From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 8 Oct 2018 19:08:10 +0000 (+0200)
Subject: netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
X-Git-Tag: lxc-3.1.0~55^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6b647205d5cd56f24f6e4189d607dd0e80f3960;p=thirdparty%2Flxc.git

netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK

Make use of the new socket option, NETLINK_DUMP_STRICT_CHK, that
userspace can use via setsockopt to request strict checking of headers
and attributes on dump requests.

To get dump features such as kernel side filtering based on data in
the header or attributes appended to the dump request, userspace
must call setsockopt() for NETLINK_DUMP_STRICT_CHK and a non-zero
value. This is necessary to make use of the IFA_TARGET_NETNSID property.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/include/netns_ifaddrs.c b/src/include/netns_ifaddrs.c
index cc672a7fd..fc0ffc167 100644
--- a/src/include/netns_ifaddrs.c
+++ b/src/include/netns_ifaddrs.c
@@ -477,6 +477,14 @@ static int __rtnl_enumerate(int link_af, int addr_af, __s32 netns_id,
 	if (fd < 0)
 		return -1;
 
+	r = setsockopt(fd, SOL_NETLINK, NETLINK_DUMP_STRICT_CHK, &(int){1},
+		       sizeof(int));
+	if (r < 0 && netns_id >= 0) {
+		close(fd);
+		*netnsid_aware = false;
+		return -1;
+	}
+
 	r = __ifaddrs_netlink_recv(fd, 1, RTM_GETLINK, link_af, netns_id,
 				   &getlink_netnsid_aware, cb, ctx);
 	if (!r)