On 3/18/26 12:04 PM, Matteo Perin via dev wrote: > When NETLINK_LISTEN_ALL_NSID is enabled on the RTNL notification > socket, the kernel tags every broadcast RTM event with the sender > nsid as looked up in the receiver namespace-id table. Normally, > events originating in the local namespace carry no nsid cmsg (which > OVS interprets as NETNSID_LOCAL). > > However, some container runtimes cause the kernel to create a > self-referential nsid mapping (the root namespace gets a real nsid > that points back to itself) as a side-effect of cross namespace > link queries (RTM_GETLINK). When this mapping exists, the kernel > tags locally-originated events with that nsid instead of omitting > the cmsg, causing OVS to silently reject them. > > Fix this by: > > - At startup, query the kernel (RTM_GETNSID on /proc/self/ns/net) > to discover whether a self-referential nsid mapping already exists. > > - Subscribe the notification socket to RTNLGRP_NSID so that > RTM_NEWNSID events are received whenever the kernel creates a new > nsid mapping. On receiving such a notification, immediately > re-query the self-nsid. This is race-free: the notification and > the first tagged event arrive on the same socket and are processed > sequentially, so the self-nsid is updated before any tagged event > is evaluated. > > - In netdev_linux_update(), treat the self-nsid as equivalent to > NETNSID_LOCAL for local devices. Remote devices retain strict > nsid matching via the vport-queried nsid. > > Signed-off-by: Matteo Perin <[email protected]> > --- > lib/netdev-linux.c | 150 +++++++++++++++++++++++++++++++++++++++++---- > 1 file changed, 138 insertions(+), 12 deletions(-)
FWIW, I sent a patch set to try and fix this in the kernel: https://lore.kernel.org/netdev/[email protected]/ Not sure if it will be accepted or not, we'll see. And we'll probably still need to get this patch (or a variation of it) in, as it will take time before the fixes are available in stable kernels and distributions. I'll go over this set again next week. Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
