Hi, I have managed to fix the new connection refusal problem I was struggling with. Apparently my unprivileged port start setting had changed after the upgrade, even though it was set correctly in /etc/sysctl.conf. I fixed it by adding an entry in /etc/sysctl.d/.

And what version of rootlesskit are you running? Does it contain this
fix:
  https://github.com/rootless-containers/rootlesskit/pull/458
it's not directly related to your issue, but it changes the behaviour
significantly.

 To answer your questions, I'm using v2.3.1, which, I assume, includes this fix.
 
 Another important bit of information would be if container
connectivity works with an existing container (on 'docker run', not
'docker pull'), and, if it doesn't, whether pasta is running (check
with 'ps ax') while the container is running.
 
I used docker exec to get into the containers that are already running and I cannot ping/traceroute from the containers, but I can, for instance, use wget google.com and download the webpage. pasta is running, checked using ps ax.

...where did you take that package from, though?

I installed it using the deb package in https://launchpad.net/ubuntu/+source/passt

I know you have been asking me to run pasta with arguments with docker, but I'm not sure how to do this (pardon my inexperience). I use an override.conf file to set the default network and port driver of docker, and that's how I use pasta with docker. I have tried looking up how to do it in a different way that gives me more control over the arguments that go in, but I haven't been able to find it. Could you guide me regarding this or point me to a resource?

Thanks and regards,
Ayon


On Tue, May 20, 2025 at 1:26 PM Stefano Brivio <sbrivio@redhat.com> wrote:
Hi Ayon,

On Tue, 20 May 2025 12:09:46 -0230
Ayon T <sanroz.mozan13@gmail.com> wrote:

> Hi,
>
> I'm sorry for the delayed response. No, I am still using
> 0.0~git20250217.a1e48a0-1. I just meant that I had not used apt for
> installing passt.

...where did you take that package from, though? If it's something like
alvistack (https://github.com/alvistack/passt-top-passt/), there might
be other patches or modified / missing AppArmor profiles, and I can't
really look into that as well (I already maintain official packages, at
least for Debian).

> I had an upgrade planned to Ubuntu 24.10 and after that upgrade, my
> connections to port 53 are being refused when I'm using pasta, leaving me
> unable to use a DNS resolver. I'm not sure why this is. It works fine with
> the default network driver.
>
> This is not the issue I contacted you with and that's why I'm trying to
> figure out why this is happening myself (albeit with little luck).

I would suggest to start passing the --pcap option to pasta, say:

  podman run --net=pasta:--pcap,/tmp/port53.pcap ...

and then have a look at the resulting packet capture (with Wireshark /
tshark, for example).

As we keep fixing bugs, and we fixed quite a lot of things with UDP
flows since February, an updated package, or even a build from source,
(git clone git://passt.top && cd passt && make && sudo make install)
might be worth a try.

It takes a few seconds to build / install, and can be removed cleanly
with 'sudo make uninstall'.

--
Stefano