On 27/11/2024 05:27, Stefano Brivio wrote:There are setups where no host interface is available or configured at all, intentionally or not, temporarily or not, but users expect (Podman) containers to run in any case as they did with slirp4netns, and we're now getting reports that we broke such setups at a rather alarming rate. To this end, if we don't find any usable host interface, instead of exiting: - for IPv4, use 169.254.2.1 as guest/container address and 169.254.2.2 as default gateway - for IPv6, don't assign any address (forcibly disable DHCPv6), and use the *first* link-local address we observe to represent the guest/container. Advertise fe80::1 as default gateway - use 'tap0' as default interface name for pasta Change ifi4 and ifi6 in struct ctx to int and accept a special -1 value meaning that no host interface was selected, but the IP family is enabled. The fact that the kernel uses unsigned int values for those is not an issue as 1. one can't create so many interfaces anyway and 2. we otherwise handle those values transparently. Fix a botched conditional in conf_print() to actually skip printing DHCPv6 information if DHCPv6 is disabled (and skip printing NDP information if NDP is disabled). Link: https://github.com/containers/podman/issues/24614 Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>Just for completeness sake, I know it is already applied. so it doesn't matter. Tested-by: Paul Holzinger <pholzing(a)redhat.com>--- v4: In conf(), leave the (*c->ip4.ifname_out && !c->ifi4) || (*c->ip6.ifname_out && !c->ifi6) case alone: there, the user gave outbound interfaces explicitly but we couldn't use them v3: Coverity reports that, in conf(), we might supply a negative c->ifi4 to if_indextoname() after checking that (!*c->pasta_ifn). That's a false positive, because if c->ifi4 is -1, we already set c->pasta_ifn to "tap0", so we won't call if_indextoname() at all, but, to make my life simpler, add a redundant check on c->ifi4 and c->ifi6 before calling if_indextoname() on them. v2: - drop fixed link-local address for IPv6 - change addresses to be reminiscent of libslirp's default choices - add man page changes and commit message - fix several things around, from testing (checked with several --map-guest-addr and --map-host-loopback combinations etc.) conf.c | 97 ++++++++++++++++++++++++++++++++++++++++++++------------- passt.1 | 33 +++++++++++++++++--- passt.h | 8 ++--- pasta.c | 7 +++-- tap.c | 3 ++ 5 files changed, 116 insertions(+), 32 deletions(-)-- Paul Holzinger