Bug 2087233 - podman uses deprecated networking functionality
Summary: podman uses deprecated networking functionality
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: podman
Version: 9.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Brent Baude
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-17 16:06 UTC by Josh Boyer
Modified: 2023-08-02 10:00 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-122383 0 None None None 2022-05-17 19:41:38 UTC

Description Josh Boyer 2022-05-17 16:06:19 UTC 
Description of problem:

When running a container via podman, the following errors are logged to dmesg and pop up on the console:

[   30.648852] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[   30.662142] IPv6: ADDRCONF(NETDEV_CHANGE): vethd6d8e018: link becomes ready
[   30.662202] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   30.662447] cni-podman0: port 1(vethd6d8e018) entered blocking state
[   30.662470] cni-podman0: port 1(vethd6d8e018) entered disabled state
[   30.662535] device vethd6d8e018 entered promiscuous mode
[   30.662612] cni-podman0: port 1(vethd6d8e018) entered blocking state
[   30.662633] cni-podman0: port 1(vethd6d8e018) entered forwarding state
[   30.683316] Warning: Deprecated Driver is detected: nft_compat will not be maintained in a future major release and may be disabled
[   36.217706] cni-podman0: port 1(vethd6d8e018) entered disabled state
[   36.217967] device vethd6d8e018 left promiscuous mode
[   36.217984] cni-podman0: port 1(vethd6d8e018) entered disabled state
[root@localhost ~]# 


Version-Release number of selected component (if applicable):

podman-4.0.2-6.el9_0.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Install RHEL 9 and podman
2. Run a container
3. Check dmesg for the deprecated messages

Actual results:

Things work fine, but using deprecated functionality

Expected results:

Latest podman uses fully supported functionality

Additional info:
Comment 3 Brent Baude 2022-05-18 17:53:14 UTC 
I was not looking at this ... but I can.
Comment 4 Josh Boyer 2022-05-27 19:21:23 UTC 
After removing podman from this VM and removing /var/lib/containers/* and reinstalling, I now have the z-stream fix that pulls in netavark.  The CNI message sare gone, but there's still the deprecated bridge filtering and nft_compt module messages when running a container:

[May27 15:18] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[  +0.017111] podman0: port 1(veth710ff9ff) entered blocking state
[  +0.000031] podman0: port 1(veth710ff9ff) entered disabled state
[  +0.000053] device veth710ff9ff entered promiscuous mode
[  +0.003681] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[  +0.000046] IPv6: ADDRCONF(NETDEV_CHANGE): veth710ff9ff: link becomes ready
[  +0.000036] podman0: port 1(veth710ff9ff) entered blocking state
[  +0.000025] podman0: port 1(veth710ff9ff) entered forwarding state
[  +0.022233] Warning: Deprecated Driver is detected: nft_compat will not be maintained in a future major release and may be disabled
[  +2.433978] podman0: port 1(veth710ff9ff) entered disabled state
[  +0.000328] device veth710ff9ff left promiscuous mode
[  +0.000018] podman0: port 1(veth710ff9ff) entered disabled state
[root@localhost ~]# rpm -q podman
podman-4.0.2-7.el9_0.x86_64
[root@localhost ~]#
Comment 5 Tom Sweeney 2023-05-05 13:27:17 UTC 
I neglected to assign this to Brent
Comment 6 Sandro Bonazzola 2023-08-02 10:00:30 UTC 
still happening with podman-4.6.0-1.el9.x86_64
Note You need to log in before you can comment on or make changes to this bug.