treewide: Introduce 'local mode' for disconnected setups

There are setups where no host interface is available or configured
at all, intentionally or not, temporarily or not, but users expect
(Podman) containers to run in any case as they did with slirp4netns,
and we're now getting reports that we broke such setups at a rather
alarming rate.

To this end, if we don't find any usable host interface, instead of
exiting:

- for IPv4, use 169.254.2.1 as guest/container address and 169.254.2.2
  as default gateway

- for IPv6, don't assign any address (forcibly disable DHCPv6), and
  use the *first* link-local address we observe to represent the
  guest/container. Advertise fe80::1 as default gateway

- use 'tap0' as default interface name for pasta

Change ifi4 and ifi6 in struct ctx to int and accept a special -1
value meaning that no host interface was selected, but the IP family
is enabled. The fact that the kernel uses unsigned int values for
those is not an issue as 1. one can't create so many interfaces
anyway and 2. we otherwise handle those values transparently.

Fix a botched conditional in conf_print() to actually skip printing
DHCPv6 information if DHCPv6 is disabled (and skip printing NDP
information if NDP is disabled).

Link: https://github.com/containers/podman/issues/24614
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

1 files changed, 28 insertions, 5 deletions

diff --git a/passt.1 b/passt.1
index 059abd3..15c8338 100644
--- a/passt.1
+++ b/passt.1
@@ -160,7 +160,9 @@ once for IPv6).
 By default, assigned IPv4 and IPv6 addresses are taken from the host interfaces
 with the first default route, if any, for the corresponding IP version. If no
 default routes are available and there is any interface with any route for a
-given IP version, the first of these interfaces will be chosen instead.
+given IP version, the first of these interfaces will be chosen instead. If no
+such interface exists, the link-local address 169.254.2.1 is assigned for IPv4,
+and no additional address will be assigned for IPv6.
 
 .TP
 .BR \-n ", " \-\-netmask " " \fImask
@@ -187,7 +189,9 @@ first default route, if any, for the corresponding IP version. If the default
 route is a multipath one, the gateway is the first nexthop router returned by
 the kernel which has the highest weight in the set of paths. If no default
 routes are available and there is just one interface with any route, that
-interface will be chosen instead.
+interface will be chosen instead. If no such interface exists, the link-local
+address 169.254.2.2 is used for IPv4, and the link-local address fe80::1 is used
+for IPv6.
 
 Note: these addresses are also used as source address for packets directed to
 the guest or to the target namespace having a loopback or local source address,
@@ -202,7 +206,9 @@ Default is to use the interfaces specified by \fB--outbound-if4\fR and
 
 If no interfaces are given, the interface with the first default routes for each
 IP version is selected. If no default routes are available and there is just one
-interface with any route, that interface will be chosen instead.
+interface with any route, that interface will be chosen instead. If no such
+interface exists, host interfaces will be ignored for the purposes of assigning
+addresses and routes, and link-local addresses will be used instead.
 
 .TP
 .BR \-o ", " \-\-outbound " " \fIaddr
@@ -221,7 +227,8 @@ derive IPv4 addresses and routes.
 
 By default, the interface given by the default route is selected. If no default
 routes are available and there is just one interface with any route, that
-interface will be chosen instead.
+interface will be chosen instead. If no such interface exists, outbound sockets
+will not be bound to any specific interface.
 
 .TP
 .BR \-\-outbound-if6 " " \fIname
@@ -231,7 +238,8 @@ derive IPv6 addresses and routes.
 
 By default, the interface given by the default route is selected. If no default
 routes are available and there is just one interface with any route, that
-interface will be chosen instead.
+interface will be chosen instead. If no such interface exists, outbound sockets
+will not be bound to any specific interface.
 
 .TP
 .BR \-D ", " \-\-dns " " \fIaddr
@@ -503,6 +511,7 @@ Default is \fBnone\fR.
 .BR \-I ", " \-\-ns-ifname " " \fIname
 Name of tap interface to be created in target namespace.
 By default, the same interface name as the external, routable interface is used.
+If no such interface exists, the name \fItap0\fR will be used instead.
 
 .TP
 .BR \-t ", " \-\-tcp-ports " " \fIspec
@@ -1031,6 +1040,20 @@ If the sending window cannot be queried, it will always be announced as the
 current sending buffer size to guest or target namespace. This might affect
 throughput of TCP connections.
 
+.SS Local mode for disconnected setups
+
+If \fBpasst\fR and \fBpasta\fR fail to find a host interface with a configured
+address, other than loopback addresses, they will, obviously, not attempt to
+source addresses or routes from the host.
+
+In this case, unless configured otherwise, they will assign the IPv4 link-local
+address 169.254.2.1 to the guest or target namespace, and no IPv6 address. The
+notion of the guest or target namespace IPv6 address is derived from the first
+link-local address observed.
+
+Default gateways will be assigned as the link-local address 169.254.2.2 for
+IPv4, and as the link-local address fe80::1 for IPv6.
+
 .SH LIMITATIONS
 
 Currently, IGMP/MLD proxying (RFC 4605) and support for SCTP (RFC 4960) are not