passt/netlink.c, branch bug165c Plug A Simple Socket Transport epoll_ctl: Extract epoll operations 2025-10-30T14:32:12+00:00 Laurent Vivier lvivier@redhat.com 2025-10-21T21:01:11+00:00 965ea66068e653934c0016281df86c17e2a65625 Centralize epoll_add() and epoll_del() helper functions into new epoll_ctl.c/h files. This also moves the union epoll_ref definition from passt.h to epoll_ctl.h where it's more logically placed. The new epoll_add() helper simplifies adding file descriptors to epoll by taking an epoll_ref and events, handling error reporting consistently across all call sites. Signed-off-by: Laurent Vivier <lvivier@redhat.com> [sbrivio: Include epoll_ctl.h from netlink.c as it's now needed there] Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Centralize epoll_add() and epoll_del() helper functions into new
epoll_ctl.c/h files.

This also moves the union epoll_ref definition from passt.h to
epoll_ctl.h where it's more logically placed.

The new epoll_add() helper simplifies adding file descriptors to epoll
by taking an epoll_ref and events, handling error reporting
consistently across all call sites.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
[sbrivio: Include epoll_ctl.h from netlink.c as it's now needed there]
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
fwd: Add cache table for ARP/NDP contents 2025-10-30T11:01:01+00:00 Jon Maloy jmaloy@redhat.com 2025-10-24T01:29:26+00:00 45869d6f816f8c6162b41188f0d0cc20e98f8bb9 We add a cache table to keep track of the contents of the kernel ARP and NDP tables. The table is fed from the just introduced netlink based neigbour subscription function. Signed-off-by: Jon Maloy <jmaloy@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
We add a cache table to keep track of the contents of the kernel ARP
and NDP tables. The table is fed from the just introduced netlink based
neigbour subscription function.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: add subscription on changes in NDP/ARP table 2025-10-30T11:00:49+00:00 Jon Maloy jmaloy@redhat.com 2025-10-24T01:29:25+00:00 3c469013cfaa4ae7a945a6251be4abdcbcae4cc7 The solution to bug https://bugs.passt.top/show_bug.cgi?id=120 requires the ability to translate from an IP address to its corresponding MAC address in cases where those are present in the ARP or NDP tables. To keep track of the contents of these tables we add a netlink based neighbour subscription feature. Signed-off-by: Jon Maloy <jmaloy@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Fix format modifier for ndm->ndm_state, reported by dwg] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
The solution to bug https://bugs.passt.top/show_bug.cgi?id=120
requires the ability to translate from an IP address to its
corresponding MAC address in cases where those are present in
the ARP or NDP tables.

To keep track of the contents of these tables we add a netlink
based neighbour subscription feature.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Fix format modifier for ndm->ndm_state, reported by dwg]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: Don't require address to be global, just not link local 2025-09-30T10:03:39+00:00 David Gibson david@gibson.dropbear.id.au 2025-09-30T05:49:11+00:00 a96a962d7e51582ea6aaf1f9180f1be7956f5d1f nl_addr_get() will only pick up global IPv6 addresses (RT_SCOPE_UNIVERSE). This is because link-local addresses aren't suitable. However site-local addresses (in the rare occassions they're used) would be fine for our purposes. In fact, anything wider than link scope is fine, so update the check to reflect that. Change the logic in the test scripts to match as well. Reported-by: Xun Gu <xugu@redhat.com> Link: https://bugs.passt.top/show_bug.cgi?id=122 Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
nl_addr_get() will only pick up global IPv6 addresses (RT_SCOPE_UNIVERSE).
This is because link-local addresses aren't suitable.  However site-local
addresses (in the rare occassions they're used) would be fine for our
purposes.  In fact, anything wider than link scope is fine, so update the
check to reflect that.

Change the logic in the test scripts to match as well.

