Open cfergeau opened 1 month ago
This can be reproduced with podman machine by following these steps (I tested on a mac):
/opt/podman/bin/gvproxy
with the binary you want to testpodman machine stop && podman machine start
podman run -it -rm -p 8111:8111 ubi9
yum install nmap-ncat
followed by nc -l -k -v 8111
echo hello | nc localhost 8111
lsof -nP -iTCP | grep 8111
, there will be multiple lines when the bug occurs
We cannot use the latest github.com/inetaf/tcpproxy commit because of https://github.com/containers/gvisor-tap-vsock/commit/61dc4e1eb260427d9a39ccaeeb75fe85be7dcccc which causes a regression in podman https://github.com/containers/podman/issues/23616
My feeling is that this revert is either hiding a gvisor-tap-sock bug which has been present for a long time, or it's avoiding a newly introduced bug in inetaf/tcpproxy. In either cases ,it would be good to understand better what caused the issue leading to the revert. The podman bug has a reproducer for it.