On Tue, Jun 18, 2024 at 01:56:11PM +0200, Stefano Brivio wrote: > To implicitly resolve possible dependencies between routes as we > duplicate them into the target namespace, we go through a set of n > routes n times, and ignore EEXIST responses to netlink messages (we > already inserted the route) and ENETUNREACH (we didn't insert the > route yet, but we need to insert another one first). > > Until now, we didn't ignore EHOSTUNREACH responses. However, > NetworkManager users with multiple non-subnet routes for the same > interface report that pasta exits with "no route to host" while > duplicating routes. > > This happens because NetworkManager sets the 'noprefixroute' attribute > on addresses, meaning that the kernel won't create subnet routes > automatically depending on the prefix length of the address. We copy > this attribute as we copy the address into the target namespace, and > as a result, the kernel doesn't create subnet routes in the target > namespace either. > > This means that the gateway for routes that are inserted later can be > unreachable at some points during the sequence of route duplication. > That is, we don't just have dependencies between regular routes, but > we can also have dependencies between regular routes and subnet > routes, as subnet routes are not automatically inserted in advance. Nice explanation, thank you. > Link: https://github.com/containers/podman/issues/22824 > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > netlink.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/netlink.c b/netlink.c > index 4dbddb2..0be4ea3 100644 > --- a/netlink.c > +++ b/netlink.c > @@ -655,7 +655,8 @@ int nl_route_dup(int s_src, unsigned int ifi_src, > rc = nl_do(s_dst, nh, RTM_NEWROUTE, > (flags & ~NLM_F_DUMP_FILTERED) | NLM_F_CREATE, > nh->nlmsg_len); > - if (rc < 0 && rc != -ENETUNREACH && rc != -EEXIST) > + if (rc < 0 && rc != -EEXIST && > + rc != -ENETUNREACH && rc != -EHOSTUNREACH) > return rc; > } > } -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson