Bug 2087233

Summary: podman uses deprecated networking functionality
Product: Red Hat Enterprise Linux 9 Reporter: Josh Boyer <jwboyer>
Component: podmanAssignee: Brent Baude <bbaude>
Status: ASSIGNED --- QA Contact: atomic-bugs <atomic-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.0CC: bbaude, dwalsh, jnovy, jwboyer, lsm5, mheon, pthomas, sbonazzo, tsweeney, umohnani
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Boyer 2022-05-17 16:06:19 UTC 
Description of problem:

When running a container via podman, the following errors are logged to dmesg and pop up on the console:

[   30.648852] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[   30.662142] IPv6: ADDRCONF(NETDEV_CHANGE): vethd6d8e018: link becomes ready
[   30.662202] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   30.662447] cni-podman0: port 1(vethd6d8e018) entered blocking state
[   30.662470] cni-podman0: port 1(vethd6d8e018) entered disabled state
[   30.662535] device vethd6d8e018 entered promiscuous mode
[   30.662612] cni-podman0: port 1(vethd6d8e018) entered blocking state
[   30.662633] cni-podman0: port 1(vethd6d8e018) entered forwarding state
[   30.683316] Warning: Deprecated Driver is detected: nft_compat will not be maintained in a future major release and may be disabled
[   36.217706] cni-podman0: port 1(vethd6d8e018) entered disabled state
[   36.217967] device vethd6d8e018 left promiscuous mode
[   36.217984] cni-podman0: port 1(vethd6d8e018) entered disabled state
[root@localhost ~]# 


Version-Release number of selected component (if applicable):

podman-4.0.2-6.el9_0.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Install RHEL 9 and podman
2. Run a container
3. Check dmesg for the deprecated messages

Actual results:

Things work fine, but using deprecated functionality

Expected results:

Latest podman uses fully supported functionality

Additional info:
Comment 3 Brent Baude 2022-05-18 17:53:14 UTC 
I was not looking at this ... but I can.
Comment 4 Josh Boyer 2022-05-27 19:21:23 UTC 
After removing podman from this VM and removing /var/lib/containers/* and reinstalling, I now have the z-stream fix that pulls in netavark.  The CNI message sare gone, but there's still the deprecated bridge filtering and nft_compt module messages when running a container:

[May27 15:18] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[  +0.017111] podman0: port 1(veth710ff9ff) entered blocking state
[  +0.000031] podman0: port 1(veth710ff9ff) entered disabled state
[  +0.000053] device veth710ff9ff entered promiscuous mode
[  +0.003681] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[  +0.000046] IPv6: ADDRCONF(NETDEV_CHANGE): veth710ff9ff: link becomes ready
[  +0.000036] podman0: port 1(veth710ff9ff) entered blocking state
[  +0.000025] podman0: port 1(veth710ff9ff) entered forwarding state
[  +0.022233] Warning: Deprecated Driver is detected: nft_compat will not be maintained in a future major release and may be disabled
[  +2.433978] podman0: port 1(veth710ff9ff) entered disabled state
[  +0.000328] device veth710ff9ff left promiscuous mode
[  +0.000018] podman0: port 1(veth710ff9ff) entered disabled state
[root@localhost ~]# rpm -q podman
podman-4.0.2-7.el9_0.x86_64
[root@localhost ~]#
Comment 5 Tom Sweeney 2023-05-05 13:27:17 UTC 
I neglected to assign this to Brent
Comment 6 Sandro Bonazzola 2023-08-02 10:00:30 UTC 
still happening with podman-4.6.0-1.el9.x86_64