Reported-by: Xun Gu <xugu@redhat.com>
Link: https://bugs.passt.top/show_bug.cgi?id=122
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: Drop nexthop state flags from routes we duplicate 2025-09-19T17:30:00+00:00 Stefano Brivio sbrivio@redhat.com 2025-09-18T16:32:16+00:00 ad4aae7a3262460137c9a287819ee2957e882581 The kernel doesn't like those (EINVAL) on RTM_NEWROUTE, as they are flags representing states, not configuration. Link: https://github.com/containers/podman/discussions/27104 Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Paul Holzinger <pholzing@redhat.com> 
The kernel doesn't like those (EINVAL) on RTM_NEWROUTE, as they are
flags representing states, not configuration.

Link: https://github.com/containers/podman/discussions/27104
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Paul Holzinger <pholzing@redhat.com>
style: Add parentheses to function names in comments 2025-07-18T17:19:37+00:00 Laurent Vivier lvivier@redhat.com 2025-06-20T15:25:15+00:00 3757ea36d8aa4f40119d66646a3ccaafc670d6b4 The commit updates the style of function comments by adding parentheses to function names in the descriptions where they are missing. Done with: ---------8<------ fix_function_name.awk ---------8<------ /^\/\*\*/ { check_next = 1; print $0 next } check_next == 1 && / \* struct/ { check_next = 0 print $0 next } check_next == 1 && / \* enum/ { check_next = 0 print $0 next } check_next == 1 && /^ \* [^ (]* -/ { modified_line = gensub(/^ \* ([^ ]*) -(.*)$/, " * \\1() -\\2", "g", $0) print modified_line check_next = 0; next } { print $0 check_next = 0 } ---------8<------ fix_function_name.awk ---------8<------ Then for file in *.[ch]; do cp ${file} ${file}.tmp && \ awk -f fix_function_name.awk ${file}.tmp > ${file} done Signed-off-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
The commit updates the style of function comments by adding parentheses
to function names in the descriptions where they are missing.

Done with:

---------8<------ fix_function_name.awk ---------8<------
/^\/\*\*/ {
    check_next = 1;
    print $0
    next
}
check_next == 1 && / \* struct/ {
    check_next = 0
    print $0
    next
}
check_next == 1 && / \* enum/ {
    check_next = 0
    print $0
    next
}
check_next == 1 && /^ \* [^ (]* -/ {
   modified_line = gensub(/^ \* ([^ ]*) -(.*)$/, " * \\1() -\\2", "g", $0)
   print modified_line
   check_next = 0;
   next
}
{
    print $0
    check_next = 0
}
---------8<------ fix_function_name.awk ---------8<------

Then

for file in *.[ch]; do
    cp ${file} ${file}.tmp && \
    awk -f fix_function_name.awk ${file}.tmp > ${file}
done

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Correct various function comment headers 2025-06-04T10:32:04+00:00 Laurent Vivier lvivier@redhat.com 2025-05-19T08:52:56+00:00 2c883498b58a3dab702b3376a2ca828e61d3283d This commit refines function comment headers for improved accuracy and consistency. Key changes include: - Corrected parameter/return descriptions (e.g., `logtime`, `__daemon`). - Added missing and removed incorrect parameter documentation (e.g., `tcp_vu_sock_recv`, `ndp`). - Standardized comments to the `/** ... */` style for functions like `udp_flow_close` and `ns_enter`. - Ensured function names in comments consistently use `()`. - Addressed minor typos and updated comments for renamed functions. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This commit refines function comment headers for improved accuracy
and consistency. Key changes include:

- Corrected parameter/return descriptions (e.g., `logtime`, `__daemon`).
- Added missing and removed incorrect parameter documentation (e.g.,
  `tcp_vu_sock_recv`, `ndp`).
- Standardized comments to the `/** ... */` style for functions
  like `udp_flow_close` and `ns_enter`.
- Ensured function names in comments consistently use `()`.
- Addressed minor typos and updated comments for renamed functions.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
treewide: Mark assorted functions static 2025-03-07T01:21:24+00:00 David Gibson dgibson@redhat.com 2025-03-05T06:15:03+00:00 57d2db370b9c12aca84901d968c2c31db89ca462 This marks static a number of functions which are only used in their .c file, have no prototypes in a .h and were never intended to be globally exposed. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This marks static a number of functions which are only used in their .c
file, have no prototypes in a .h and were never intended to be globally
exposed.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
netlink: Skip loopback interface while looking for a template 2025-01-24T20:39:52+00:00 Stefano Brivio sbrivio@redhat.com 2025-01-23T07:55:49+00:00 d477a1fb03c5995d07e481b25dd94fc9e9bc02f2 There might be reasons to have routes on the loopback interface, for example Any-IP/AnyIP routes as implemented by Linux kernel commit ab79ad14a2d5 ("ipv6: Implement Any-IP support for IPv6."). If we use the loopback interface as a template, though, we'll pick 'lo' (typically) as interface name for our tap interface, but we'll already have an interface called 'lo' in the target namespace, and as we TUNSETIFF on it, we'll fail with EINVAL, because it's not a tap interface. Skip the loopback interface while looking for a template interface or, more accurately, skip the interface with index 1. Strictly speaking, we should fetch interface flags via RTM_GETLINK instead, and check for IFF_LOOPBACK, but interleaving that request while we're iterating over routes is unnecessarily complicated. Link: https://www.reddit.com/r/podman/comments/1i6pj7u/starting_pod_without_external_network/ Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> 
There might be reasons to have routes on the loopback interface, for
example Any-IP/AnyIP routes as implemented by Linux kernel commit
ab79ad14a2d5 ("ipv6: Implement Any-IP support for IPv6.").

If we use the loopback interface as a template, though, we'll pick
'lo' (typically) as interface name for our tap interface, but we'll
already have an interface called 'lo' in the target namespace, and as
we TUNSETIFF on it, we'll fail with EINVAL, because it's not a tap
interface.

Skip the loopback interface while looking for a template interface or,
more accurately, skip the interface with index 1.

Strictly speaking, we should fetch interface flags via RTM_GETLINK
instead, and check for IFF_LOOPBACK, but interleaving that request
while we're iterating over routes is unnecessarily complicated.

Link: https://www.reddit.com/r/podman/comments/1i6pj7u/starting_pod_without_external_network/
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
treewide: Dodge dynamic memory allocation in strerror() from glibc > 2.40 2024-12-11T11:21:23+00:00 Stefano Brivio sbrivio@redhat.com 2024-12-10T23:13:39+00:00 09478d55fe1a21f8c55902399df84d13867e71be With glibc commit 25a5eb4010df ("string: strerror, strsignal cannot use buffer after dlmopen (bug 32026)"), strerror() now needs, at least on x86, the getrandom() and brk() system calls, in order to fill in the locale-translated error message. But getrandom() and brk() are not allowed by our seccomp profiles. This became visible on Fedora Rawhide with the "podman login and logout" Podman tests, defined at test/e2e/login_logout_test.go in the Podman source tree, where pasta would terminate upon printing error descriptions (at least the ones related to the SO_ERROR queue for spliced connections). Avoid dynamic memory allocation by calling strerrordesc_np() instead, which is a GNU function returning a static, untranslated version of the error description. If it's not available, keep calling strerror(), which at that point should be simple enough as to be usable (at least, that's currently the case for musl). Reported-by: Paul Holzinger <pholzing@redhat.com> Link: https://github.com/containers/podman/issues/24804 Analysed-by: Paul Holzinger <pholzing@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Tested-by: Paul Holzinger <pholzing@redhat.com> 
With glibc commit 25a5eb4010df ("string: strerror, strsignal cannot
use buffer after dlmopen (bug 32026)"), strerror() now needs, at least
on x86, the getrandom() and brk() system calls, in order to fill in
the locale-translated error message. But getrandom() and brk() are not
allowed by our seccomp profiles.

This became visible on Fedora Rawhide with the "podman login and
logout" Podman tests, defined at test/e2e/login_logout_test.go in the
Podman source tree, where pasta would terminate upon printing error
descriptions (at least the ones related to the SO_ERROR queue for
spliced connections).

Avoid dynamic memory allocation by calling strerrordesc_np() instead,
which is a GNU function returning a static, untranslated version of
the error description. If it's not available, keep calling strerror(),
which at that point should be simple enough as to be usable (at least,
that's currently the case for musl).

Reported-by: Paul Holzinger <pholzing@redhat.com>
Link: https://github.com/containers/podman/issues/24804
Analysed-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Paul Holzinger <pholzing@redhat.com>