From nobody Sun May 24 22:36:43 2026 Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E5A373ED5C8 for ; Wed, 20 May 2026 17:23:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.67 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297821; cv=none; b=NuoJhJ3D/72l3G72Hv/9ivCq2LZbMHKjCPjr8B2by2Nikr9Sd6X5uAsVCLzGiuWx51RtyN1RtVBoBmDK7lDRLKVR5we73QnriWMfITR6w2BdvvPZAtztUfjb+gEyhxPzoQ7JS+lz49LjgcDAKAPpg/ZDf9+XkchW/E67RcaWQO0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297821; c=relaxed/simple; bh=pq5ewNPh6QbkE7tEQm34DFGGF2XP2Fga+Ldca3aZ7pk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UmwrlVzM4eGGGbnGILLMEDQGqyrIjnBQMqK+R8J4RO66l1+0o0G8M1eVnhGRpEeBxO9Iw5pdHC31TiAchvBXtgjWqFEsx0MnSG89ZlLNJuhzkwPaJnEwm+Zh/h/YwdVXZ4peiSEED4qU2XBCJfcPY9ypKEsBZCQtPNnyhd+AWvw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.221.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wr1-f67.google.com with SMTP id ffacd0b85a97d-43d76dd4ee8so2073662f8f.2 for ; Wed, 20 May 2026 10:23:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779297818; x=1779902618; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=z0yVai+Va2zy8HPA5HXIs74P3GZW6aeEN+twxmzuGU4=; b=ZgHmLdWQlN6YRTIL1O5kOKHMiEFY+eTtXs2wGkOf2DVb0fe2QRZnc1N7OaZWgAgOC/ JvXZbnr38kEXlWSaaYDOFt9RH8txzIdK0u8T9Itb8VXF8zU2HfI2D/hpHUW4C32RKreB skwf95chnSQau+4YqMasNLmFWPuAyjsWwI8yHTCXcSy3b1zEPI268OnZAdm/h/TqTDxw sI79jSpmp4szo9t2sR2WUOI3rsb/tzrRCHrJGjeD0IIF4GJKEmk7UtQSrS6e7DsC4YoY uhNsoHO3oF1Y0wgkzt/oezgC1cH9N00pyIRxxqQnI98n+xQXT9j5Z7YX/+SY/LL+Fp5a NcRw== X-Forwarded-Encrypted: i=1; AFNElJ+tnhQvmIZ5nyywUZ+kEDsH1fQJZCNfuSK+BambvlMZiaajvBCaOrWviPcnncxu4fFhBA9OCBRmhCDWLew=@vger.kernel.org X-Gm-Message-State: AOJu0YyJBcOlwQyMlvW+SJqLGSQ8TcKHXr8U0SSjk7Ct28CYF2WrqhZu 179UzSD0piXHZqLlb6BAQBYfa6NCWdr1DY8aYUDsULJGe/2P49HIz8q3 X-Gm-Gg: Acq92OGWDgzFCmrId0Zg4eUrUeQo8R6FexJz8b+QH6R9Qz9bP0ucKSUmAGa+ntqYX3a BG3atDjD9yex0AEYXW9j1VNas58211t46VFvf+OmsyEOZ/ZzNWgxNWRKGDsOGopR8SAVyqVsrSA i74CijIy67z0UMFRypQ1rM4ZPWJiJhsRZ7SzAlcpN/vxhnenC1NxMzLbwrbuBbEcqz2ApnvQoId BLDIQNoxi05+aie2xw03lpkcvmSHmwKWsBW7Leeo0X8Oo1JMSDO5IcS89//h2GPNgnwnu8DmXRB 1MK1MNg4u+qMS0yKvwEuMnRjzKZWf35jwXTx2lYlrIdnbbsU4TBgS1Q8I69Uwtl1YMhVEUQEV+f liy1kQP6Ddq4y04/5doVN+0bp41hymcjBUV50qBp9ra3KSVDpNoMExlXsfKP7byAkXQRCLswjWh NxlmezSEzGghW6tpIhJynrJdfsBZ+QfNcODkvX5JrrMPCPcqX98RRew8MZooM= X-Received: by 2002:a5d:584c:0:b0:439:b8b2:fabc with SMTP id ffacd0b85a97d-45e5c587396mr38222091f8f.21.1779297818305; Wed, 20 May 2026 10:23:38 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45da0fe0fecsm51125580f8f.26.2026.05.20.10.23.