network: Add FFI_NO_PI to the netlink flags

Adding FFI_NO_PI to the netlink flags causes no harm to the supported and tested hypervisors as when opening the device by its name Cloud Hypervisor[0], Firecracker[1], and QEMU[2] do set the flag already. However, when receiving the file descriptor of an opened tutap device Cloud Hypervisor is not able to set the flag, leaving the guest without connectivity. To avoid such an issue, let's simply add the FFI_NO_PI flag to the netlink flags and ensure, from our side, that the VMMs don't have to set it on their side when dealing with an already opened tuntap device. Note that there's a PR opened[3] just for testing that this change doesn't cause any breakage. [0]: e52175c2ab/net_util/src/tap.rs (L129) [1]: b6d6f71213/src/devices/src/virtio/net/tap.rs (L126) [2]: 3757b0d08b/net/tap-linux.c (L54) [3]: https://github.com/kata-containers/kata-containers/pull/4292 Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2025-04-28 19:54:35 +00:00 · 2022-05-21 09:17:34 +02:00 · 2022-05-21 09:17:34 +02:00 · 93b61e0f07
commit 93b61e0f07
parent bf3ddc125d
1 changed files with 1 additions and 1 deletions
--- a/src/runtime/virtcontainers/network_linux.go
+++ b/src/runtime/virtcontainers/network_linux.go
@ -408,7 +408,7 @@ func createLink(netHandle *netlink.Handle, name string, expectedLink netlink.Lin

 	switch expectedLink.Type() {
 	case (&netlink.Tuntap{}).Type():
-		flags := netlink.TUNTAP_VNET_HDR
+		flags := netlink.TUNTAP_VNET_HDR | netlink.TUNTAP_NO_PI
 		if queues > 0 {
 			flags |= netlink.TUNTAP_MULTI_QUEUE_DEFAULTS
 		}