Bug 1255050

Summary: Backport support for IFLA_LINK_NETNSID
Product: Red Hat Enterprise Linux 7 Reporter: Thomas Haller <thaller>
Component: libnl3Assignee: Thomas Haller <thaller>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: dcbw, rkhan, vbenes, vhumpa
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libnl3-3.2.21-9.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 14:52:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas Haller 2015-08-19 13:50:20 UTC 
Upstream kernel and libnl got support for IFLA_LINK_NETNS.

Backport the commits from upstream:
https://github.com/thom311/libnl/commit/8818a571e72c51bcda309d89bfaf93a2f5524d68
https://github.com/thom311/libnl/commit/fa380b409a02fe17b2d5cfc9074a8913523dbb68

Kernel already has support as of bug 1210260.



This is needed by NetworkManager to properly handle parent links in other netns.
Comment 2 Thomas Haller 2015-08-24 12:20:11 UTC 
Explanation of this feature:

without this feature, libnl does not expose the IFLA_LINK_NETNSID attribute. That means, application who need this attribute, would have a hard time to work around it getting this information.

If an application (e.g. NetworkManager) is not aware of the IFLA_LINK_NETNSID, then it might wrongly think that the IFLA_LINK attribute advertised for a certain interface lies in it's own netns -- while in fact the ifindex in IFLA_LINK is only valid inside an other netns.


A common example are veth pairs, where one peer is in another netns of the application.
In this case, the IFLA_LINK of the visible peer is meaningless inside the netns of the application. Then the application either thinks that the linked-link is surprisingly missing, or it might wrongly think that it refers to another interface (that accidentally has an overlapping ifindex inside the netns of the application).


this can for example lead to wrong behavior inside NetworkManager.





Reproducer:

Create a veth pair and have their peers in two different netns. Make use of libnl3 and inspect the interface as returned from the library.
Check that the IFLA_LINK/rtnl_link_get_link() of that interface really shows the ifindex of the link in the other netns.
Check, that also  IFLA_LINK_NETNSID/rtnl_link_get_link_netnsid() indeed indicates that the link is in the other netnsid.
Comment 3 Thomas Haller 2015-08-25 17:46:15 UTC 
The new API is disabled via

#ifdef NL_RHEL7_ENABLE_LINK_NETNSID

and only enabled for users who *really* need it.
Comment 6 errata-xmlrpc 2015-11-19 14:52:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2105.html