-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Container with podman network not receiving UDP traffic #1045
Comments
This is likely because we do not change any conntack entries in netavark. We must call into the kernel netlink API to drop the stale entries and last I check our netlink did not have any support for conntack types so we would need to implement the types from scratch which is a lot of work. Note if you are RHEL user it is best to report this through the Red Hat support channels so this can get better prioritized. |
Is there a work around possible? |
manually clear conntrack entries (assuming that is actually causing the issue you are having) |
I am having this same issue after restarting a pod that uses quadlets ( I was able to work around it by manually clearing the conntrack entries as suggested.
Any way I can help troubleshoot why this is happening, and help fix it, so this work around isn't required? |
Manually clearing the conntrack entries was an acceptable workaround for us in production. Otherwise I cannot offer any further information about this. Sorry |
It happens because the kernel keeps the conntrack kernel around for a while. Not sure on the time but it is not important. What needs to happen is for netavark to learn how to flush these entries on setup/teardown. And this requires us to talk to the proper kernel APIs like conntrack does. Calling the conntrack command from netavark would not seem acceptable to me. |
Issue Description
Upon running a simple python server container listening on a UDP socket with an attached podman network, UDP traffic that is being sent to the port does not arrive.
Versions 5.2.0-dev-5d10f77da and 4.9.4-rhel both were tried with the same results.
This is a MRE of the issue we are having in production. Docker is fine, podman+cni is fine, podman+netavark exhibits this issue. Note restarting our UDP devices or changing the source port is very cumbersome and we wish to avoid this.
Steps to reproduce the issue
Steps to reproduce the issue
podman build . -t podman_udp_test
podman network create podman_udp
nping -g 17580 -p 17000 -c 1000000 --udp 127.0.0.1
podman run -p 17000:17000/udp --net podman_udp_network podman_udp_testing
Describe the results you received
No output
Describe the results you expected
Output from the server after receiving packets
podman info output
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
Yes
Additional environment details
There was no difference from running nping on localhost versus running it on a different machine that can access the podman container
Additional information
Starting the python server first and then starting the UDP sender works as expected but this doesn't help our use case.
Stopping and restarting the UDP sender program while the container is running doesn't help. Only by changing the source port of the UDP sender program does traffic start being received, but we cannot easily change the source port of the UDP traffic.
The text was updated successfully, but these errors were encountered: