From 72c42b6088834243e2996d9bb41696060335959b Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Wed, 26 Oct 2022 22:01:50 +0200
Subject: [PATCH] netlink: return better error if ipv6 is disabled

Right now getting a Permission denied error is not very helpful for
users if adding an ipv6 addr fails because they have ipv6 disabled in
the kernel. We should wrap that error and provide a hint about disabled
ipv6 support in the kernel.

Fixes #439

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 src/network/netlink.rs        | 19 +++++++++++++++++--
 test/100-bridge-iptables.bats |  8 ++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/network/netlink.rs b/src/network/netlink.rs
index 5d66d0bc8..70c8dd67b 100644
--- a/src/network/netlink.rs
+++ b/src/network/netlink.rs
@@ -169,10 +169,25 @@ impl Socket {
 
     pub fn add_addr(&mut self, link_id: u32, addr: &ipnet::IpNet) -> NetavarkResult<()> {
         let msg = Self::create_addr_msg(link_id, addr);
-        let result = self.make_netlink_request(
+        let result = match self.make_netlink_request(
             RtnlMessage::NewAddress(msg),
             NLM_F_ACK | NLM_F_EXCL | NLM_F_CREATE,
-        )?;
+        ) {
+            Ok(result) => result,
+            Err(err) => match err {
+                // kernel returns EACCES when we try to add an ipv6 but ipv6 is disabled in the kernel
+                NetavarkError::Netlink(ref e) if -e.code == libc::EACCES => match addr {
+                    ipnet::IpNet::V6(_) => {
+                        return Err(NetavarkError::wrap(
+                            "failed to add ipv6 address, is ipv6 enabled in the kernel?",
+                            err,
+                        ));
+                    }
+                    _ => return Err(err),
+                },
+                err => return Err(err),
+            },
+        };
         expect_netlink_result!(result, 0);
 
         Ok(())
diff --git a/test/100-bridge-iptables.bats b/test/100-bridge-iptables.bats
index 251a6c572..b1c7f268a 100644
--- a/test/100-bridge-iptables.bats
+++ b/test/100-bridge-iptables.bats
@@ -629,3 +629,11 @@ EOF
     assert "$output" !~ "10.89.1.0/24" "eth0 subnet should not exist"
     assert "$output" !~ "10.89.2.0/24" "eth1 subnet should not exist"
 }
+
+@test "$fw_driver - ipv6 disabled error message" {
+    # disable ipv6 in the netns
+     run_in_host_netns sysctl net.ipv6.conf.all.disable_ipv6=1
+
+    expected_rc=1 run_netavark --file ${TESTSDIR}/testfiles/ipv6-bridge.json setup $(get_container_netns_path)
+    assert '{"error":"add ip addr to bridge: failed to add ipv6 address, is ipv6 enabled in the kernel?: Netlink error: Permission denied (os error 13)"}' "error message"
+}