From 058cd795cf76f95b48587c03dbaf08337f7141b5 Mon Sep 17 00:00:00 2001
From: Peter Ebden <peter.ebden@gmail.com>
Date: Wed, 11 Dec 2024 17:13:20 +0000
Subject: [PATCH 1/3] Add local IP and default gateway to network

---
 tools/sandbox/sandbox.c | 99 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 96 insertions(+), 3 deletions(-)

diff --git a/tools/sandbox/sandbox.c b/tools/sandbox/sandbox.c
index 1dffb3aa74..6ef6e683a5 100644
--- a/tools/sandbox/sandbox.c
+++ b/tools/sandbox/sandbox.c
@@ -12,6 +12,7 @@
 #include <sched.h>
 #include <signal.h>
 #include <net/if.h>
+#include <net/route.h>
 #include <sys/ioctl.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
@@ -19,6 +20,14 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <linux/rtnetlink.h>
+#include <arpa/inet.h>
+
+inline int perror_sock(char *errmsg, const int sock) {
+    close(sock);
+    perror(errmsg);
+    return 1;
+}
 
 // lo_up brings up the loopback interface in the new network namespace.
 // By default the namespace is created with lo but it is down.
@@ -35,15 +44,99 @@ int lo_up() {
     memset(&req, 0, sizeof(req));
     strncpy(req.ifr_name, "lo", IFNAMSIZ);
     if (ioctl(sock, SIOCGIFFLAGS, &req) < 0) {
-        perror("SIOCGIFFLAGS");
+      perror_sock("SIOCGIFFLAGS", sock);
         return 1;
     }
 
     req.ifr_flags |= IFF_UP;
     if (ioctl(sock, SIOCSIFFLAGS, &req) < 0) {
-        perror("SIOCSIFFLAGS");
+      perror_sock("SIOCSIFFLAGS", sock);
+        return 1;
+    }
+    close(sock);
+    return 0;
+}
+
+// default_gateway adds a routing table entry for all traffic to be
+// routed via the localhost. This is required to communicate with
+// additional IP addresses added to the loopback interface that are
+// outside of the 127.0.0.0/8 range.
+int default_gateway() {
+    const int sock = socket(AF_INET, SOCK_DGRAM, 0);
+    if (sock < 0) {
+        perror("socket");
         return 1;
     }
+
+    struct rtentry rte;
+    struct sockaddr_in *sa;
+    memset(&rte, 0, sizeof(rte));
+    rte.rt_flags = RTF_UP | RTF_GATEWAY;
+
+    sa = (struct sockaddr_in*) &rte.rt_gateway;
+    sa->sin_family = AF_INET;
+    sa->sin_addr.s_addr = inet_addr("127.0.0.1");
+
+    sa = (struct sockaddr_in*) &rte.rt_dst;
+    sa->sin_family = AF_INET;
+    sa->sin_addr.s_addr = INADDR_ANY;
+
+    sa = (struct sockaddr_in*) &rte.rt_genmask;
+    sa->sin_family = AF_INET;
+    sa->sin_addr.s_addr = INADDR_ANY;
+
+    if (ioctl(sock, SIOCADDRT, &rte) < 0) {
+        return perror_sock("SIOCADDRT", sock);
+    }
+
+    close(sock);
+    return 0;
+}
+
+// add_local_ip assigns an additional IP address to the loopback interface.
+// This is required for envtest to run in the sandbox which has a default
+// cluster IP range of 10.0.0.0/24 and cannot use addresses in the local
+// 127.0.0.0/8 range
+int add_local_ip()
+{
+    const int sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+    if (sock < 0) {
+        perror("socket");
+        return 1;
+    }
+
+    struct sockaddr_nl sa;
+    memset(&sa, 0, sizeof(sa));
+    sa.nl_family = AF_NETLINK;
+
+    if (bind(sock, (struct sockaddr*) &sa, sizeof(sa)) < 0) {
+        return perror_sock("bind", sock);
+    }
+
+    struct {
+        struct nlmsghdr nh;
+        struct ifaddrmsg ifa;
+        struct rtattr rta;
+        in_addr_t addr;
+    } req;
+    memset(&req, 0, sizeof(req));
+
+    req.nh.nlmsg_type = RTM_NEWADDR;
+    req.nh.nlmsg_flags = NLM_F_CREATE | NLM_F_EXCL | NLM_F_REQUEST;
+    req.nh.nlmsg_len = sizeof(req);
+
+    req.ifa.ifa_family = AF_INET;
+    req.ifa.ifa_prefixlen = 8;
+    req.ifa.ifa_index = 1 ; // 1 is the loopback interface in our sandbox
+
+    req.rta.rta_type = IFA_LOCAL;
+    req.rta.rta_len = RTA_LENGTH(sizeof(req.addr));
+    req.addr = inet_addr("10.1.1.1");
+
+    if (send(sock, &req, req.nh.nlmsg_len, 0) < 0) {
+        return perror_sock("send", sock);
+    }
+
     close(sock);
     return 0;
 }
@@ -204,7 +297,7 @@ int contain_child(void* p) {
     }
   }
   if (arg->net) {
-    if (lo_up() != 0) {
+    if (lo_up() || add_local_ip() || default_gateway()) {
       return 1;
     }
   }

From 5b8d7108cd4d90b93df6c9f48818ad7b49f92b9c Mon Sep 17 00:00:00 2001
From: Peter Ebden <peter.ebden@gmail.com>
Date: Thu, 12 Dec 2024 13:35:50 +0000
Subject: [PATCH 2/3] rm inline

---
 tools/sandbox/sandbox.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/sandbox/sandbox.c b/tools/sandbox/sandbox.c
index 6ef6e683a5..9a6b9fc4fa 100644
--- a/tools/sandbox/sandbox.c
+++ b/tools/sandbox/sandbox.c
@@ -23,7 +23,7 @@
 #include <linux/rtnetlink.h>
 #include <arpa/inet.h>
 
-inline int perror_sock(char *errmsg, const int sock) {
+int perror_sock(char *errmsg, const int sock) {
     close(sock);
     perror(errmsg);
     return 1;

From a873e94d1cd34e07fda8a3a477c340adcb3d58d1 Mon Sep 17 00:00:00 2001
From: Peter Ebden <peter.ebden@gmail.com>
Date: Thu, 12 Dec 2024 13:37:34 +0000
Subject: [PATCH 3/3] indent

---
 tools/sandbox/sandbox.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/sandbox/sandbox.c b/tools/sandbox/sandbox.c
index 9a6b9fc4fa..0866d64c92 100644
--- a/tools/sandbox/sandbox.c
+++ b/tools/sandbox/sandbox.c
@@ -44,13 +44,13 @@ int lo_up() {
     memset(&req, 0, sizeof(req));
     strncpy(req.ifr_name, "lo", IFNAMSIZ);
     if (ioctl(sock, SIOCGIFFLAGS, &req) < 0) {
-      perror_sock("SIOCGIFFLAGS", sock);
+        perror_sock("SIOCGIFFLAGS", sock);
         return 1;
     }
 
     req.ifr_flags |= IFF_UP;
     if (ioctl(sock, SIOCSIFFLAGS, &req) < 0) {
-      perror_sock("SIOCSIFFLAGS", sock);
+        perror_sock("SIOCSIFFLAGS", sock);
         return 1;
     }
     close(sock);