Skip to content

net_util: add support for IPv6 addresses on tap interfaces #7048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rbradford merged 1 commit into from
May 20, 2025
Merged

net_util: add support for IPv6 addresses on tap interfaces #7048

rbradford merged 1 commit into from
May 20, 2025

Conversation

@gpanders
Copy link
Contributor

@gpanders gpanders commented May 2, 2025

Allow tap interfaces to be configured with an IPv6 address. The change is fairly straightforward: we need to update the API types and CLI parsing to accept either an IPv6 or IPv4 and then match on the IP address type when the tap device is configured.

For IPv6 addresses, the netmask (prefix) must be provided at the same time as the address itself (in the SIOCSIFADDR ioctl). They cannot be configured separately. So we remove the separate "set_netmask" function and convert "set_ip_addr" to also accept a netmask and then set both the IP address and netmask together. For IPv4 addresses, the IP address and netmask were already always set together, so this should have no functional impact for users of IPv4 addresses.

@gpanders gpanders requested a review from a team as a code owner May 2, 2025 19:05
iggy
iggy reviewed May 2, 2025
View reviewed changes
net_gen/src/ipv6.rs Outdated
@@ -0,0 +1,41 @@
// Copyright © 2021 Intel Corporation
Copy link
Contributor

@iggy iggy May 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what the rules are here. I'd think it'd be either copyright the project or the company you work for.

Most of the original files were written before cloud-hypervisor became part of Linux Foundation. Not sure if Linux Foundation has rules about copyright ownership/CLAs/etc.

@rbradford @liuw @likebreath @cloud-hypervisor/cloud-hypervisor-reviewers thoughts?

Copy link
Member

@jinankjain jinankjain May 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are still doing the company copyright for new files that we are adding. Is there a policy change when moved to Linux Foundation?

For this file it is even more tricky since the code is generated via bindgen.

Copy link
Member

@rbradford rbradford May 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can just put it "Copyright 2025 Cloud Hypervisor Authors" - the git history is the canonical source of copyright information (which is why it's important to correctly cite in there where stuff is copied from if its imported.)

Copy link
Member

@alyssais alyssais May 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can just put it "Copyright 2025 Cloud Hypervisor Authors" - the git history is the canonical source of copyright information (which is why it's important to correctly cite in there where stuff is copied from if its imported.)

This concerns me a bit — how do I tell from git history whether copyright is owned by an individual or their employer, for example?

@gpanders gpanders force-pushed the push-tvkyxkwrrxkk branch from 65009cc to 576203d Compare May 2, 2025 20:35
@rbradford
Copy link
Member

rbradford commented May 9, 2025

Code looks good - i've always sort of assumed that folks were happy with manually setting up the IP on the TAP for IPV64 and that the complexity added would be a bit too much to add to CH. But i'm very pleasantly surprised - lets see how the CI handles it.

@gpanders gpanders force-pushed the push-tvkyxkwrrxkk branch from 576203d to d055034 Compare May 9, 2025 15:42
@gpanders
Copy link
Contributor Author

gpanders commented May 9, 2025
edited
Loading

Updated the copyright header and addressed the clippy warnings in d0550346cd7d

@gpanders gpanders force-pushed the push-tvkyxkwrrxkk branch from d055034 to 6e2eb0f Compare May 12, 2025 18:34
@gpanders gpanders changed the title net: add support for IPv6 addresses on tap interfaces net_util: add support for IPv6 addresses on tap interfaces May 12, 2025
@gpanders
Copy link
Contributor Author

gpanders commented May 15, 2025

I updated the commit message to satisfy the commit message linter. Can a maintainer re-trigger CI?

@rbradford
Copy link
Member

rbradford commented May 15, 2025

It looks like all the integration tests are failing - I guess network is failing to come up for the VMs. Perhaps you could try running just one test directly.

@gpanders gpanders force-pushed the push-tvkyxkwrrxkk branch from 6e2eb0f to 38ac7ea Compare May 16, 2025 15:56
@gpanders
Copy link
Contributor Author

gpanders commented May 16, 2025
edited
Loading

Figured out what the issue was. I was setting both ifr_addr and ifr_netmask in the ifreq struct and then making back to back ioctls to set the IP address and netmask of the device.

However, ifr_addr and ifr_netmask are two fields of a union, so setting ifr_netmask clobbers the value of ifr_addr. This is a bug because now the device is using the netmask as its IP address.

We were also unconditionally calling the SIOCSIFNETMASK ioctl even if no netmask was specified. Again because ifr_addr is a union, this meant that an invalid address was being set as the netmask.

The fix is to:

  1. Call the ioctls "separately" and set ifr_netmask after the first ioctl succeeds
  2. Only call the 2nd ioctl if there is a valid netmask

(Below is my incorrect original explanation, keeping for posterity).

Details

While working on this patch I was consulting the netdevice(7) man page, which describes the different ioctls on Linux. This man page says the following for SIOCSIFNETMASK:

SIOCGIFNETMASK
SIOCSIFNETMASK
              Get or set the network mask for a device using ifr_netmask.
              For compatibility, only AF_INET addresses are accepted or
              returned.  Setting the network mask is a privileged
              operation.

I noticed that Cloud Hypervisor was setting the ifr_addr field before setting the netmask, not ifr_netmask. I assumed this was a (subtle) bug, and "fixed" it in this PR.

But this was causing the SIOCSIFNETMASK ioctl to fail with EINVAL. Consulting the actual Linux source code reveals that ifr_netmask is actually not being used, it actually is using ifr_addr. So Cloud Hypervisor was doing the right thing and it is the man page that is wrong.

Reverting that "fix" makes the tests pass for me locally.

@gpanders
net_util: add support for IPv6 addresses on tap interfaces
260fa38 
Allow tap interfaces to be configured with an IPv6 address. The change
is fairly straightforward: we need to update the API types and CLI
parsing to accept either an IPv6 or IPv4 and then match on the IP
address type when the tap device is configured.

For IPv6 addresses, the netmask (prefix) must be provided at the same
time as the address itself (in the SIOCSIFADDR ioctl). They cannot be
configured separately. So we remove the separate "set_netmask" function
and convert "set_ip_addr" to also accept a netmask. For IPv4 addresses,
the IP address and netmask were already always set together, so this
should have no functional impact for users of IPv4 addresses.

Signed-off-by: Gregory Anders <[email protected]>
@gpanders gpanders force-pushed the push-tvkyxkwrrxkk branch from 38ac7ea to 260fa38 Compare May 16, 2025 16:39
@rbradford rbradford added this pull request to the merge queue May 20, 2025
@rbradford
Copy link
Member

rbradford commented May 20, 2025

Thank you!

@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks May 20, 2025
@rbradford rbradford added this pull request to the merge queue May 20, 2025
Merged via the queue into cloud-hypervisor:main with commit dce82a3 May 20, 2025
38 of 39 checks passed
@gpanders gpanders deleted the push-tvkyxkwrrxkk branch May 20, 2025 17:31
@likebreath likebreath moved this from 🆕 New to ✅ Done in Cloud Hypervisor Roadmap May 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alyssais alyssais alyssais left review comments

@jinankjain jinankjain jinankjain left review comments

@rbradford rbradford rbradford approved these changes

+1 more reviewer

@iggy iggy iggy left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

Cloud Hypervisor Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@gpanders @rbradford @iggy @alyssais @jinankjain