passt/netlink.c, branch 2026_05_07.1afd4ed Plug A Simple Socket Transport treewide: Spell ASSERT() as assert() 2026-03-20T20:05:29+00:00 David Gibson david@gibson.dropbear.id.au 2026-03-19T06:11:43+00:00 bc872d91765dfd6ff34b0e9a34bce410fac1cef3 The standard library assert(3), at least with glibc, hits our seccomp filter and dies with SIGSYS before it's able to print a message, making it near useless. Therefore, since 7a8ed9459dfe ("Make assertions actually useful") we've instead used our own implementation, named ASSERT(). This makes our code look slightly odd though - ASSERT() has the same overall effect as assert(), it's just a different implementation. More importantly this makes it awkward to share code between passt/pasta proper and things that compile in a more typical environment. We're going to want that for our upcoming dynamic configuration tool. Address this by overriding the standard library's assert() implementation with our own, instead of giving ours its own name. The standard assert() is supposed to be omitted if NDEBUG is defined, which ours doesn't do. Implement that as well, so ours doesn't unexpectedly differ. For the -DNDEBUG case we do this by *not* overriding assert(), since it will be a no-op anyway. This requires a few places to add a #include <assert.h> to let us compile (albeit with warnings) when -DNDEBUG. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Fix some conflicts and missing conversions as a result of applying "vu_common: Move iovec management into vu_collect()" first] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
The standard library assert(3), at least with glibc, hits our seccomp
filter and dies with SIGSYS before it's able to print a message, making it
near useless.  Therefore, since 7a8ed9459dfe ("Make assertions actually
useful") we've instead used our own implementation, named ASSERT().

This makes our code look slightly odd though - ASSERT() has the same
overall effect as assert(), it's just a different implementation.  More
importantly this makes it awkward to share code between passt/pasta proper
and things that compile in a more typical environment.  We're going to want
that for our upcoming dynamic configuration tool.

Address this by overriding the standard library's assert() implementation
with our own, instead of giving ours its own name.

The standard assert() is supposed to be omitted if NDEBUG is defined,
which ours doesn't do.  Implement that as well, so ours doesn't
unexpectedly differ.  For the -DNDEBUG case we do this by *not* overriding
assert(), since it will be a no-op anyway.  This requires a few places to
add a #include <assert.h> to let us compile (albeit with warnings) when
-DNDEBUG.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Fix some conflicts and missing conversions as a result of
 applying "vu_common: Move iovec management into vu_collect()" first]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: Allow NULL to be passed as addr parameter to nl_addr_get (again) 2026-03-11T21:11:30+00:00 David Gibson david@gibson.dropbear.id.au 2026-03-11T04:13:57+00:00 831e98384b057a7e74aa615200752c1d84c017ee A recent fix to nl_addr_get() unfortunately introduced a different problem. 251e676bd0bf removed a test if @addr was non-NULL. conf_ip6() relied on being able to pass NULL in order to update the link-local address without updating the main address (because it was already set by the user). This means that 'pasta -a 2001:db8::1' will SEGV. Reverse the incorrect part of the change to fix this. Fixes: 251e676bd0bf ("netlink: Return prefix length for IPv6 addresses in nl_addr_get()") Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
A recent fix to nl_addr_get() unfortunately introduced a different problem.
251e676bd0bf removed a test if @addr was non-NULL.  conf_ip6() relied on
being able to pass NULL in order to update the link-local address without
updating the main address (because it was already set by the user).

This means that 'pasta -a 2001:db8::1' will SEGV.  Reverse the incorrect
part of the change to fix this.

Fixes: 251e676bd0bf ("netlink: Return prefix length for IPv6 addresses in nl_addr_get()")
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: Return prefix length for IPv6 addresses in nl_addr_get() 2026-03-10T14:28:11+00:00 Jon Maloy jmaloy@redhat.com 2026-03-09T19:52:33+00:00 251e676bd0bffe0c3b8bf0e925fbc87b6d4eeb6a nl_addr_get() was not setting the prefix_len output parameter for IPv6 addresses, only for IPv4. This meant callers always got 0 for IPv6, forcing them to use a hardcoded default (64). Fix by assigning *prefix_len even in the IPv6 case. Signed-off-by: Jon Maloy <jmaloy@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
nl_addr_get() was not setting the prefix_len output parameter for
IPv6 addresses, only for IPv4. This meant callers always got 0 for
IPv6, forcing them to use a hardcoded default (64).

