From nobody Mon May 25 08:12:38 2026 Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74297391846 for ; Fri, 15 May 2026 20:19:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876387; cv=none; b=pE1VTXU62feKFlqhogtno9GvRdvcb20qJVSOV9AmwoqK2o9Y7zYugdPUe+WQWZYK9SFAca+75PLjHgcrHqqi1cBwbDcwWPe7zWB4LWVqh5ZFWMluGkuf3JD+oQ9rOr00WjIhdDhGo9m3MbMykXL+0PiqJdcZ7Ngni3PQDUgOwwA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876387; c=relaxed/simple; bh=Q28j9z8dp3oa7JMWHW9YFacpLH2Z814ez5zEJhieN9w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Zi8Sj0AQ6O0NaJtI/Ezz3wEJKZmceRAe/hiCYKTDKaAbppDQJ9l71ahdh0/i59CUc0sYJJBqkd03/+XDZ9vTDxLdZmw0Hr+26VCyNrm2pw/j30kSQLMSh4pieZUahmcEwQoWdROb20JVbT/ta3tT7+HzCp5kCunWMOJX0kL2Bvg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.128.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-f68.google.com with SMTP id 5b1f17b1804b1-488b8bc6bc9so1061015e9.3 for ; Fri, 15 May 2026 13:19:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778876384; x=1779481184; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=N3vmZN+/CLFfYNwXnxNj1H7df8GenR+J9C9ZLO0cmvk=; b=pxquEbMsgO5wT64bnPHM3FZLa5HrqwfSUNZEGx3N5vnN7SQM+WsqJtZopEgRXRo+Oo ijHPRSuqX7Xg91cjh5gS7FAkdfLHT/27Zmiryqr/E6PrwEKMGtd/xu7r7d8zzm6lvL15 2mcY29ZihDAVoR40iAMOZzp9er6wKslBul48DVe9Dc4dspoQJLjgssVYbzF2MVYdFA6B FNufebPozjc5TeK2UW3Mtr1X+erViH0q8kKeSvGUVsK6SyQlsdCrLntTG6bqf+MsgEjv fAY7jYeXDdiY+1WlyygQQopdOgBB28LaTteVXHHQauDHhouH4V5NVAFCJtJQ3fG8qJue 1N2Q== X-Forwarded-Encrypted: i=1; AFNElJ/vatg8d7xEEx0hxNjnHJclBeJY7P094syyKZmqhUcx+A87MYgRXDzLkaV8M1wZkazcvfTXNw3LDIf7WBc=@vger.kernel.org X-Gm-Message-State: AOJu0YycXCW0wRU+k7Sp5cORbkbplBDIZjR6zTwBIGq/UpJoKV8rBRKk Q9IvEtbOkSxdfIznejYUP1/ko6KDss9Yf6CllXXIR+QFONkCdz09lVh/ X-Gm-Gg: Acq92OHUmANHgPBpWH4vm/Vp44SnIAcfme7idT5KhlrNyGE+n0eMf27pJuxDKaFik+L 93C9fC01clOAOCvXwMOg0GK4db/liF69jZYOETBHqfEHSRMyk3MnWkWVQ4r+V1vl1O5UilqRkYg R/Cn4IHXKt5m2ToPkTbUjBv0JCVFyiiqndOS4sJz0DtSfop07+avkjYZbkvElQe9bIPXgt5gFRh VZcUzFiXGymQxlC5YoSkOd6hEFGPAPWbq7QapbmSRhFtsIzKe21JR5Kb5zrI/F4QithDj3ogkgS DsfSyvufMn/igdUP/OY0rInr2S96PPhup3UD9FKdPhSnJYAdR05JTpkRIq8xQxGXkavWEI80Qto chmSgZl8X0B3e+m4ZipAiwj1YqKiP3iZBGAcM5GimzOUmIDE9I6zBzt0W5aHuDBITbg7z9HKcfu e63wv6IzigRYKjfTwsRBwSTrmN9C0MHGyTd9cNd3gyN7iZ+v7qfZRN2tg5q84= X-Received: by 2002:a05:600c:3b27:b0:48e:7854:1608 with SMTP id 5b1f17b1804b1-48fe6516b54mr70915975e9.25.1778876383868; Fri, 15 May 2026 13:19:43 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48feab2896bsm22924605e9.4.2026.05.15.13.19.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 May 2026 13:19:43 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net 1/5] net: rtnetlink: fix link nsid reported when the link is local Date: Fri, 15 May 2026 22:19:20 +0200 Message-ID: <20260515201937.2813983-2-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260515201937.2813983-1-i.maximets@ovn.org> References: <20260515201937.2813983-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For most netlink replies and notifications the expected behavior is: - if NSID is not reported, then the device is local to the querier. - if NSID is reported, then the device is remote, i.e., located in the provided namespace that is not the same as the querier's. Userspace applications like ovs-vswitchd expect this behavior. And ip monitor uses this logic for printing out [nsid current] vs [nsid N]. But this doesn't work for link nsid in cross-namespace RTM_GETLINK requests. For some reason the code checks if the original device and the link are in the same namespace and not if the querier's namespace is the same as the link's. So the logic becomes: - if NSID is not reported, then the link is in the same namespace as the queried device. - if NSID is reported, then the link is not in the same namespace with the queried device. If the link is in the same namespace as the querier, the code will allocate a self-referential nsid for the querier's namespace and report it as a link nsid. This is problematic because: 1. Application doesn't expect to see nsid reported for its own namespace. 