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 May 2026 10:23:37 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Kuniyuki Iwashima , Kees Cook , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net v2 1/4] net: netlink: fix sending unassigned nsid after assigned one Date: Wed, 20 May 2026 19:22:35 +0200 Message-ID: <20260520172317.175168-2-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260520172317.175168-1-i.maximets@ovn.org> References: <20260520172317.175168-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If the current skb is not shared, it is re-used directly for all the sockets subscribed to the notification. If we have remote all-nsid socket receiving a message first, then the 'nsid_is_set' will be set to 'true'. If the nsid is NOT_ASSIGNED for the next socket in the list, the 'nsid_is_set' will remain 'true' and the negative value is be delivered to the user space. All subsequent nsid values will be delivered as well, since there is no code path that sets the flag back to 'false'. Fix that by always dropping the flag to 'false' first. Fixes: 7212462fa6fd ("netlink: don't send unknown nsid") Signed-off-by: Ilya Maximets Acked-by: Nicolas Dichtel --- net/netlink/af_netlink.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 2aeb0680807d6..0742e97f256e4 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1482,6 +1482,7 @@ static void do_one_broadcast(struct sock *sk, p->skb2 =3D NULL; goto out; } + NETLINK_CB(p->skb2).nsid_is_set =3D false; NETLINK_CB(p->skb2).nsid =3D peernet2id(sock_net(sk), p->net); if (NETLINK_CB(p->skb2).nsid !=3D NETNSA_NSID_NOT_ASSIGNED) NETLINK_CB(p->skb2).nsid_is_set =3D true; --=20 2.53.0 From nobody Sun May 24 22:36:43 2026 Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8631372B58 for ; Wed, 20 May 2026 17:23:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297826; cv=none; b=Lnpwy1YFcMQCW/fvSSPYZ1Bwusca4kXhtTRQxAy1TX3QET5qxC8/vO20SueePdVABo9P5SY0o7Ty61ftRvncdGqwIvz9mecJUfm7ErEsLGpXKFooh1dDaGbF2DOUp6TRK7/TdUQDC1j+bzdA7gYnr3Xi5ZygtD0TTx7d7ilSNFI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297826; c=relaxed/simple; bh=dEn/DZjJ6ZkDMxdIMlTcRhfqUFij0sqTMuUmS72Qvf8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UT4+PtZvtbZMuyxPMFYMdica0GgEZ38lDiwgG2CMRJzPtX4omcUm+KM4GcwQTE2QeHlmdMklYgsb9JI94R1xjKgiNnFIjkjIGnbK1fge4R70YnJ2MKmMrYP4U0+nHdHjSxMszH1+cBG66qbG7FHA1x1MIyVL4LL5ZAfeGjRxmTk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.221.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wr1-f65.google.com with SMTP id ffacd0b85a97d-44b330c5cc6so3806535f8f.1 for ; Wed, 20 May 2026 10:23:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779297822; x=1779902622; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=f/5B2KT7zWN9FEt5jFJ3UZmNoriTd7Q2p02B+ALz3Mw=; b=isewNVoH+Qio32dHDS86lEhmDzfAQtxRIZ6fpYddpCAr39wqK+hX4uwm1KKDYeB8Bp 7Vw+K+BPvbta0X/nXtEAnh28h+HsJNq2BKl+1LZ9wUsSGkMaX4BGxdXDWhxb8E3eVxvm zDbNzSPNwq4U7j8C5Qe4tHUZLf5VQDWm8T6nUvJ0RjSPz14ICZMuiGR6346jJSSYyuXv KlCsLMpuATPWNqa7817WSPL5VIrcgbeJkisSqnO74Wm6b8t+2+0VEeiBhUvrvZFx5jZB WkrTrfYMtfz0VTXhHoW96wxIGpfGZ/TitZ5J8hQTxtXDdIxrfak7dx8+o9+7hTghOtsU chsA== X-Forwarded-Encrypted: i=1; AFNElJ8eaZzKMFiMzCij+bkVSbL29rqR8/5TCADLwNsyEHERvP2/SOrgBs+eQyLphLki8U4ryjBG4W7G2t8bkpU=@vger.kernel.org