Skip to content

fix(libnetwork): interface name length validation #2372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-bot merged 1 commit into from
Mar 20, 2025
Merged

fix(libnetwork): interface name length validation #2372

openshift-merge-bot merged 1 commit into from
Mar 20, 2025

Conversation

@lpcalisi
Copy link
Contributor

@lpcalisi lpcalisi commented Mar 19, 2025
edited
Loading

Description

The Linux kernel imposes a 15-character limit on network interface names. Currently,
Podman allows creating networks with interface names longer than this limit, which
leads to runtime failures when attempting to use these networks.

How to reproduce error

For example:

# Creation succeeds but network is unusable
podman network create my_net --interface-name abcdefghij123456

# Container fails to start with netlink error
podman run -it --network my_net alpine
Error: preparing container: netavark (exit code 1): get bridge interface: 
Netlink error: Numerical result out of range (os error 34)

Fix

This change adds validation during network creation by adopting the same approach
used in the CNI project, which already handles this kernel limitation.

mheon
mheon reviewed Mar 19, 2025
View reviewed changes
libnetwork/internal/util/validate.go Outdated
if ifName == "." || ifName == ".." {
return fmt.Errorf("interface name is . or ..: %w", types.ErrInvalidArg)
}
for _, r := range ifName {
Copy link
Member

@mheon mheon Mar 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use strings.ContainsAny here instead

Copy link
Contributor Author

@lpcalisi lpcalisi Mar 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

77250cf

@mheon
Copy link
Member

mheon commented Mar 19, 2025

Code LGTM. @Luap99 PTAL. Can we test this in c/common or do we need a Podman test once this vendors?

Luap99
Luap99 reviewed Mar 20, 2025
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please squash the commits and add tests for each error case in libnetwork/netavark/config_test.go

@lpcalisi lpcalisi force-pushed the network-interface-validate branch 2 times, most recently from 1587d76 to a9b4f91 Compare March 20, 2025 12:10
Luap99
Luap99 reviewed Mar 20, 2025
View reviewed changes
@lpcalisi
fix(libnetwork): interface name length validation
c83bc2b 
Implements interface name length validation during network creation to prevent
netlink errors when names exceed the kernel's 15-character limit.

This prevents creation of networks with interface names that would cause failures
when running containers.

Signed-off-by: Lucas Pablo Calisi <lucas.calisi@mercadolibre.com>
@lpcalisi lpcalisi force-pushed the network-interface-validate branch from a9b4f91 to c83bc2b Compare March 20, 2025 14:02
@mheon
Copy link
Member

mheon commented Mar 20, 2025

LGTM

Luap99
Luap99 approved these changes Mar 20, 2025
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Mar 20, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 20, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lpcalisi, Luap99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 8077163 into containers:main Mar 20, 2025
14 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mheon mheon mheon left review comments

@Luap99 Luap99 Luap99 approved these changes

Assignees

@Luap99 Luap99

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lpcalisi @mheon @Luap99