netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK

Make use of the new socket option, NETLINK_DUMP_STRICT_CHK, that
userspace can use via setsockopt to request strict checking of headers
and attributes on dump requests.

To get dump features such as kernel side filtering based on data in
the header or attributes appended to the dump request, userspace
must call setsockopt() for NETLINK_DUMP_STRICT_CHK and a non-zero
value. This is necessary to make use of the IFA_TARGET_NETNSID property.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/include/netns_ifaddrs.c b/src/include/netns_ifaddrs.c
index cc672a7fde0fb0b4a5a77185993b116c8f58bc4e..fc0ffc167499993ee929a7033f9e84cada1b4f6d 100644 (file)
--- a/src/include/netns_ifaddrs.c
+++ b/src/include/netns_ifaddrs.c
@@ -477,6 +477,14 @@ static int __rtnl_enumerate(int link_af, int addr_af, __s32 netns_id,
        if (fd < 0)
                return -1;
 
+       r = setsockopt(fd, SOL_NETLINK, NETLINK_DUMP_STRICT_CHK, &(int){1},
+                      sizeof(int));
+       if (r < 0 && netns_id >= 0) {
+               close(fd);
+               *netnsid_aware = false;
+               return -1;
+       }
+
        r = __ifaddrs_netlink_recv(fd, 1, RTM_GETLINK, link_af, netns_id,
                                   &getlink_netnsid_aware, cb, ctx);
        if (!r)