netlink: Adjust interface index inside copied nexthop objects too

As pasta duplicates host routes into the target namespaces, interface
indices might not match, so we go through RTA_OIF attributes and fix
them up to match the identifier in the namespace.

But RTA_OIF is not the ony attribute specifying interfaces for routes:
multipath routes use RTA_MULTIPATH attributes with nexthop objects,
which contain in turn interface indices. Fix them up as well.

If we don't, and we have at least two host interfaces, and the host
interface we use as template isn't the first one (hence the
mismatching indices), we'll fail to insert multipath routes with
nexthop objects, and ultimately refuse to start as the kernel
unexpectedly gives us ENODEV.

Link: https://github.com/containers/podman/issues/22192
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

1 files changed, 11 insertions, 4 deletions

diff --git a/netlink.c b/netlink.c
index 9b3dba2..59e9e33 100644
--- a/netlink.c
+++ b/netlink.c
@@ -546,12 +546,19 @@ int nl_route_dup(int s_src, unsigned int ifi_src,
 
 		for (rta = RTM_RTA(rtm), na = RTM_PAYLOAD(nh); RTA_OK(rta, na);
 		     rta = RTA_NEXT(rta, na)) {
+			/* RTA_OIF and RTA_MULTIPATH attributes carry the
+			 * identifier of a host interface. Change them to match
+			 * the corresponding identifier in the target namespace.
+			 */
 			if (rta->rta_type == RTA_OIF) {
-				/* The host obviously list's the host interface
-				 * id here, we need to change it to the
-				 * namespace's interface id
-				 */
 				*(unsigned int *)RTA_DATA(rta) = ifi_dst;
+			} else if (rta->rta_type == RTA_MULTIPATH) {
+				struct rtnexthop *rtnh;
+
+				for (rtnh = (struct rtnexthop *)RTA_DATA(rta);
+				     RTNH_OK(rtnh, RTA_PAYLOAD(rta));
+				     rtnh = RTNH_NEXT(rtnh))
+					rtnh->rtnh_ifindex = ifi_dst;
 			} else if (rta->rta_type == RTA_PREFSRC) {
 				/* Host routes might include a preferred source
 				 * address, which must be one of the host's