X-Gm-Message-State: AOJu0Ywyxie9eSTck7nmhmftt9DKNZFqB8P/0empWYRL89kQpijMuMVS FUN+xC32Gm3pM4+TvmhLKTM3pwCCi+ukTkst7VaxITscTKqREID6fZo1 X-Gm-Gg: Acq92OHLtHscFo5m6dOfQB3fBeunukykT3AK6CRhIGT1MEY6AwZl7TGAijR2WxuSdJy tgxc/NptYebtBcpdVm2pvE1vvV0tOEHho7ZXjKjGzYCTsZgfLAnvZCF6DIQoQJc6kSM23/QVh7X dCgi4OWaktLa9+sr3tVEbKBLKgeirFQwDxvA7iR2ZRlHzo615O0KrDLawtuwiy7FhSy4OhbD2lN GDMgVsXNzSN+5DsAqYXScMbLV1s3r1xjqLUi0ui7l2aFJQ/yOHlWsUOwUA37vrIfzfFQGolrCqR h0e4kyu6i63++Ei1abdDc5jsC9+HZ8M+Nq9V6lvAj7cv4fNXZ+FQHnaiQhdM6cnhSWHSX3sgLkE g8m1iX9PDVQl1tFl3cfKABz+4D75nGCTvW9lKDqT3FRB1tYmk/Nf2IuEP2mXpDJLi7gDRef3KQS 4NtVoj4R1jGi4/CEuuURg8lcw75zJNbTO5KUMj3z3Aw0O96tbC69LkDsoN4/2TXRO3UKOAnMJ4L CH3EvP9 X-Received: by 2002:a05:6000:2503:b0:43d:d037:d59c with SMTP id ffacd0b85a97d-45e5c5ca060mr41914479f8f.16.1779297822258; Wed, 20 May 2026 10:23:42 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45da0fe0fecsm51125580f8f.26.2026.05.20.10.23.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 May 2026 10:23:40 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Kuniyuki Iwashima , Kees Cook , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net v2 2/4] net: netlink: don't set nsid on local notifications Date: Wed, 20 May 2026 19:22:36 +0200 Message-ID: <20260520172317.175168-3-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260520172317.175168-1-i.maximets@ovn.org> References: <20260520172317.175168-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In most cases, notifications on sockets with NETLINK_LISTEN_ALL_NSID do not contain NSID in their ancillary data in case the event is local to the listener. However, when a self-referential NSID is allocated for a namespace, every local notification starts sending this ID to the user space. This is problematic, because the listener cannot tell if those notifications are local or not anymore without making extra requests to figure out if the provided NSID is local or not. The listener can also not figure out the local NSID beforehand as it can be allocated at any point in time by other processes, changing the structure of the future notifications for everyone. The value is practically not useful, since it's the namespace's own ID that the application has to obtain from other sources in order to figure out if it's the same or not. So, for the application it's just an extra busy work with no benefits. Moreover, applications that do not know about this quirk may be mishandling notifications with NSID set as notifications from remote namespaces. This is the case for ovs-vswitchd and the iproute2's 'ip monitor' that stops printing 'current' and starts printing the nsid number mid-session. Lack of clear documentation for this behavior is also not helping. A search though open-source projects doesn't reveal any projects that use NETNSA_NSID_NOT_ASSIGNED and rely on metadata to contain self-referential