2. Application can't know if this nsid is the nsid of the current namespace without making extra requests. So a lot of extra logic is needed to understand if the link is local or not. 3. Implicit allocation of self-referential nsid for the current namespace affects notifications on sockets listening on all namespaces, since this nsid is now reported in every notification. And so those notification handlers also now need extra logic to understand which namespace the events are coming from. 4. A seemingly read-only RTM_GETLINK request for a different namespace allocates a self-referential nsid for the current namespace, which is a little unexpected. Let's fix that by applying the same rules to cross-namespace requests as for standard ones, which is: - Report NSID if it is different from the querier's namespace. This changes two things: 1. If both the device and the link are in the same namespace which is not the querier's namespace, the LINK_NSID will now be reported. This just gives more info and the user can check if the reported id is the same as TARGET_NSID, which is in the same message. 2. If the link is in the same namespace as the querier, but the device isn't, the LINK_NSID will no longer be reported. This is the main change, as previously this would mean that the link is in the TARGET namespace, but now it will mean that the link is in the SOURCE namespace. There are no changes in logic for queries that are not cross-namespace queries. A research across open-source projects doesn't show any projects that rely on the things that are being changed. I couldn't find any project that uses the reported LINK_NSID with cross-namespace requests. And no projects that use cross-namespace requests seem to even parse the reported LINK_NSID. Of course, that doesn't mean there are no such applications, but the current behavior feels like a logical bug that IMO should be fixed, otherwise it's hard to use all-nsid sockets properly. Note that the logic for notifications in rtmsg_ifinfo_build_skb() remains the same as those are formatted from the perspective of the namespace where event occurred, i.e., they are always "local", but then distributed to sockets listening on all NSIDs with extra metadata pointing out the original namespace. And users need to translate the reported NSIDs to their reference point. While RTM_GETLINK always reports NSID from the querier's reference point. Hence the reason it should not be reported if it is the same. Fixes: 79e1ad148c84 ("rtnetlink: use netnsid to query interface") Reported-by: Matteo Perin Signed-off-by: Ilya Maximets --- net/core/rtnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index df042da422ef3..0d539b8e4bf61 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1881,7 +1881,7 @@ static int rtnl_fill_link_netnsid(struct sk_buff *skb, if (dev->rtnl_link_ops && dev->rtnl_link_ops->get_link_net) { struct net *link_net =3D dev->rtnl_link_ops->get_link_net(dev); =20 - if (!net_eq(dev_net(dev), link_net)) { + if (!net_eq(src_net, link_net)) { int id =3D peernet2id_alloc(src_net, link_net, gfp); =20 if (nla_put_s32(skb, IFLA_LINK_NETNSID, id)) --=20 2.53.0 From nobody Mon May 25 08:12:38 2026 Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE8D9413D8C for ; Fri, 15 May 2026 20:19:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.67 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876391; cv=none; b=o7moYXqx+SqHpbqXla55uXzCYpBUIbC5mAlncQSfpBqOFQM9meuMV2MTgMyta5WdBV/XSQZisgGd3VEtfQVAKkH2I7xfYibBi2ivYeL6ymkKsdjhgs6mfYMr7XkdNIeMgpFOwjZgXbyh9kC1SLNDBqabIb0NCIHWW3VFjIoyqH4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876391; c=relaxed/simple; bh=PEURoDySqWuQSZD27dPpBt6/0GrdH4gRDEOa7Eum+aw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JaZdBbGZQ+jtC4QktK3dgPDChl7lK3M4ayV1b1SsXT+2/6+fomgnBhcexntQgYRrSz7ZK4M/hoci6QtAry+0zBWdJXpJP3DaM9kZ8IuD3BdGrk1ys9C5f/A7fAbPT3l6kPbLw/Vcov+43YVz6vczOKGZ6fE/Ng9T7wIApUfjnbM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.128.