search

google / gvisor

Application Kernel for Containers
https://gvisor.dev
Apache License 2.0
15.84k stars 1.3k forks source link

IP fragment reassembly timeout should be configurable #3592

Open toshikik opened 4 years ago

toshikik commented 4 years ago

Currently the IP fragment reassembly timeout is fixed to 30 seconds (DefaultReassembleTimeout). It should be configurable (ideally dynamically).

toshikik commented 4 years ago

There is /proc/sys/net/ipv4/ipfrag_time and reading it returns 30, but unlike Linux, it is not writable.

hbhasker commented 4 years ago

Hooking that up should be straightforward.

hbhasker commented 4 years ago

https://github.com/google/gvisor/blob/35312a95c4c8626365b4ece5ffb0bcab44b4bede/pkg/sentry/fs/proc/sys_net.go#L398 https://github.com/google/gvisor/blob/35312a95c4c8626365b4ece5ffb0bcab44b4bede/pkg/sentry/fsimpl/proc/tasks_sys.go#L67

Those need to be replaced with an actual pseudo file implementation that reads/writes from the stack.

Similar to this https://github.com/google/gvisor/blob/35312a95c4c8626365b4ece5ffb0bcab44b4bede/pkg/sentry/fs/proc/sys_net.go#L389

github-actions[bot] commented 4 years ago

This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 30 days.

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 30 days.