NSIDs (expected, since the value is not useful). Quite the opposite, as already mentioned, there are few applications that rely on NSID to not be present in local events. Since the value is not useful and actively harmful in some cases, let's not report it for local events, making the notifications more consistent. Also adding some blank lines for readability. Fixes: 59324cf35aba ("netlink: allow to listen "all" netns") Reported-by: Matteo Perin Signed-off-by: Ilya Maximets Acked-by: Nicolas Dichtel --- net/netlink/af_netlink.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 0742e97f256e4..7269e23b578d6 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1482,10 +1482,14 @@ static void do_one_broadcast(struct sock *sk, p->skb2 =3D NULL; goto out; } + NETLINK_CB(p->skb2).nsid_is_set =3D false; - NETLINK_CB(p->skb2).nsid =3D peernet2id(sock_net(sk), p->net); - if (NETLINK_CB(p->skb2).nsid !=3D NETNSA_NSID_NOT_ASSIGNED) - NETLINK_CB(p->skb2).nsid_is_set =3D true; + if (!net_eq(sock_net(sk), p->net)) { + NETLINK_CB(p->skb2).nsid =3D peernet2id(sock_net(sk), p->net); + if (NETLINK_CB(p->skb2).nsid !=3D NETNSA_NSID_NOT_ASSIGNED) + NETLINK_CB(p->skb2).nsid_is_set =3D true; + } + val =3D netlink_broadcast_deliver(sk, p->skb2); if (val < 0) { netlink_overrun(sk); --=20 2.53.0 From nobody Sun May 24 22:36:43 2026 Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 581D33F4DF4 for ; Wed, 20 May 2026 17:23:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.67 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297827; cv=none; b=ugEtBTcPvaylOqFu0wArkqhnOv7AysElB9g5oxs1uH5qNCQzByBB1c5z2ub0bXsCTpNJZHQavjbDbtt+5dagN/1g61gAiG+QpK9qvtWZgDojvEmKsiV8LcDwROaTij2c/kZVRVn0FcginHyAdQlEVzCm8UYE2YdRyfgGSPmSePc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297827; c=relaxed/simple; bh=2UYvNlSA+2GlROQWwNORHOgZveV7UHr6PN2hwqWlNuI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ejut8f5Gxudx5dBkZ2v+twrKvu9gHulXumT9QMYDnZcBXgdGsXz/yd8PQi0qWgJvoyYrtY7O70zif4ZwGRCIs7XAsUIO+ZTTW+2rS7l2ePANIBijmRDuyQ112JqpJxIyjhpRrFl8+ZH9KkfWMUjzeI6cJrleFWrGM+jHiy3Spyo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.221.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wr1-f67.google.com with SMTP id ffacd0b85a97d-43d73422431so3615367f8f.2 for ; Wed, 20 May 2026 10:23:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779297825; x=1779902625; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=EqFt3aKsOC7Q71BIE2C6rkJYkvil00DlAxCbqMAvtdk=; b=o4Br5jo7SjBiZgSkUUsXnriO6sky8bwoVgeSQdLbIF6TGAsCCes5A7Y+NJ5iZNjesl tckPjFtylIQXbl3x0IYGZFU320dA7twAG9CxyIeDx2SSgclNjjQ/TqnHuVZQRIwqxcMH TRlDwm7tHYQaGkuycjycVtXdAIiTdlIy4+H78D7wpHl98ZFuqyPuNmDuPMGykFGunIek 42A84PJkkdLU250CpO7Y5rXGu0T+H/mow2sM71OXPkE6R//4L6PAL5vt0/H2qAuKdv7Z BBQJvgt+A/1tqYiIrgORRX9RLeKPrzvF5x/oLeZOxC7VD96YXtyjj5fanEHbdDkk5KqQ ES2A== X-Forwarded-Encrypted: i=1; AFNElJ8ID/jbKKqhZqObhpaSNlLWH7ud2j5iPe5EuwgN1E3amlNo6kJrl/FkCNSGMiojpCxkuUhndNWlEoPrCxg=@vger.kernel.org X-Gm-Message-State: AOJu0YzPPiVJAPgrdTf5QhZCgVAsMxic37/v+fQOue6zDM9rdUhQ4htx cMYrm6Lszjy272pWiyCJTJbyoC6AJNr4tWNdOpdf2y4ddDdl0yhh8IAl X-Gm-Gg: Acq92OFLKMcF3xgtdG7+ZXIIK+3Z6rgYRpLNvZzcALJRG5m+7n9/E/2hEWj0TBvv0DF klBa9PerZF0OSIVqv6m1Ax47tTcGa6OUhk4nn3o34JISVXXKfExGo16KDTDcVtq7cv6EUk4dGtR H0EBsJ7GFAI780pezolO+2GArJ/sIR0wAuck5PqdzJoTzAyF7ywXdChftnLKKXUdp74IeenGlKb HV//cKqIt/a99dJgxB84cMrD6hPkcTuh7TX3TrsrJo4Uu4O/GpfTlQX4z7i7q3f4KFpxF/d0Sev QUzHbfXMs/3qXf0grzEpcLVxAOxy5OOrf+7+nxnc7JAiztAJqfVsfxowR/IGvETIPnENia02v4p iLHgWDnjp9aHqoQr1qKPRH2L17Wqg34KpH8QAtUavYLx6q/KLpqIcdYsgpywi5nmxX1CGJ/vlPk L7lN02jfk8x0h9US6HIB/pEQUwYNG++t8XzKEP2QyQEuHGuCtTnm/KRHPm7eM= X-Received: by 2002:a05:6000:46cc:b0:45e:a0ab:8bc8 with SMTP id ffacd0b85a97d-45ea0ab8cd1mr615345f8f.3.1779297824693; Wed, 20 May 2026 10:23:44 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45da0fe0fecsm51125580f8f.26.2026.05.20.10.23.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 May 2026 10:23:44 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Kuniyuki Iwashima , Kees Cook , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net v2 3/4] tools: ynl: support listening on all nsids Date: Wed, 20 May 2026 19:22:37 +0200 Message-ID: <20260520172317.175168-4-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260520172317.175168-1-i.maximets@ovn.org> References: <20260520172317.175168-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" A new method ntf_listen_all_nsid() to enable listening on events from all namespaces. Useful for testing cross-namespace functionality. recv() replaced with recvmsg() to be able to receive NSID through the ancillary data. Assisted-by: OpenCode:claude-opus-4.6 Signed-off-by: Ilya Maximets --- tools/net/ynl/pyynl/lib/ynl.py | 37 +++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/tools/net/ynl/pyynl/lib/ynl.py b/tools/net/ynl/pyynl/lib/ynl.py index f63c6f8287359..010aac0c6c67a 100644 --- a/tools/net/ynl/pyynl/lib/ynl.py +++ b/tools/net/ynl/pyynl/lib/ynl.py @@ -42,6 +42,7 @@ class Netlink: SOL_NETLINK =3D 270 =20 NETLINK_ADD_MEMBERSHIP =3D 1 + NETLINK_LISTEN_ALL_NSID =3D 8 NETLINK_CAP_ACK =3D 10 NETLINK_EXT_ACK =3D 11 NETLINK_GET_STRICT_CHK =3D 12 @@ -680,6 +681,7 @@ class YnlFamily(SpecFamily): Notification API: =20 ynl.ntf_subscribe(mcast_name) -- join a multicast group + ynl.ntf_listen_all_nsid() -- listen on all netns ynl.check_ntf() -- drain pending notifications ynl.poll_ntf(duration=3DNone) -- yield notifications =20 @@ -748,6 +750,23 @@ class YnlFamily(SpecFamily): self.sock.setsockopt(Netlink.SOL_NETLINK, Netlink.NETLINK_ADD_MEMB= ERSHIP, mcast_id) =20 + def ntf_listen_all_nsid(self): + """Enable NETLINK_LISTEN_ALL_NSID to receive notifications from all + namespaces that have an nsid mapped in the current one.""" + self.sock.setsockopt(Netlink.SOL_NETLINK, + Netlink.NETLINK_LISTEN_ALL_NSID, 