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-4890d945eb4so7567445e9.0 for ; Fri, 15 May 2026 13:19:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778876386; x=1779481186; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=kmQU4ZHn0BP9pNq3YQ9QtcvmPxZeqXAZW4pwCEu/ebY=; b=snu80tSo4J7s4buptW1mwB0Fg6jS1zZyabDwb/0eAsDJ4xgOvSJmfLe0ShLM6hcN+f nzxIM9sQ7JYyAV6pMGkKtRSu17Pjrpd6yqyL0muGd4Ycb1ZXdGM3vaui8wpi+fRKB95+ O6YCnrBO+NXu37T+8wuGjTJKgykQHeguJ3Lo+r1lV/InxboQ+7RkmtiC1OvvizwOgXq9 ss/xLSSfMKMydQaeRlt5YPPlrq3/ntwn+EWD4AZz5dRES8MNW51XQ+TlnxZtX8CZeiyh h+BFsZy8Eoz9WwMmF9wEaHd3K+JwDFDgunnlJ19pxvU8l9teG1xxpD9qYI3fKnU6U8wj boFg== X-Forwarded-Encrypted: i=1; AFNElJ+wmZCzapd8fLtM5ZLgvyP96Oc13xZYagil9NuQ58J7/jdVNZgYFZ43VWCvrRa/vLd12UfuhPd9s/X2YOc=@vger.kernel.org X-Gm-Message-State: AOJu0YwpmhoQaIEkGhTU7Ckwu2m+0YPyMK798xKb496iJdUxLo0FmmPV vrx8wvyAk6qE7KQPCzm7LGn4h/51aI2sSD1bHwiF0dd3jJcgY1d+L9Vd X-Gm-Gg: Acq92OFWsVp4qKhtBZ9u301P/Rg+CzWv3WTZxKWsxatWpjL+8DMtKwwxfxfKrKBn9ea /IRwdwJUiYWBVg2pPAx70kHXMr6MlpltbWP0Rd+iCBgJNz8m06s5k/Yo5qpntBgEPY8VbAF0gNx 1ipVc22dNNAt6PwTHAMDNQlIiSOhPixjxQBWcLA0+gd9ysk8SyZSh2/FSqAdsNd4mTlKtKwQ6FD DaCDroJcKxPAPXlbk/xyrcAA0QUvFXMubt0q73ueHdM5Ydytj/ixzxPsSVWP6juq90OQKMmWT5C e1E/6bwjQKcFiyfxEBGzSCANI+MeIINzorhsV8k0IR5cjIP+b3OdrUorg/ZmAqIdx+FzK8O1XuY yfrXjSAWBwxLRPm31YuxbOiMunEcYufB0qfy+nQ+LW1JlceN2tqzcsYKUMmmo92JWQTNMSBzFka ItmDyVgH2Eia+TfsSY/mGVGpZSFvwb2kba85xOTYVlp0VV/B0zRnrPW8cHdhna+R79+JVX4w== X-Received: by 2002:a05:600c:8485:b0:48a:5339:a46 with SMTP id 5b1f17b1804b1-48fe537fb6fmr64515925e9.9.1778876385954; Fri, 15 May 2026 13:19:45 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48feab2896bsm22924605e9.4.2026.05.15.13.19.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 May 2026 13:19:45 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net 2/5] selftests: net: add a test case for cross-namespace peer netns Date: Fri, 15 May 2026 22:19:21 +0200 Message-ID: <20260515201937.2813983-3-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260515201937.2813983-1-i.maximets@ovn.org> References: <20260515201937.2813983-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The test makes requests with RTM_GETLINK and TARGET_NETNS and verifies that reported LINK_NSID is correct and only reported when it is needed from the querier's perspective. Assisted-by: OpenCode:claude-opus-4.6 Signed-off-by: Ilya Maximets --- tools/testing/selftests/net/link_netns.py | 49 ++++++++++++++++++++++- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/link_netns.py b/tools/testing/self= tests/net/link_netns.py index aab043c59d695..2aae422d3f8a6 100755 --- a/tools/testing/selftests/net/link_netns.py +++ b/tools/testing/selftests/net/link_netns.py @@ -3,13 +3,14 @@ =20 import time =20 -from lib.py import ksft_run, ksft_exit, ksft_true +from lib.py import ksft_run, ksft_exit, ksft_eq, ksft_true from lib.py import ip from lib.py import NetNS, NetNSEnter from lib.py import RtnlFamily =20 =20 LINK_NETNSID =3D 100 +LINK_NETNSID2 =3D 200 =20 =20 def test_event() -> None: @@ -132,8 +133,52 @@ def test_peer_net() -> None: ip(f"link del foo", ns=3Dtgt_net) =20 =20 +def test_peer_net_cross_ns() -> None: + """Cross-namespace RTM_GETLINK queries using target-netnsid. + IFLA_LINK_NETNSID should report the link peer's namespace from the + querier's perspective. Absent means the peer is in the querier's + own namespace. Must