search

google / gvisor

Application Kernel for Containers
https://gvisor.dev
Apache License 2.0
15.3k stars 1.27k forks source link

Fix returned MTU of interfaces in gVisor #10594

Open milantracy opened 2 days ago

milantracy commented 2 days ago

Description

ip link returns MTUs which doesn't match the respective MTU that are set for interfaces.

For example, loopback's MTU is always 65536 https://github.com/google/gvisor/blob/d59375d82e6301c08634e5d38c424fcf728ccda5/pkg/tcpip/link/loopback/loopback.go#L61-L63 ip link returns 65522

veth device's default MTU is set to 1500 per https://github.com/google/gvisor/blob/d59375d82e6301c08634e5d38c424fcf728ccda5/pkg/sentry/socket/netstack/stack.go#L200 ip link returns 1486

Steps to reproduce

$ docker run  --runtime clean-d -it --rm --privileged --name docker-in-gvisor docker-in-gvisor bash
root@d9df48518b04:/# ip netns add test
root@d9df48518b04:/# ip link add name veth1234 type veth peer name eth0 netns test
root@d9df48518b04:/# ip link
3: veth1234: <UP,LOWER_UP> mtu 1486 
    link/ether 0a:0e:3d:89:c1:59 brd ff:ff:ff:ff:ff:ff
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65522 
    link/loopback 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
2: eth0: <UP,LOWER_UP> mtu 1460 
    link/ether 02:42:c0:a8:09:02 brd ff:ff:ff:ff:ff:ff
root@d9df48518b04:/#

runsc version

build from HEAD

docker version (if using docker)

$ docker version
Client: Docker Engine - Community
 Version:           27.0.2
 API version:       1.46
 Go version:        go1.21.11
 Git commit:        912c1dd
 Built:             Wed Jun 26 18:47:46 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.0.2
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.11
  Git commit:       e953d76
  Built:            Wed Jun 26 18:47:46 2024
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          1.7.18
  GitCommit:        ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
 runc:
  Version:          1.7.18
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0


### uname

_No response_

### kubectl (if using Kubernetes)

_No response_

### repo state (if built from source)

_No response_

### runsc debug logs (if available)

_No response_
milantracy commented 2 days ago

iiuc, there are some header sizes gVisor may not take into consideration.