1) + + @staticmethod + def _decode_nsid(ancdata): + for cmsg_level, cmsg_type, cmsg_data in ancdata: + if (cmsg_level =3D=3D Netlink.SOL_NETLINK and + cmsg_type =3D=3D Netlink.NETLINK_LISTEN_ALL_NSID): + nsid =3D struct.unpack('i', cmsg_data)[0] + if nsid >=3D 0: + return nsid + return None + return None + def set_recv_dbg(self, enabled): self._recv_dbg =3D enabled =20 @@ -1235,7 +1254,7 @@ class YnlFamily(SpecFamily): f" when parsing '{attr_spec['name']}'") return raw =20 - def handle_ntf(self, decoded): + def handle_ntf(self, decoded, nsid=3DNone): msg =3D {} if self.include_raw: msg['raw'] =3D decoded @@ -1246,15 +1265,22 @@ class YnlFamily(SpecFamily): =20 msg['name'] =3D op['name'] msg['msg'] =3D attrs + if nsid is not None: + msg['nsid'] =3D nsid self.async_msg_queue.put(msg) =20 + def _recvmsg(self, flags=3D0): + reply, ancdata, _, _ =3D self.sock.recvmsg(self._recv_size, 4096, = flags) + return reply, ancdata + def check_ntf(self): while True: try: - reply =3D self.sock.recv(self._recv_size, socket.MSG_DONTW= AIT) + reply, ancdata =3D self._recvmsg(socket.MSG_DONTWAIT) except BlockingIOError: return =20 + nsid =3D self._decode_nsid(ancdata) nms =3D NlMsgs(reply) self._recv_dbg_print(reply, nms) for nl_msg in nms: @@ -1271,7 +1297,7 @@ class YnlFamily(SpecFamily): print("Unexpected msg id while checking for ntf", deco= ded) continue =20 - self.handle_ntf(decoded) + self.handle_ntf(decoded, nsid) =20 def poll_ntf(self, duration=3DNone): start_time =3D time.time() @@ -1335,7 +1361,8 @@ class YnlFamily(SpecFamily): rsp =3D [] op_rsp =3D [] while not done: - reply =3D self.sock.recv(self._recv_size) + reply, ancdata =3D self._recvmsg() + nsid =3D self._decode_nsid(ancdata) nms =3D NlMsgs(reply) self._recv_dbg_print(reply, nms) for nl_msg in nms: @@ -1374,7 +1401,7 @@ class YnlFamily(SpecFamily): # Check if this is a reply to our request if nl_msg.nl_seq not in reqs_by_seq or decoded.cmd() !=3D = op.rsp_value: if decoded.cmd() in self.async_msg_ids: - self.handle_ntf(decoded) + self.handle_ntf(decoded, nsid) continue print('Unexpected message: ' + repr(decoded)) continue --=20 2.53.0 From nobody Sun May 24 22:36:43 2026 Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 711133F8706 for ; Wed, 20 May 2026 17:23:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.66 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297830; cv=none; b=mnLRPodgPvKtom0pL//VUsRPPud4bwjr3RGIJGpc55JW2yjNTWlDwv67o2RIAzCt0pRcWi4lRKtiOiQ6PcHjN/CcWQgSSsQQuB6yBzqmpdPexa6q5X6KAb4aW4FfM5eWKrJ9L72kF9iz7nf69X7OnKwxxMx/saOqN2itCYM7f0s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297830; c=relaxed/simple; bh=8ee1KK6pbWiMoa+lm6mq4reiA3CNV5J1Dikiqs/l0Hg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sGJDA0L5TgD5KD36xBgD91j4ZgxyzWje7l18p4Ew+eypy+H6wFvFyN9XXP2ESwKnocm803szrdYTi3HsdZpC3F1fcnbD5IanDmjRwWj86QKxlbXGAN01gEuKjLEWTXIpuFjh4lPq96JbwieOJ6rneJjXxcGJXfdEU2+fSrHIRQE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.128.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ovn.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-490229aa522so18584575e9.3 for ; Wed, 20 May 2026 10:23:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779297827; x=1779902627; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=DryccTLU/nbCr+QwWZ91fsYNK6rnvVP3JQDHF5PbwEg=; b=jLgZzBHn9CaU01+YGhuBzH6u6m5w3H4fHTtHRj1JPIUOUwgxE0gt40mhSv2n+YeVh0 hZd/xXGWgevCELqje8H6mz7hGbyuR6rWw/VqpSoMv5VHmX0u2N+QFBIO2st8IqLEy+g7 RsyXjEYeZ3m6mbkNoNlVOwSS5Kow+BVI24H00dj0E2zytoBfLAAsNsOKtMumbu0XaWpq iTyglUGHx4BzgKmoKJCNdVgxcsHusTeKiHQTI2Zc/ix1TXOKtK8QKZiLUH/78txgR11d CmAh0gkRxMug6ZCAr6K+k7KyzdmDp1A0F3Z7JB6pussDXbPbBWtBNqkI0ovKR4qQXBLy KEcQ== X-Forwarded-Encrypted: i=1; AFNElJ9GE96w1zp/rFRLfPgMcBgy7Xai9bfJ5n+swLgyNJL/mAGlw0WUqfafdrTHRMdwDbdq7ZlErvB9CQbUFnU=@vger.kernel.org X-Gm-Message-State: AOJu0Yx4rE1+Rpl9slEng6xUJwp1X3I2T0VuqlSXlJ0DsUgn/F33l/Yp vyHOeBFX/tzOMNMyKyZ0UJ2KIv6hIJ7I9HjFdspLh4tVFBWQ2ELUOKxV X-Gm-Gg: Acq92OFq74Y4lw6qEFEMo8tvod8Hl9LMHalL2bHYmJyFmps2ww+g/lYN6zKgwC/grwW K2fod+gqJRh6e3HlgItfROLgqhhUFqaMJECXsvlCjbLqZwYu/X/tlmfx+FIayAF0ggxRtxRGy04 5MngC9EkgIJHV1l0KY1DT4mKDKCGGxARiAjYmKoAEVVqqf7wY9zNqlsV8lT/WSIftbtXSC73PRF OOZpFjRwilMUh7WAm0oFL3CaByVUXhHEVGw3IFAtj+qmV0gWt4SGsOzX5Lv0y3qyrg8b+LFKQg5 aLWb3DHy/iw7Qci2WrgRSTGKR5sV+qbZw5VzlLciLDWwnJyY0GqJDCzjppm2EkMk1hcFlDJ/HhB EL0KYKrJcWuEOL/g6xW3KP3fI4VR03AC17UKmdNUqOLfq7GKDSnWqWiMfZz/jLdQRIJnZYhjfYP 14SgQvNgX/Uyrj2Q8ussenzYTJ58qNlnHJ6Thzk/nTKKj6PB+zXTWCg7YvQ/Y= X-Received: by 2002:a05:600c:1d99:b0:488:c078:bfda with SMTP id 5b1f17b1804b1-48fe631389bmr363429105e9.26.1779297826824; Wed, 20 May 2026 10:23:46 -0700 (PDT) Received: from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45da0fe0fecsm51125580f8f.26.2026.05.20.10.23.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 May 2026 10:23:46 -0700 (PDT) From: Ilya Maximets To: netdev@vger.kernel.org Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Donald Hunter , Shuah Khan , Kuniyuki Iwashima , Kees Cook , Adrian Moreno , Jiri Benc , Nicolas Dichtel , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Matteo Perin , Ilya Maximets Subject: [PATCH net v2 4/4] selftests: net: add a test case for nsid in all nsid notifications Date: Wed, 20 May 2026 19:22:38 +0200 Message-ID: <20260520172317.175168-5-i.maximets@ovn.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260520172317.175168-1-i.maximets@ovn.org> References: <20260520172317.175168-1-i.maximets@ovn.