not create self-referential nsid mappings.""" + + with NetNS() as ns1, NetNS() as ns2, NetNS() as ns3: + net1, net2, net3 =3D str(ns1), str(ns2), str(ns3) + + ip(f"netns set {net2} {LINK_NETNSID}", ns=3Dnet1) + ip(f"netns set {net3} {LINK_NETNSID2}", ns=3Dnet1) + + with NetNSEnter(net1): + rtnl =3D RtnlFamily() + + cases =3D [ + # "dev netns", "peer netns", "query nsid", expected link-netns= id. + (net2, net1, LINK_NETNSID, None), + (net2, net2, LINK_NETNSID, LINK_NETNSID), + (net2, net3, LINK_NETNSID, LINK_NETNSID2), + ] + + for dev_ns, peer_ns, query_nsid, exp in cases: + ip(f"link add foo netns {dev_ns} type veth" + f" peer name bar netns {peer_ns}") + + resp =3D rtnl.getlink({"target-netnsid": query_nsid, + "ifname": "foo"}) + ksft_eq(resp.get("link-netnsid"), exp, + f"link-netnsid mismatch for dev=3D{dev_ns} peer=3D{pee= r_ns}") + + ip("link del foo", ns=3Ddev_ns) + + # Verify no extra nsid was created by the queries. + nsids =3D ip("netns list-id", ns=3Dnet1, json=3DTrue) + ksft_eq(len(nsids), 2, + f"unexpected nsid mappings after cross-ns queries: {nsids}= ") + + def main() -> None: - ksft_run([test_event, test_link_net, test_peer_net]) + ksft_run([ + test_event, + test_link_net, + test_peer_net, + test_peer_net_cross_ns, + ]) ksft_exit() =20 =20 --=20 2.53.0 From nobody Mon May 25 08:12:38 2026 Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0512039183C for ; Fri, 15 May 2026 20:19:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.66 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876391; cv=none; b=U+wEJoHgOIoIErzCttR1zS7gVPOFza3+du8lLPVb62CGhpR/ruqpqZqHlR2n3Q2w6DhZXPIwGEAaa0fVrJz50np8xdfU7s9WHOeRi+FGhyczJhK4Eh4plNuj72cZT67WeFDMJLCR3QI1Z1qmuSeeC+LHRF2WwwAphFQhOIs22uw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876391; c=relaxed/simple; bh=11PvwTnrSqhRrKXUG1flLgVCfsSwFEgQM3usa6azJag=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uMzz/5XdTDLT2ShR8ZeyMKF/M3dxIzPiE5OxnX0QcJuiXijedtexFtK2CbQzSJGCEZg4yrP7kvjqMI7ZmWV5TFVxdMmI8Wbtl5G255ANCd6w4ImDw64XC0bpc5nVCxq+7hHHOy6zovqe4briqkVy3bPHZqcja1iiGnjmRV4SJyY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.128.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-48e82c23840so1432395e9.3 for ; Fri, 15 May 2026 13:19:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778876388; x=1779481188; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=hPaN1T7r/zmxUDUF/SdVhtgWCcFs71hNuD9xdwSmNs0=; b=B6WSD+pOexmRJ/KY7FGuLT+mr7w1FAW9tct003JLlURYUW2rJQI3xn0GRRnZNIZZ0J cesR7y+djunhVBZaZgTLnk90ACYqIjwznTDRzOy3KJxR1l8aVvDahB1TT0wOasUDAr7A NwbZIEIOyBayX03Rbu9NImIECf0bkI760muihYV2HRFc7EB/QSeFpvTPr9Mchh61EpuQ pbxN9xUu3T+zNDVQf7h6KQ77N/r6S5Ah0bxli+eQ0Rc1rG5ntKGDvav++DHIIVkOi9zy PgEyA4Fk2hbvyd9CxonPUYP3v/82ZdLOPgQ0U4u4Y+SaoxukAJx8ZW0IbOP5amsxcLmj b0YA== X-Forwarded-Encrypted: i=1; AFNElJ97wS9gCvcOMGjfMVfYw9s17QhNgxd2LewGXkQLK4M4QA5EoQt9RanZuf6eOMX9Ds1Q0DA0MTUHWsthTWM=@vger.kernel.org X-Gm-Message-State: AOJu0Yxjcwr4GJurz+e3aagejm1J6ONxcWGsVUQpfO8rajjNEnFoNykc VzaKQVxsCXRLNb5dD8QUdNIKG7aB35ssVvSqvRZmq7qtnUhdeDXEpaiz X-Gm-Gg: Acq92OGSveC3Go+amRR5aV9yaZSJETR49m1UmSk66PRwYQMdb9VnRK9VMSv77ikVe4t lcdkQ/05sVcc8Fa4iZhq8JZWNnPZA87MEvHG6HzDuBL9aneJz9KstLnixaPesTqVfg8LMqCJcYP gDKXlyZ7/ZAo1CKW2Mj3l0rSNA1O/2F3B1pMWakOGQbdf8iMCulU0R890K5WdZkgOXVWAV57DYb zbstVmGIl4CKG8HHeX8DaaFhdMnlqaR5Cd3t30CdetR32Tqp+GSHPLC9YBCOXfEpDT+9aTk4g+6 Bjq/2cgDi0QGrkI60lBbmFPfrSN7ItFW5HfnBOCw/imdUeWr2Is3zqx8Uzy6RGcEz5HM5PvoO4Y 8vbn6gbn/sWR+xWG4Gx9fABTpX7ylTrxHeslXbV/y2+P9PKBJz9XxFsJscotjziGV3vhSkVCAlh F3RRf1/n3kPx4Mqur9y5e1Xlv1ijHEhG1EUahiny/0khTNufMjsuV5J9KxP0I= X-Received: by 2002:a05:600c:a406:b0:489:1aed:1658 with SMTP id 5b1f17b1804b1-48fe632a9f4mr65203915e9.23.1778876388129; Fri, 15 May 2026 13:19:48 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48feab2896bsm22924605e9.4.2026.05.15.13.19.