Fix by assigning *prefix_len even in the IPv6 case.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
epoll_ctl: Extract epoll operations 2025-10-30T14:32:12+00:00 Laurent Vivier lvivier@redhat.com 2025-10-21T21:01:11+00:00 965ea66068e653934c0016281df86c17e2a65625 Centralize epoll_add() and epoll_del() helper functions into new epoll_ctl.c/h files. This also moves the union epoll_ref definition from passt.h to epoll_ctl.h where it's more logically placed. The new epoll_add() helper simplifies adding file descriptors to epoll by taking an epoll_ref and events, handling error reporting consistently across all call sites. Signed-off-by: Laurent Vivier <lvivier@redhat.com> [sbrivio: Include epoll_ctl.h from netlink.c as it's now needed there] Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Centralize epoll_add() and epoll_del() helper functions into new
epoll_ctl.c/h files.

This also moves the union epoll_ref definition from passt.h to
epoll_ctl.h where it's more logically placed.

The new epoll_add() helper simplifies adding file descriptors to epoll
by taking an epoll_ref and events, handling error reporting
consistently across all call sites.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
[sbrivio: Include epoll_ctl.h from netlink.c as it's now needed there]
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
fwd: Add cache table for ARP/NDP contents 2025-10-30T11:01:01+00:00 Jon Maloy jmaloy@redhat.com 2025-10-24T01:29:26+00:00 45869d6f816f8c6162b41188f0d0cc20e98f8bb9 We add a cache table to keep track of the contents of the kernel ARP and NDP tables. The table is fed from the just introduced netlink based neigbour subscription function. Signed-off-by: Jon Maloy <jmaloy@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
We add a cache table to keep track of the contents of the kernel ARP
and NDP tables. The table is fed from the just introduced netlink based
neigbour subscription function.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: add subscription on changes in NDP/ARP table 2025-10-30T11:00:49+00:00 Jon Maloy jmaloy@redhat.com 2025-10-24T01:29:25+00:00 3c469013cfaa4ae7a945a6251be4abdcbcae4cc7 The solution to bug https://bugs.passt.top/show_bug.cgi?id=120 requires the ability to translate from an IP address to its corresponding MAC address in cases where those are present in the ARP or NDP tables. To keep track of the contents of these tables we add a netlink based neighbour subscription feature. Signed-off-by: Jon Maloy <jmaloy@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Fix format modifier for ndm->ndm_state, reported by dwg] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
The solution to bug https://bugs.passt.top/show_bug.cgi?id=120
requires the ability to translate from an IP address to its
corresponding MAC address in cases where those are present in
the ARP or NDP tables.

To keep track of the contents of these tables we add a netlink
based neighbour subscription feature.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Fix format modifier for ndm->ndm_state, reported by dwg]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: Don't require address to be global, just not link local 2025-09-30T10:03:39+00:00 David Gibson david@gibson.dropbear.id.au 2025-09-30T05:49:11+00:00 a96a962d7e51582ea6aaf1f9180f1be7956f5d1f nl_addr_get() will only pick up global IPv6 addresses (RT_SCOPE_UNIVERSE). This is because link-local addresses aren't suitable. However site-local addresses (in the rare occassions they're used) would be fine for our purposes. In fact, anything wider than link scope is fine, so update the check to reflect that. Change the logic in the test scripts to match as well. Reported-by: Xun Gu <xugu@redhat.com> Link: https://bugs.passt.top/show_bug.cgi?id=122 Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
nl_addr_get() will only pick up global IPv6 addresses (RT_SCOPE_UNIVERSE).
This is because link-local addresses aren't suitable.  However site-local
addresses (in the rare occassions they're used) would be fine for our
purposes.  In fact, anything wider than link scope is fine, so update the
check to reflect that.

