diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2023-08-03 17:19:53 +1000 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-08-04 01:30:22 +0200 |
| commit | 8de9805224046bfb601b6c59b1b482fd08f3ce24 (patch) | |
| tree | 1a6d1f727340096e83d5264686d3f17d1905cf09 /pasta.c | |
| parent | a3093182758eb58116eb5b400f3c44acef571056 (diff) | |
| download | passt-8de9805224046bfb601b6c59b1b482fd08f3ce24.tar passt-8de9805224046bfb601b6c59b1b482fd08f3ce24.tar.gz passt-8de9805224046bfb601b6c59b1b482fd08f3ce24.tar.bz2 passt-8de9805224046bfb601b6c59b1b482fd08f3ce24.tar.lz passt-8de9805224046bfb601b6c59b1b482fd08f3ce24.tar.xz passt-8de9805224046bfb601b6c59b1b482fd08f3ce24.tar.zst passt-8de9805224046bfb601b6c59b1b482fd08f3ce24.zip | |
netlink: Propagate errors for "set" operations
Currently if anything goes wrong while we're configuring the namespace
network with --config-net, we'll just ignore it and carry on. This might
lead to a silently unconfigured or misconfigured namespace environment.
For simple "set" operations based on nl_do() we can now detect failures
reported via netlink. Propagate those errors up to pasta_ns_conf() and
report them usefully.
Link: https://bugs.passt.top/show_bug.cgi?id=60
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Minor formatting changes in pasta_ns_conf()]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'pasta.c')
| -rw-r--r-- | pasta.c | 50 |
1 files changed, 40 insertions, 10 deletions
@@ -272,53 +272,83 @@ void pasta_start_ns(struct ctx *c, uid_t uid, gid_t gid, */ void pasta_ns_conf(struct ctx *c) { - nl_link_up(nl_sock_ns, 1 /* lo */, 0); + int rc = 0; + + rc = nl_link_up(nl_sock_ns, 1 /* lo */, 0); + if (rc < 0) + die("Couldn't bring up loopback interface in namespace: %s", + strerror(-rc)); /* Get or set MAC in target namespace */ if (MAC_IS_ZERO(c->mac_guest)) nl_link_get_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest); else - nl_link_set_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest); + rc = nl_link_set_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest); + if (rc < 0) + die("Couldn't set MAC address in namespace: %s", + strerror(-rc)); if (c->pasta_conf_ns) { nl_link_up(nl_sock_ns, c->pasta_ifi, c->mtu); if (c->ifi4) { if (c->no_copy_addrs) { - nl_addr_set(nl_sock_ns, c->pasta_ifi, AF_INET, - &c->ip4.addr, c->ip4.prefix_len); + rc = nl_addr_set(nl_sock_ns, c->pasta_ifi, + AF_INET, + &c->ip4.addr, + c->ip4.prefix_len); } else { nl_addr_dup(nl_sock, c->ifi4, nl_sock_ns, c->pasta_ifi, AF_INET); } + if (rc < 0) { + die("Couldn't set IPv4 address(es) in namespace: %s", + strerror(-rc)); + } + if (c->no_copy_routes) { - nl_route_set_def(nl_sock_ns, c->pasta_ifi, - AF_INET, &c->ip4.gw); + rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi, + AF_INET, &c->ip4.gw); } else { nl_route_dup(nl_sock, c->ifi4, nl_sock_ns, c->pasta_ifi, AF_INET); } + + if (rc < 0) { + die("Couldn't set IPv4 route(s) in guest: %s", + strerror(-rc)); + } } if (c->ifi6) { if (c->no_copy_addrs) { - nl_addr_set(nl_sock_ns, c->pasta_ifi, - AF_INET6, &c->ip6.addr, 64); + rc = nl_addr_set(nl_sock_ns, c->pasta_ifi, + AF_INET6, &c->ip6.addr, 64); } else { nl_addr_dup(nl_sock, c->ifi6, nl_sock_ns, c->pasta_ifi, AF_INET6); } + if (rc < 0) { + die("Couldn't set IPv6 address(es) in namespace: %s", + strerror(-rc)); + } + if (c->no_copy_routes) { - nl_route_set_def(nl_sock_ns, c->pasta_ifi, - AF_INET6, &c->ip6.gw); + rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi, + AF_INET6, &c->ip6.gw); } else { nl_route_dup(nl_sock, c->ifi6, nl_sock_ns, c->pasta_ifi, AF_INET6); } + + if (rc < 0) { + die("Couldn't set IPv6 route(s) in guest: %s", + strerror(-rc)); + } } } |