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 May 2026 13:19:47 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net 3/5] net: netlink: don't set nsid on local notifications Date: Fri, 15 May 2026 22:19:22 +0200 Message-ID: <20260515201937.2813983-4-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260515201937.2813983-1-i.maximets@ovn.org> References: <20260515201937.2813983-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For notifications with NETLINK_LISTEN_ALL_NSID the expected behavior is the following: - if NSID is not reported, then the event is local to the listener. - if NSID is reported, then the event is remote, i.e., originated in the provided namespace that is not the same as the listener's. Userspace applications like ovs-vswitchd expect this behavior. And ip monitor uses this logic for printing out [nsid current] vs [nsid N]. However, when a self-referential NSID is allocated for a namespace, every local notification starts sending this ID to userspace as part of NETLINK_LISTEN_ALL_NSID CMSG metadata. This is problematic, because the listener cannot tell if those notifications are local or not anymore without making extra requests to figure out if the provided NSID is local or not. The listener can also not figure out the local NSID beforehand as it can be allocated at any point in time by other processes. The value is practically not useful, since it's the namespace's own ID that the application has to obtain from other sources in order to figure out if it's the same or not. So, for the application it's just an extra busy work with no benefits. Moreover, applications that do not know about this quirk may be mishandling notifications with NSID set as notifications from remote namespaces while they are actually local. This is the case with ovs-vswitchd. Having a self-referential NSID mapping is not something that happens under normal circumstances, but it can be a case in specific environments. And it can be more common with certain container runtimes like LXC/LXD/Incus that unintentionally trigger allocation of the self-referential NSID via cross-namespace RTM_GETLINK requests. A search though open-source projects doesn't reveal any projects that use NETNSA_NSID_NOT_ASSIGNED and rely on metadata to contain self-referential NSIDs. Quite the opposite, ovs-vswitchd relies on the metadata to not be present to separate local and remote events. And the 'ip monitor' relies on the metadata to not be present to show '[nsid current]', though this is more like "print 'current' if there is nothing to print" situation, but still can be a little confusing for the user to see an ID for a local event. Fixes: 59324cf35aba ("netlink: allow to listen "all" netns") Reported-by: Matteo Perin Signed-off-by: Ilya Maximets --- net/netlink/af_netlink.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 2aeb0680807d6..607ab4e4ac697 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1482,9 +1482,11 @@ static void do_one_broadcast(struct sock *sk, p->skb2 =3D NULL; goto out; } - NETLINK_CB(p->skb2).nsid =3D peernet2id(sock_net(sk), p->net); - if (NETLINK_CB(p->skb2).nsid !=3D NETNSA_NSID_NOT_ASSIGNED) - NETLINK_CB(p->skb2).nsid_is_set =3D true; + if (!net_eq(sock_net(sk), p->net)) { + NETLINK_CB(p->skb2).nsid =3D peernet2id(sock_net(sk), p->net); + if (NETLINK_CB(p->skb2).nsid !