Bug 84 - passt/pasta sometimes fails to include ACK flag on packets which should have it
Summary: passt/pasta sometimes fails to include ACK flag on packets which should have it
Status: RESOLVED FIXED
Alias: None
Product: passt
Classification: Unclassified
Component: TCP (show other bugs)
Version: unspecified
Hardware: All Linux
: Normal blocker
Assignee: David Gibson
URL:
Depends on:
Blocks:
 
Reported: 2024-03-25 04:14 UTC by David Gibson
Modified: 2024-03-27 12:10 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Gibson 2024-03-25 04:14:09 UTC 
Originally reported via podman, in:
    https://github.com/containers/podman/issues/22146

For non-SYN packets TCP, passt/pasta has some quite complex to see if should add the ACK flag.  In particular it sometimes won't set ACK on a flags packet that's just updating the window without advancing the ack pointer.  At least some guest kernel versions reject such a packet, sending a TCP reset.

Looking at the TCP RFCs, that kernel behaviour appears to be correct, see, e.g.:
    https://www.ietf.org/rfc/rfc9293.html#section-3.10.7.4-2.5.2.1

It's pretty hard to follow all the cases, but I think it's probably not correct for us to send any non-SYN, non-RST packet that doesn't have ACK.
Comment 1 David Gibson 2024-03-27 12:10:57 UTC 
Looks like we've fixed it.  More details in https://github.com/containers/podman/issues/22146
Note You need to log in before you can comment on or make changes to this bug.