Comments (8)
Here's the tshark output of a pcap ran for a few minutes on the container using tcpdump -i lo -w lo.pcap
while the migration was running. Can't share the full pcap because of the amount of unencrypted sql / data going through, I'd rather not have to go through the list and check every packet for sensitive data and edit it out.
You can see around 2.7s in (near the end of the file) all tcp traffic stops until around 121s in. The migration never finishes, and I stop things manually, although I haven't let it go for more than about 15 min. But usually the hundreds of migrations (when using slirp4netns) take less than 2 min total, whereas this one migration gets stuck for over 10 min using pasta with seemingly nothing actually happening.
from podman.
@sbrivio-rh your patch appears to have fixed the issue. After compiling and installing it, I ran the migration three times in a row and it worked every time. I then reverted to the commit before yours, installed again, and the migration got stuck at the same place it was happening before installing your patched version.
from podman.
A packet capture would be nice to have, you can ask pasta to save one with e.g. --network=pasta:--pcap,/tmp/postgres.pcap
.
You can drop packets you don't want to share using pcapedit
or even Wireshark, or have a look and share what seems to be relevant with a tshark
output.
from podman.
Running a packet capture seems to only pick up a few multicast listener report message v2
and router solicitation
packets, without picking up any of the postgres traffic. Are there options I'm missing? After letting the container run for several minutes and running the java app that runs the db migrations, I can see the app contacting the db and doing various things, but I only get about 12 total packets in the pcap.
podman run --rm -it --name postgres --network pasta:--pcap,/tmp/postgres.pcap -v pg:/var/lib/postgresql/data -p 5432:5432 -e POSTGRES_PASSWORD=postgres docker.io/postgres:14
from podman.
Running a packet capture seems to only pick up a few
multicast listener report message v2
androuter solicitation
packets, without picking up any of the postgres traffic. Are there options I'm missing?
Ah, no, my bad: pasta implements a tap bypass path for local connections that splices TCP sockets between container and host directly, to improve throughput by avoiding Layer-2 / Layer-4 translations where not needed, see the appendage in this diagram. Packets on that path are not captured (because they're not really packets -- we just move the Layer-4 payload around).
See also #22575 (comment) (that issue might be related, but we're not sure there's an issue in pasta yet) and the following comment.
To capture traffic in this case, tcpdump -i lo -w lo.pcap
in the container should do the trick.
from podman.
You can see around 2.7s in (near the end of the file) all tcp traffic stops until around 121s in.
Thanks a lot for the capture, this seems to be compatible with the current findings from #22575 -- I'm trying to reproduce that at the moment.
from podman.
@jadonclegg, assuming that #22575 is in fact the same issue, I just posted a patch to fix this at https://archives.passt.top/passt-dev/[email protected]/ (see also #22575 (comment)).
It would be great if you could test it by building from source (something on the lines of git clone git://passt.top/passt; cd passt; curl https://archives.passt.top/passt-dev/[email protected]/raw | git am; prefix=/usr sudo make install
).
from podman.
This is now fixed in passt version 2024_05_10.7288448 and the corresponding Fedora 40 update.
from podman.
Related Issues (20)
- Container create does not allow host port ranges HOT 1
- System boot hangs indefinitely on unclean shutdown with transient mode
- remote: pod top -eo invalid: unmarshalling error
- remote: pod start empty pod: error without message
- Rootless connection always set as default when removing a machine HOT 1
- Which version of runc is actually used by podman 5.x? HOT 5
- Cached 386 image becomes the default on amd64 host system HOT 2
- Regression in new podman machine images, machine does not start correctly HOT 12
- Podman Stopping windows working Session in DAAS machine HOT 6
- Quadlet service: Failed with result 'protocol' HOT 1
- Pasta Networking - OUTBOUND Traffic does NOT work, INBOUND Traffic works HOT 9
- Can't view logs: "Error: initial journal cursor: failed to get cursor: cannot assign requested address" HOT 3
- `podman kube play` not respecting `io.podman.annotations.userns` annotation HOT 1
- Running podman in podman results into an error to get to DNS server HOT 2
- docker version: Client and Engine missmatch HOT 6
- support download vm image manually before machine init HOT 3
- Insufficient permission error for Nvidia container runtime using Podman v5 HOT 2
- Permission denied extracting to etc.defaults/shadow within a bind mount on MacOS, works with Docker HOT 6
- Changing system time during pod creation causes init containers to run in incorrect order HOT 3
- unlinkat directory not empty on commit (rootless) HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from podman.