctx *c)
|
||||||
strerror(-rc));
|
strerror(-rc));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (c->no_copy_routes) {
|
if (c->ip6.no_copy_routes) {
|
||||||
rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi,
|
rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi,
|
||||||
AF_INET6, &c->ip6.gw);
|
AF_INET6, &c->ip6.gw);
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in a new issue