Fix kerndat_link_nsid() on systems with more than 10 interfaces

Submitted by Adrian Reber on Nov. 22, 2018, 1:44 p.m.

Details

Message ID 1542894243-8061-1-git-send-email-adrian@lisas.de
State Accepted
Series "Fix kerndat_link_nsid() on systems with more than 10 interfaces"
Headers show

Commit Message

Adrian Reber Nov. 22, 2018, 1:44 p.m.
From: Adrian Reber <areber@redhat.com>

On a system with more than 10 network interfaces the link_nsid check
fails:

$ criu check --feature link_nsid
Warn  (criu/cr-check.c:1237): NSID isn't supported

The function kerndat_link_nsid() uses:

 nde.ifindex = 10;

This fails as there is already an interface with ifindex 10.

This patch moves the creation of the socket into the second network
namespace and the feature check succeeds.

Suggested-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Adrian Reber <areber@redhat.com>
---
 criu/net.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/net.c b/criu/net.c
index ec66d1e..c1a6e30 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -3148,12 +3148,6 @@  int kerndat_link_nsid()
 		};
 		int nsfd, sk, ret;
 
-		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
-		if (sk < 0) {
-			pr_perror("Unable to create a netlink socket");
-			exit(1);
-		}
-
 		if (unshare(CLONE_NEWNET)) {
 			pr_perror("Unable create a network namespace");
 			exit(1);
@@ -3168,6 +3162,12 @@  int kerndat_link_nsid()
 			exit(1);
 		}
 
+		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+		if (sk < 0) {
+			pr_perror("Unable to create a netlink socket");
+			exit(1);
+		}
+
 		nde.type = ND_TYPE__VETH;
 		nde.name = "veth";
 		nde.ifindex = 10;

Comments

Adrian Reber Nov. 22, 2018, 2 p.m.
On Thu, Nov 22, 2018 at 01:44:03PM +0000, Adrian Reber wrote:
> From: Adrian Reber <areber@redhat.com>
> 
> On a system with more than 10 network interfaces the link_nsid check
> fails:
> 
> $ criu check --feature link_nsid
> Warn  (criu/cr-check.c:1237): NSID isn't supported
> 
> The function kerndat_link_nsid() uses:
> 
>  nde.ifindex = 10;
> 
> This fails as there is already an interface with ifindex 10.
> 
> This patch moves the creation of the socket into the second network
> namespace and the feature check succeeds.
> 
> Suggested-by: Jiri Benc <jbenc@redhat.com>
> Signed-off-by: Adrian Reber <areber@redhat.com>
> ---
>  criu/net.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index ec66d1e..c1a6e30 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -3148,12 +3148,6 @@ int kerndat_link_nsid()
>  		};
>  		int nsfd, sk, ret;
>  
> -		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
> -		if (sk < 0) {
> -			pr_perror("Unable to create a netlink socket");
> -			exit(1);
> -		}
> -
>  		if (unshare(CLONE_NEWNET)) {
>  			pr_perror("Unable create a network namespace");
>  			exit(1);
> @@ -3168,6 +3162,12 @@ int kerndat_link_nsid()
>  			exit(1);
>  		}
>  
> +		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
> +		if (sk < 0) {
> +			pr_perror("Unable to create a netlink socket");
> +			exit(1);
> +		}
> +
>  		nde.type = ND_TYPE__VETH;
>  		nde.name = "veth";
>  		nde.ifindex = 10;

Andrei, I am not 100% if this is correct. As you wrote the code in 2016,
maybe you can remember if this is correct. Maybe it also needs to be
like this:

unshare(CLONE_NEWNET);
sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
unshare(CLONE_NEWNET);
nsfd = open_proc(PROC_SELF, "ns/net");

Let me know and I can update the patch.

		Adrian
Andrei Vagin Nov. 27, 2018, 6:18 p.m.
On Thu, Nov 22, 2018 at 01:44:03PM +0000, Adrian Reber wrote:
> From: Adrian Reber <areber@redhat.com>
> 
> On a system with more than 10 network interfaces the link_nsid check
> fails:
> 
> $ criu check --feature link_nsid
> Warn  (criu/cr-check.c:1237): NSID isn't supported
> 
> The function kerndat_link_nsid() uses:
> 
>  nde.ifindex = 10;
> 
> This fails as there is already an interface with ifindex 10.
> 
> This patch moves the creation of the socket into the second network
> namespace and the feature check succeeds.
> 
> Suggested-by: Jiri Benc <jbenc@redhat.com>
> Signed-off-by: Adrian Reber <areber@redhat.com>
> ---
>  criu/net.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index ec66d1e..c1a6e30 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -3148,12 +3148,6 @@ int kerndat_link_nsid()
>  		};
>  		int nsfd, sk, ret;
>  
> -		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
> -		if (sk < 0) {
> -			pr_perror("Unable to create a netlink socket");
> -			exit(1);
> -		}
> -
>  		if (unshare(CLONE_NEWNET)) {
>  			pr_perror("Unable create a network namespace");
>  			exit(1);
> @@ -3168,6 +3162,12 @@ int kerndat_link_nsid()
>  			exit(1);
>  		}
>  
> +		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);

it should be moved after the first unshare(CLONE_NEWNET). The second
netns is created to check peer_ifindex and peer_nsid

