Pcap file is attached. This difference is due to the fact that pasta allows any IP address tobe used by the container, and it will learn that on the first packet. I see the same exact behaviour. We might be able to improve this, but I'm not entirely sure.I might misunderstand how passt/pasta work but it already configured the interface in the netns with the correct ip, no? Why does it need to learn it? On Wed, Oct 26, 2022 at 2:57 PM Stefano Brivio <sbrivio(a)redhat.com> wrote: > Hi Paul, > > On Wed, 26 Oct 2022 14:44:23 +0200 > Paul Holzinger <pholzing(a)redhat.com> wrote: > > > Hi, > > > > thanks for the quick patch. I can confirm that it works but there is > still > > an issue. > > Thanks for having a look! > > > The first ICMP package is always dropped: > > > > $ podman run --net=pasta alpine ping -c 2 192.168.188.1 > > PING 192.168.188.1 (192.168.188.1): 56 data bytes > > 64 bytes from 192.168.188.1: seq=1 ttl=42 time=0.550 ms > > > > --- 192.168.188.1 ping statistics --- > > 2 packets transmitted, 1 packets received, 50% packet loss > > round-trip min/avg/max = 0.550/0.550/0.550 ms > > > > This is a problem in pasta (it works from my host and with slirp4nents), > I > > also see the reply on the host with tcpdump: > > listening on enp9s0u2u1u2, link-type EN10MB (Ethernet), snapshot length > > 262144 bytes > > 14:41:09.457147 IP 192.168.188.22 > 192.168.188.1: ICMP echo request, id > > 31, seq 0, length 64 > > 14:41:09.457481 IP 192.168.188.1 > 192.168.188.22: ICMP echo reply, id > 31, > > seq 0, length 64 > > 14:41:10.456972 IP 192.168.188.22 > 192.168.188.1: ICMP echo request, id > > 31, seq 1, length 64 > > 14:41:10.457339 IP 192.168.188.1 > 192.168.188.22: ICMP echo reply, id > 31, > > seq 1, length 64 > > This difference is due to the fact that pasta allows any IP address tobe used by the container, and it will learn that on the first packet. I see the same exact behaviour. We might be able to improve this, but I'm not entirely sure.> > To make sure I have the right "problem" in mind, would you mind sharing > a packet capture (including ARP requests) from the container side? That > would be --net=pasta,-p,your.pcap. > > Thanks, > > -- > Stefano > >