A recently reported podman bug shows transfer failures
in podman
custom rootless networks connected with pasta. Analysis suggests this
is triggered by pasta generating a TCP packet without the ACK flag
when it should have one.
The exact symptoms seem to arise because of some odd kernel behaviour
- rather than simply ignoring the packet, an RST is observed killing
the connection. However, there are also packets seen after the RST
which don't seem to make sense.
While there are some mysteries which we still hope to track down here,
in the meantime it definitely seems like pasta's ACK behaviour isn't
correct, and appears to trigger the other problems. So, fix it.
Link:
https://github.com/containers/podman/issues/22146
Link:
https://bugs.passt.top/show_bug.cgi?id=84
David Gibson (4):
tcp: Split handling of DUP_ACK from ACK
tcp: Rearrange logic for setting ACK flag in tcp_send_flag()
tcp: Never automatically add the ACK flag to RST packets
tcp: Unconditionally force ACK for all !SYN, !RST packets