Description

Conntrack doesn't update TCP state for un-NATted connections, but does track them. This leads to un-NATted connections eventually being reaped for no reason.

Steps to reproduce

No response

runsc version

No response

docker version (if using docker)

No response

uname

No response

kubectl (if using Kubernetes)

No response

repo state (if built from source)

No response

runsc debug logs (if available)

No response