=3D NETNSA_NSID_NOT_ASSIGNED) + NETLINK_CB(p->skb2).nsid_is_set =3D true; + } val =3D netlink_broadcast_deliver(sk, p->skb2); if (val < 0) { netlink_overrun(sk); --=20 2.53.0 From nobody Mon May 25 08:12:38 2026 Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E7F013B47F7 for ; Fri, 15 May 2026 20:19:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876393; cv=none; b=Y6sw78H/7jgczeUDYUqYyfFtxjMPRMOeXDN256Lyvk74IDYPxXFzQcIIzWZe8FUSW0s5iXp7nHBYqpgKET8Pu2awazLouZk+KbJc8beUy3dcHmA1vXbCptWD2YsFT5hSdX7eVa+ybg7DZxVsUtgaeaReDwKagqBtDUOhv5O6q24= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876393; c=relaxed/simple; bh=7IM3ALLv1AgX0seWLzIVOzbdOeXPtSRRe0lozcL/OEo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tY/IrTEUbKzd60UiVFADiJYaD3WZR1iCbA844cMFbdNdHWygv1HK9d2XoaTRU1cBruwRNw3zx2yd/9UqR9Q1zltTzH01GVl48EnPOYE7PSuWYiVdZDZ1ZSESVF5hrxd9aMFbV9CD7i8neE1zYRbiDBbfshZNbcQlVjj6CIejoZc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.128.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-4891e5b9c1fso1535605e9.2 for ; Fri, 15 May 2026 13:19:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778876390; x=1779481190; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ahZgkQzq/Ce3e/XVp5af27PA0zXGWrRU0/owFyh8aqA=; b=qgmT9WYJ5UXUnTQgVWUfWsbdnbHVwRHOMN/J4scFmQqz0ooKE6qzaOiuNHl+bDe5WH j+Pp/9QWJ7ptxnZnvDWsyWnvY1AM6TD+xzZi6s7NOIdKEQr3qhozr4SDEwLbtRNSwTf5 kOdJe9FXi86/iuQzOB8ceMBfYzGo/QG5GuJezosSvPJUqjmoR7QiXj/CWSDAEZbsvBKt N0BceqR+D5tKoyAFJYPveJf8aDNmdU0OrB+WpSsHKWSEq6idxyTaGC2NfkhbnKvVASzs b2NvLiWZ+h/6vL2ion4yhNiTojDKQ/x/i2NcfI7vQoWH2Oy1Fu+aiu89Jz0NR2eozzM8 xkCQ== X-Forwarded-Encrypted: i=1; AFNElJ980WvFdExxaC0OQocxpPVm/6KHdWv3kU+DcYpvJfo3gXCjf8i7b7gigrKI3AMhXnXRssnVWFVbPlhwu9s=@vger.kernel.org X-Gm-Message-State: AOJu0YzuHIgzLaALDfntS7KeGLSRX3cKpDHFJMy+QtwnllzXGx9Shz6S uuiE33QLeoPUOHm3zam4Enayq2ZMa7CGKUM4iIqp9diefTBVKQxKtGIN X-Gm-Gg: Acq92OH0o4L37PQhKPwqA1/ELtt35YxpDDbC/bna05fVcfq7aUK7dDHuxBMCHcHN2UR Kho+w1e4NFAx+09PCVSpMxFg1egiABvCiNpVi4qfEIQieNWyOZ5LswkBDnRhRweuSSLWA0x4LwM Na1WVuVZKTlsClwG+iaPc+6UxT8q16o4v4Ft6hIhqTn7oZg/aqEBt1HWTFrfUzlzUAiNWVcXajE 2sWFBSWxJWe6aqoYHvF/0DTvmI+TLuX9D1RDCeTwI8o3+4aOYjc99gm+HMgthns3JC3hou/Pr5t /cx0xor3RgjRAJXtKJYaAAgzHc3/t76yVqFdBytnVUBDBzIzsumqB7hZ5f0JopLag/u52Jxy1vW 2n7qkRYlaGhlAcDTdE7BdtE36Y67jTwYOpyhwkQlV27anrkPO6eJTlgFTdExtyqPNVaZWdKU+mw qLxfuVSnrBh2/ZNnQQrgBuL1b5Fb21EPl1QEPxry6Di54YWR37enLCFu1RVjVWBvAjzn/aYQ== X-Received: by 2002:a05:600d:8:b0:48a:93f8:dd02 with SMTP id 5b1f17b1804b1-48fe61f291cmr71924875e9.14.1778876390168; Fri, 15 May 2026 13:19:50 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48feab2896bsm22924605e9.4.2026.05.15.13.19.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 May 2026 13:19:49 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net 4/5] tools: ynl: support listening on all nsids Date: Fri, 15 May 2026 22:19:23 +0200 Message-ID: <20260515201937.2813983-5-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260515201937.2813983-1-i.maximets@ovn.org> References: <20260515201937.2813983-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" A new method ntf_listen_all_nsid() to enable listening on events from all namespaces. Useful for testing cross-namespace functionality. recv() replaced with recvmsg() to be able to receive NSID through the ancillary data. Assisted-by: OpenCode:claude-opus-4.6 Signed-off-by: Ilya Maximets --- tools/net/ynl/pyynl/lib/ynl.py | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/tools/net/ynl/pyynl/lib/ynl.py b/tools/net/ynl/pyynl/lib/ynl.py index f63c6f8287359..6d96c2b06507e 100644 --- a/tools/net/ynl/pyynl/lib/ynl.py +++ b/tools/net/ynl/pyynl/lib/ynl.py @@ -42,6 +42,7 @@ class Netlink: SOL_NETLINK =3D 270 =20 NETLINK_ADD_MEMBERSHIP =3D 1 + NETLINK_LISTEN_ALL_NSID =3D 8 NETLINK_CAP_ACK =3D 10 NETLINK_EXT_ACK =3D 11 NETLINK_GET_STRICT_CHK =3D 12 @@ -748,6 +749,21 @@ class YnlFamily(SpecFamily): self.sock.setsockopt(Netlink.SOL_NETLINK, Netlink.NETLINK_ADD_MEMB= ERSHIP, mcast_id) =20 + def ntf_listen_all_nsid(self): + self.sock.setsockopt(Netlink.SOL_NETLINK, + Netlink.NETLINK_LISTEN_ALL_NSID, 1) + + @staticmethod + def _decode_nsid(ancdata): + for cmsg_level, cmsg_type, cmsg_data in ancdata: + if (cmsg_level =3D=3D Netlink.SOL_NETLINK and + cmsg_type =3D=3D