> +		if (sk < 0) {
> +			pr_perror("Unable to create a netlink socket");
> +			exit(1);
> +		}
> +
>  		nde.type = ND_TYPE__VETH;
>  		nde.name = "veth";
>  		nde.ifindex = 10;
> -- 
> 1.8.3.1
>
Adrian Reber Nov. 28, 2018, 1:19 p.m.
On Tue, Nov 27, 2018 at 10:18:08AM -0800, Andrei Vagin wrote:
> On Thu, Nov 22, 2018 at 01:44:03PM +0000, Adrian Reber wrote:
> > From: Adrian Reber <areber@redhat.com>
> > 
> > On a system with more than 10 network interfaces the link_nsid check
> > fails:
> > 
> > $ criu check --feature link_nsid
> > Warn  (criu/cr-check.c:1237): NSID isn't supported
> > 
> > The function kerndat_link_nsid() uses:
> > 
> >  nde.ifindex = 10;
> > 
> > This fails as there is already an interface with ifindex 10.
> > 
> > This patch moves the creation of the socket into the second network
> > namespace and the feature check succeeds.
> > 
> > Suggested-by: Jiri Benc <jbenc@redhat.com>
> > Signed-off-by: Adrian Reber <areber@redhat.com>
> > ---
> >  criu/net.c | 12 ++++++------
> >  1 file changed, 6 insertions(+), 6 deletions(-)
> > 
> > diff --git a/criu/net.c b/criu/net.c
> > index ec66d1e..c1a6e30 100644
> > --- a/criu/net.c
> > +++ b/criu/net.c
> > @@ -3148,12 +3148,6 @@ int kerndat_link_nsid()
> >  		};
> >  		int nsfd, sk, ret;
> >  
> > -		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
> > -		if (sk < 0) {
> > -			pr_perror("Unable to create a netlink socket");
> > -			exit(1);
> > -		}
> > -
> >  		if (unshare(CLONE_NEWNET)) {
> >  			pr_perror("Unable create a network namespace");
> >  			exit(1);
> > @@ -3168,6 +3162,12 @@ int kerndat_link_nsid()
> >  			exit(1);
> >  		}
> >  
> > +		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
> 
> it should be moved after the first unshare(CLONE_NEWNET). The second
> netns is created to check peer_ifindex and peer_nsid

If I create a lot of tun devices on my host this still fails if I move
it after the first unshare().

If the socket is created after the second unshare() it works.

		Adrian
Andrei Vagin Dec. 4, 2018, 7:58 a.m.
Applied, thanks!

On Thu, Nov 22, 2018 at 01:44:03PM +0000, Adrian Reber wrote:
> From: Adrian Reber <areber@redhat.com>
> 
> On a system with more than 10 network interfaces the link_nsid check
> fails:
> 
> $ criu check --feature link_nsid
> Warn  (criu/cr-check.c:1237): NSID isn't supported
> 
> The function kerndat_link_nsid() uses:
> 
>  nde.ifindex = 10;
> 
> This fails as there is already an interface with ifindex 10.
> 
> This patch moves the creation of the socket into the second network
> namespace and the feature check succeeds.
> 
> Suggested-by: Jiri Benc <jbenc@redhat.com>
> Signed-off-by: Adrian Reber <areber@redhat.com>
> ---
>  criu/net.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/criu/net.c b/criu/net.c
> index ec66d1e..c1a6e30 100644
> --- a/criu/net.c
> +++ b/criu/net.c
> @@ -3148,12 +3148,6 @@ int kerndat_link_nsid()
>  		};
>  		int nsfd, sk, ret;
>  
> -		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
> -		if (sk < 0) {
> -			pr_perror("Unable to create a netlink socket");
> -			exit(1);
> -		}
> -
>  		if (unshare(CLONE_NEWNET)) {
>  			pr_perror("Unable create a network namespace");
>  			exit(1);
> @@ -3168,6 +3162,12 @@ int kerndat_link_nsid()
>  			exit(1);
>  		}
>  
> +		sk = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
> +		if (sk < 0) {
> +			pr_perror("Unable to create a netlink socket");
> +			exit(1);
> +		}
> +
>  		nde.type = ND_TYPE__VETH;
>  		nde.name = "veth";
>  		nde.ifindex = 10;
> -- 
> 1.8.3.1
>