netlink: return better error if ipv6 is disabled

Right now getting a Permission denied error is not very helpful for users if adding an ipv6 addr fails because they have ipv6 disabled in the kernel. We should wrap that error and provide a hint about disabled ipv6 support in the kernel. Fixes #439 Signed-off-by: Paul Holzinger <[email protected]>
containers · Oct 26, 2022 · 72c42b6 · 72c42b6
1 parent f62f95a
commit 72c42b6
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/src/network/netlink.rs b/src/network/netlink.rs
@@ -169,10 +169,25 @@ impl Socket {
 
     pub fn add_addr(&mut self, link_id: u32, addr: &ipnet::IpNet) -> NetavarkResult<()> {
         let msg = Self::create_addr_msg(link_id, addr);
-        let result = self.make_netlink_request(
+        let result = match self.make_netlink_request(
             RtnlMessage::NewAddress(msg),
             NLM_F_ACK | NLM_F_EXCL | NLM_F_CREATE,
-        )?;
+        ) {
+            Ok(result) => result,
+            Err(err) => match err {
+                // kernel returns EACCES when we try to add an ipv6 but ipv6 is disabled in the kernel
+                NetavarkError::Netlink(ref e) if -e.code == libc::EACCES => match addr {
+                    ipnet::IpNet::V6(_) => {
+                        return Err(NetavarkError::wrap(
+                            "failed to add ipv6 address, is ipv6 enabled in the kernel?",
+                            err,
+                        ));
+                    }
+                    _ => return Err(err),
+                },
+                err => return Err(err),
+            },
+        };
         expect_netlink_result!(result, 0);
 
         Ok(())

diff --git a/test/100-bridge-iptables.bats b/test/100-bridge-iptables.bats
@@ -629,3 +629,11 @@ EOF
     assert "$output" !~ "10.89.1.0/24" "eth0 subnet should not exist"
     assert "$output" !~ "10.89.2.0/24" "eth1 subnet should not exist"
 }
+
+@test "$fw_driver - ipv6 disabled error message" {
+    # disable ipv6 in the netns
+     run_in_host_netns sysctl net.ipv6.conf.all.disable_ipv6=1
+
+    expected_rc=1 run_netavark --file ${TESTSDIR}/testfiles/ipv6-bridge.json setup $(get_container_netns_path)
+    assert '{"error":"add ip addr to bridge: failed to add ipv6 address, is ipv6 enabled in the kernel?: Netlink error: Permission denied (os error 13)"}' "error message"
+}