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The test subscribes to link events from all namespaces and makes sure that local events do not carry NSID in their ancillary data (even if there is a self-referential NSID allocated for the local namespace), and remote events do. Assisted-by: OpenCode:claude-opus-4.6 Signed-off-by: Ilya Maximets Acked-by: Nicolas Dichtel --- tools/testing/selftests/net/link_netns.py | 61 ++++++++++++++++++++++- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/link_netns.py b/tools/testing/self= tests/net/link_netns.py index aab043c59d695..6d1f863b6262e 100755 --- a/tools/testing/selftests/net/link_netns.py +++ b/tools/testing/selftests/net/link_netns.py @@ -3,13 +3,14 @@ =20 import time =20 -from lib.py import ksft_run, ksft_exit, ksft_true +from lib.py import ksft_run, ksft_exit, ksft_eq, ksft_true from lib.py import ip from lib.py import NetNS, NetNSEnter from lib.py import RtnlFamily =20 =20 LINK_NETNSID =3D 100 +LINK_NETNSID2 =3D 200 =20 =20 def test_event() -> None: @@ -32,6 +33,57 @@ def test_event() -> None: "Received unexpected link notification") =20 =20 +def test_event_all_nsid() -> None: + """NETLINK_LISTEN_ALL_NSID notifications: local events must not + carry nsid even with a self-referential mapping. Remote events + must carry the correct nsid.""" + + with NetNS() as ns1, NetNS() as ns2: + net1, net2 =3D str(ns1), str(ns2) + + with NetNSEnter(net1): + rtnl =3D RtnlFamily() + rtnl.ntf_listen_all_nsid() + rtnl.ntf_subscribe("rtnlgrp-link") + + # Case 1: no nsid assigned, local event, no nsid expected. + ip("link add dummy-lo type dummy", ns=3Dnet1) + + # Case 2: self-referential nsid, local event, still no nsid. + ip(f"netns set {net1} {LINK_NETNSID}", ns=3Dnet1) + ip("link add dummy-sr type dummy", ns=3Dnet1) + + # Case 3: remote event, nsid present. + ip(f"netns set {net2} {LINK_NETNSID2}", ns=3Dnet1) + ip("link add dummy-re type dummy", ns=3Dnet2) + + # Collect the three newlink events, ignoring unrelated noise. + events =3D {} + for msg in rtnl.poll_ntf(duration=3D1): + if msg['name'] =3D=3D 'getlink': + ifname =3D msg['msg'].get('ifname') + if ifname in ('dummy-lo', 'dummy-sr', 'dummy-re'): + events[ifname] =3D msg + if len(events) =3D=3D 3: + break + + ksft_true('dummy-lo' in events, "missing local event") + ksft_true(events['dummy-lo'].get('nsid') is None, + "local event without nsid should not carry nsid") + + ksft_true('dummy-sr' in events, "missing self-ref event") + ksft_true(events['dummy-sr'].get('nsid') is None, + "local event with self-ref nsid should not carry nsid") + + ksft_true('dummy-re' in events, "missing remote event") + ksft_eq(events['dummy-re'].get('nsid'), LINK_NETNSID2, + "remote event should carry nsid") + + ip("link del dummy-lo", ns=3Dnet1) + ip("link del dummy-sr", ns=3Dnet1) + ip("link del dummy-re", ns=3Dnet2) + + def validate_link_netns(netns, ifname, link_netnsid) -> bool: link_info =3D ip(f"-d link show dev {ifname}", ns=3Dnetns, json=3DTrue) if not link_info: @@ -133,7 +185,12 @@ def test_peer_net() -> None: =20 =20 def main() -> None: - ksft_run([test_event, test_link_net, test_peer_net]) + ksft_run([ + test_event, + test_event_all_nsid, + test_link_net, + test_peer_net, + ]) ksft_exit() =20 =20 --=20 2.53.0