On Tue, Jun 18, 2024 at 08:21:12AM +0200, Stefano Brivio wrote:
> If routing daemons set up host routes, for example FRR via OSPF as in
> the reported issue, they might add nexthop identifiers (not objects)
> that are generally not valid in the target namespace. Strip them off
> as well, otherwise we'll get EINVAL from the kernel.
> 
> Link: https://github.com/containers/podman/issues/22960
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  netlink.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/netlink.c b/netlink.c
> index 4dbddb2..58822e9 100644
> --- a/netlink.c
> +++ b/netlink.c
> @@ -608,6 +608,15 @@ int nl_route_dup(int s_src, unsigned int ifi_src,
>  				 * route invalid in the namespace.  Strip off
>  				 * RTA_PREFSRC attributes to avoid that. */
>  				rta->rta_type = RTA_UNSPEC;
> +			} else if (rta->rta_type == RTA_NH_ID) {
> +				/* Host routes set up via routing protocols
> +				 * (e.g. OSPF) might contain a nexthop ID (and
> +				 * not nexthop objects, which are taken care of
> +				 * in the RTA_MULTIPATH case above) that's not
> +				 * valid in the target namespace. Strip those as
> +				 * well.
> +				 */
> +				rta->rta_type = RTA_UNSPEC;
>  			}
>  		}
>  

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson