On Tue, Jun 18, 2024 at 08:21:12AM +0200, Stefano Brivio wrote:If routing daemons set up host routes, for example FRR via OSPF as in the reported issue, they might add nexthop identifiers (not objects) that are generally not valid in the target namespace. Strip them off as well, otherwise we'll get EINVAL from the kernel. Link: https://github.com/containers/podman/issues/22960 Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au>--- netlink.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/netlink.c b/netlink.c index 4dbddb2..58822e9 100644 --- a/netlink.c +++ b/netlink.c @@ -608,6 +608,15 @@ int nl_route_dup(int s_src, unsigned int ifi_src, * route invalid in the namespace. Strip off * RTA_PREFSRC attributes to avoid that. */ rta->rta_type = RTA_UNSPEC; + } else if (rta->rta_type == RTA_NH_ID) { + /* Host routes set up via routing protocols + * (e.g. OSPF) might contain a nexthop ID (and + * not nexthop objects, which are taken care of + * in the RTA_MULTIPATH case above) that's not + * valid in the target namespace. Strip those as + * well. + */ + rta->rta_type = RTA_UNSPEC; } }-- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson