Missing Close() in gvisor-tap-vsock, or tcpproxy bug?

[cfergeau]

We cannot use the latest github.com/inetaf/tcpproxy commit because of 61dc4e1 which causes a regression in podman containers/podman#23616

My feeling is that this revert is either hiding a gvisor-tap-sock bug which has been present for a long time, or it's avoiding a newly introduced bug in inetaf/tcpproxy. In either cases ,it would be good to understand better what caused the issue leading to the revert. The podman bug has a reproducer for it.

[cfergeau]

This can be reproduced with podman machine by following these steps (I tested on a mac):

• if podman was installed with their installer, replace /opt/podman/bin/gvproxy with the binary you want to test
• podman machine stop && podman machine start
• podman run -it -rm -p 8111:8111 ubi9
• in the container, yum install nmap-ncat followed by nc -l -k -v 8111
• in another terminal on the mac, echo hello | nc localhost 8111
• if this command does not return without ctrl+c, then you are seeing the bug
• you can also run it multiple times in a row, and then check lsof -nP -iTCP | grep 8111, there will be multiple lines when the bug occurs