Netlink.NETLINK_LISTEN_ALL_NSID): + nsid =3D struct.unpack('i', cmsg_data)[0] + if nsid >=3D 0: + return nsid + return None + return None + def set_recv_dbg(self, enabled): self._recv_dbg =3D enabled =20 @@ -1235,7 +1251,7 @@ class YnlFamily(SpecFamily): f" when parsing '{attr_spec['name']}'") return raw =20 - def handle_ntf(self, decoded): + def handle_ntf(self, decoded, nsid=3DNone): msg =3D {} if self.include_raw: msg['raw'] =3D decoded @@ -1246,15 +1262,20 @@ class YnlFamily(SpecFamily): =20 msg['name'] =3D op['name'] msg['msg'] =3D attrs + if nsid is not None: + msg['nsid'] =3D nsid self.async_msg_queue.put(msg) =20 def check_ntf(self): while True: try: - reply =3D self.sock.recv(self._recv_size, socket.MSG_DONTW= AIT) + reply, ancdata, _, _ =3D self.sock.recvmsg(self._recv_size, + 4096, + socket.MSG_DONTWA= IT) except BlockingIOError: return =20 + nsid =3D self._decode_nsid(ancdata) nms =3D NlMsgs(reply) self._recv_dbg_print(reply, nms) for nl_msg in nms: @@ -1271,7 +1292,7 @@ class YnlFamily(SpecFamily): print("Unexpected msg id while checking for ntf", deco= ded) continue =20 - self.handle_ntf(decoded) + self.handle_ntf(decoded, nsid) =20 def poll_ntf(self, duration=3DNone): start_time =3D time.time() @@ -1335,7 +1356,8 @@ class YnlFamily(SpecFamily): rsp =3D [] op_rsp =3D [] while not done: - reply =3D self.sock.recv(self._recv_size) + reply, ancdata, _, _ =3D self.sock.recvmsg(self._recv_size, 40= 96) + nsid =3D self._decode_nsid(ancdata) nms =3D NlMsgs(reply) self._recv_dbg_print(reply, nms) for nl_msg in nms: @@ -1374,7 +1396,7 @@ class YnlFamily(SpecFamily): # Check if this is a reply to our request if nl_msg.nl_seq not in reqs_by_seq or decoded.cmd() !=3D = op.rsp_value: if decoded.cmd() in self.async_msg_ids: - self.handle_ntf(decoded) + self.handle_ntf(decoded, nsid) continue print('Unexpected message: ' + repr(decoded)) continue --=20 2.53.0 From nobody Mon May 25 08:12:38 2026 Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C37D739A809 for ; Fri, 15 May 2026 20:19:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876400; cv=none; b=ZZNctXnISiSqvBDj3ldsxUq3uNsSxCkIk6zOfHJrwUIZU70orqawL7270pt0OvyzSHOC4glOwdqsXfco6ewP35V+I5abZA+1Ia3ObdOUJfQ6LGdWNN31R1jwih4vJzCnJKldo7vthE9DtrOMXcYG+TSvzTCpNXqitXyzffuBGGI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778876400; c=relaxed/simple; bh=dSCFWc+eVmOl8KjQ/GacAUEGoakHTq/OkpAjt59yuYg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WkoXbpriiflitjNSApjaTpcq+IjNirrhUab3FIF7DMKiCRxggZ22lsT7cWB2lWGw3z9Nh6QMeS3dPCmX2RTStmIAaTnr6ZASwosG9TU51qg04CC9EaejaLTKXWVCQUTeAwPG4MDkluHGv+yicJDYTj4VY1x+2WQHw31hDw+aKnE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.128.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-48909558b3aso2034645e9.0 for ; Fri, 15 May 2026 13:19:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778876392; x=1779481192; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=R4vKfoZnMD2eHQmb96XRMlOUXaCZqDG0laQcmMFUQRk=; b=XD7XNUjco4oiujZtJyC8/uc+YV25vADuWKv1U3PcVsukxOM7zYKNbpu87BpfkVktOV 1gA0xCQWCSqdGk7qxT0n2b/EtY4cOKEB25D8v4QGTxoah60DM1uH5nP7dENaD/Oqr3cd iKDS1P6yRY37EkH3OKIGKscYXVeUC7AYdREODWxLYs+U364xjYdR42sIfzYbw0daLJK3 6tj23LUOW0EbUeKpGh9cFl5c4SAMIXqTkn3FOuqUZfY+qyzwzYsSXUjwb1x9ALYIoVwf G2dGIJ0W9vjFWSZAsmGHcSAicUJkQwWOPPMZ8plSLKs7sltO28NraoUxMz3uygaPw66R uHvA== X-Forwarded-Encrypted: i=1; AFNElJ++hkAhY5paE6HkRCEhs3SScXz9n6JkciOD0w1Q7tLXcPl2UbW1y/ki5E7O3/mfsJRxXuvNEp/MNVDyPKo=@vger.kernel.org X-Gm-Message-State: AOJu0YwlE5bF8EstTWxfgWz8coKo1zWSxpIFRB0ijgV78A1ALg1sCJJl ldOYQuu5gbPVyKr1VW6r/9IErIJE6xnD1THGL+g/ITovi5E9JxaWRv36 X-Gm-Gg: Acq92OE8iK7+behe7w79PL1+uO2DuFdFsW2afs58dCy798lzMrN9a0nBSuT1m8Z+pBu gztE9zWE/JYsKeL9ToklMLzq0RK8kTh/La3ArtwoMRNTdTdDZ3YuzzDftmhUHkvaRxaaDlD3AUA 5+dPBFnO92ccMJATJRmG5IM12udHP9WVQM5PKuD9q+y5svC/BHkCHP5ogsBaZ/K/W+7cq4zKnHV 1P4WmTPM4B/EPIp7HH4bqVh8EbnU7Wl4emk1rDySTgh31xnObA7J0brRJuO1qjXdQUEesgXZv7+ eTc7ePtsANBMbSZ5/wPSzrU0ED96ljbZIMD2NE4acqYmY6gdhKun5wJ3IA34eRqta/R0nC/JMDZ GpUfV7KUuW78EF6xaCkrpWoCEnaSTJQ0Z2Llf6bZGStoKibyNleHRkpamXGtN5dXt4EIN02V2gx uiUN7Z1gi5rOHZhWH2SwRzd9aZI1IGdNqq5ipdvJ8m1qxkyCtJ/j4xO6t7DbueN12aa+H6gA== X-Received: by 2002:a05:600c:c087:b0:48f:d612:3c4a with SMTP id 5b1f17b1804b1-48fe60de6bdmr63511375e9.1.1778876392152; Fri, 15 May 2026 13:19:52 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48feab2896bsm22924605e9.4.2026.05.15.13.19.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 May 2026 13:19:51 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net 5/5] selftests: net: add a test case for nsid in all nsid notifications Date: Fri, 15 May 2026 22:19:24 +0200 Message-ID: <20260515201937.2813983-6-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260515201937.2813983-1-i.maximets@ovn.org> References: <20260515201937.2813983-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The test makes subscribes to link events from all namespaces and makes sure that local events do not carry NSID in their ancillary data (even if there is a self-referential NSID allocated for the local namespace), and remote events do. Assisted-by: OpenCode:claude-opus-4.6 Signed-off-by: Ilya Maximets --- tools/testing/selftests/net/link_netns.py | 52 +++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/tools/testing/selftests/net/link_netns.py b/tools/testing/self= tests/net/link_netns.py index 2aae422d3f8a6..1e766154cb573 100755 --- a/tools/testing/selftests/net/link_netns.py +++ b/tools/testing/selftests/net/link_netns.py @@ -33,6 +33,57 @@ def test_event() -> None: "Received unexpected link notification") =20 =20 +def test_event_all_nsid() -> None: + """NETLINK_LISTEN_ALL_NSID notifications: local events must not + carry nsid even with a self-referential mapping. Remote events + must carry the correct nsid.""" + + with NetNS() as ns1, NetNS() as ns2: + net1, net2 =3D str(ns1), str(ns2) + + with NetNSEnter(net1): + rtnl =3D RtnlFamily() + rtnl.ntf_listen_all_nsid() + rtnl.ntf_subscribe("rtnlgrp-link") + + # Case 1: no nsid assigned, local event, no nsid expected. + ip("link add dummy-lo type dummy", ns=3Dnet1) + + # Case 2: self-referential nsid, local event, still no nsid. + ip(f"netns set {net1} {LINK_NETNSID}", ns=3Dnet1) + ip("link add dummy-sr type dummy", ns=3Dnet1) + + # Case 3: remote event, nsid present. + ip(f"netns set {net2} {LINK_NETNSID2}", ns=3Dnet1) + ip("link add dummy-re type dummy", ns=3Dnet2) + + # Collect the three newlink events, ignoring unrelated noise. + events =3D {} + for msg in rtnl.poll_ntf(duration=3D1): + if msg['name'] =3D=3D 'getlink': + ifname =3D msg['msg'].get('ifname') + if ifname in ('dummy-lo', 'dummy-sr', 'dummy-re'): + events[ifname] =3D msg + if len(events) =3D=3D 3: + break + + ksft_true('dummy-lo' in events, "missing local event") + ksft_true(events['dummy-lo'].get('nsid') is None, + "local event without nsid should not carry nsid") + + ksft_true('dummy-sr' in events, "missing self-ref event") + ksft_true(events['dummy-sr'].get('nsid') is None, + "local event with self-ref nsid should not carry nsid") + + ksft_true('dummy-re' in events, "missing remote event") + ksft_eq(events['dummy-re'].get('nsid'), LINK_NETNSID2, + "remote event should carry nsid") + + ip("link del dummy-lo", ns=3Dnet1) + ip("link del dummy-sr", ns=3Dnet1) + ip("link del dummy-re", ns=3Dnet2) + + def validate_link_netns(netns, ifname, link_netnsid) -> bool: link_info =3D ip(f"-d link show dev {ifname}", ns=3Dnetns, json=3DTrue) if not link_info: @@ -175,6 +226,7 @@ def test_peer_net_cross_ns() -> None: def main() -> None: ksft_run([ test_event, + test_event_all_nsid, test_link_net, test_peer_net, test_peer_net_cross_ns, --=20 2.53.0