On Mon, May 22, 2023 at 01:42:19AM +0200, Stefano
Brivio wrote:
Use the newly-introduced NL_DUP mode for
nl_route() to copy all the
routes associated to the template interface in the outer namespace,
unless --no-copy-routes (also implied by -g) is given.
Otherwise, we can't use default gateways which are not, address-wise,
on the same subnet as the container, as reported by Callum.
Reported-by: Callum Parsey <callum(a)neoninteger.au>
Link:
https://github.com/containers/podman/issues/18539
Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>
Reviewed-by: David Gibson <david(a)gibson.dropbear>
The logic looks sound, although I do have one concern noted below.
---
conf.c | 14 ++++++++++++++
passt.1 | 10 ++++++++++
passt.h | 4 +++-
pasta.c | 6 ++++--
4 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/conf.c b/conf.c
index 3ee6ae0..7541261 100644
--- a/conf.c
+++ b/conf.c
@@ -923,6 +923,7 @@ pasta_opts:
info( " --no-netns-quit Don't quit if filesystem-bound target");
info( " network namespace is deleted");
info( " --config-net Configure tap interface in namespace");
+ info( " --no-copy-routes Don't copy all routes to namespace");
I'm always a bit nervous about adding new options, since it's
something we then have to maintain compatibility for. Do we have a
confirmed use case where the copy routes behaviour will cause trouble?