Change the logic in the test scripts to match as well.

Reported-by: Xun Gu <xugu@redhat.com>
Link: https://bugs.passt.top/show_bug.cgi?id=122
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: Drop nexthop state flags from routes we duplicate 2025-09-19T17:30:00+00:00 Stefano Brivio sbrivio@redhat.com 2025-09-18T16:32:16+00:00 ad4aae7a3262460137c9a287819ee2957e882581 The kernel doesn't like those (EINVAL) on RTM_NEWROUTE, as they are flags representing states, not configuration. Link: https://github.com/containers/podman/discussions/27104 Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Paul Holzinger <pholzing@redhat.com> 
The kernel doesn't like those (EINVAL) on RTM_NEWROUTE, as they are
flags representing states, not configuration.

Link: https://github.com/containers/podman/discussions/27104
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Paul Holzinger <pholzing@redhat.com>
style: Add parentheses to function names in comments 2025-07-18T17:19:37+00:00 Laurent Vivier lvivier@redhat.com 2025-06-20T15:25:15+00:00 3757ea36d8aa4f40119d66646a3ccaafc670d6b4 The commit updates the style of function comments by adding parentheses to function names in the descriptions where they are missing. Done with: ---------8<------ fix_function_name.awk ---------8<------ /^\/\*\*/ { check_next = 1; print $0 next } check_next == 1 && / \* struct/ { check_next = 0 print $0 next } check_next == 1 && / \* enum/ { check_next = 0 print $0 next } check_next == 1 && /^ \* [^ (]* -/ { modified_line = gensub(/^ \* ([^ ]*) -(.*)$/, " * \\1() -\\2", "g", $0) print modified_line check_next = 0; next } { print $0 check_next = 0 } ---------8<------ fix_function_name.awk ---------8<------ Then for file in *.[ch]; do cp ${file} ${file}.tmp && \ awk -f fix_function_name.awk ${file}.tmp > ${file} done Signed-off-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
The commit updates the style of function comments by adding parentheses
to function names in the descriptions where they are missing.

Done with:

---------8<------ fix_function_name.awk ---------8<------
/^\/\*\*/ {
    check_next = 1;
    print $0
    next
}
check_next == 1 && / \* struct/ {
    check_next = 0
    print $0
    next
}
check_next == 1 && / \* enum/ {
    check_next = 0
    print $0
    next
}
check_next == 1 && /^ \* [^ (]* -/ {
   modified_line = gensub(/^ \* ([^ ]*) -(.*)$/, " * \\1() -\\2", "g", $0)
   print modified_line
   check_next = 0;
   next
}
{
    print $0
    check_next = 0
}
---------8<------ fix_function_name.awk ---------8<------

Then

for file in *.[ch]; do
    cp ${file} ${file}.tmp && \
    awk -f fix_function_name.awk ${file}.tmp > ${file}
done

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Correct various function comment headers 2025-06-04T10:32:04+00:00 Laurent Vivier lvivier@redhat.com 2025-05-19T08:52:56+00:00 2c883498b58a3dab702b3376a2ca828e61d3283d This commit refines function comment headers for improved accuracy and consistency. Key changes include: - Corrected parameter/return descriptions (e.g., `logtime`, `__daemon`). - Added missing and removed incorrect parameter documentation (e.g., `tcp_vu_sock_recv`, `ndp`). - Standardized comments to the `/** ... */` style for functions like `udp_flow_close` and `ns_enter`. - Ensured function names in comments consistently use `()`. - Addressed minor typos and updated comments for renamed functions. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This commit refines function comment headers for improved accuracy
and consistency. Key changes include:

- Corrected parameter/return descriptions (e.g., `logtime`, `__daemon`).
- Added missing and removed incorrect parameter documentation (e.g.,
  `tcp_vu_sock_recv`, `ndp`).
- Standardized comments to the `/** ... */` style for functions
  like `udp_flow_close` and `ns_enter`.
- Ensured function names in comments consistently use `()`.
- Addressed minor typos and updated comments for renamed functions.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>