Be able to configure timeout on virtual switch ports

[joris-lammers]

Hi,

I am using a docker container to run regression tests (written in Python) using omniORB to communicate to the DUT.

Because of the omniORB interface to the DUT, we need to log in to the DUT before any API call is excepted and so we do. But sometimes, the opened TCP connection to the omniORB endpoint in the DUT is idle for multiple minutes after the initial logon. When finally, after for example 5 minutes, the regression script uses the IIOP API again, I believe vpnkit is opening a new connection from the OS X host to the DUT. But for the DUT, this new connection requires an logon first before any other API calls are excepted. However, from a regression script point of view, the connection has been established and has not changed. Result: failure of the script.

The README.md of this repo explains that the virtual switch will close the port when activity is absent for some time (not defined in README.md how long). This breaks the above regression framework we are using and I've already tried to reduce the keepalive timers in the container (to make sure there is at least data being sent over the idle connection) but for some reason that did not work.

So another way around the issue would be if I could extend the timeout in the virtual switch before it decides to open a new connection. Is there a way to do so?

[djs55]

Thanks for your report. I suspect you're right about the timeout. As an experiment I made a PR (#235) with a small patch which bumps the timeout from 5 minutes to 50. Since it's a bit tricky to set up a build environment for vpnkit at the moment I recommend waiting for the CircleCI job to finish and then download the vpnkit binary as an artefact from there. I'll add some links and instructions when the build finishes. You can then test to see if it helps or not. If it helps then we can work out a better long term solution.

As it happens I used to work on omniORB but it's been quite a long time now. Your report brought back some memories!

[djs55]

@joris-lammers the CircleCI build is ready. The build https://circleci.com/gh/moby/vpnkit/794 has an artefact link : https://794-58395340-gh.circle-artifacts.com/0/Users/distiller/vpnkit/vpnkit.tgz -- the archive contains a couple of subdirectories and the vpnkit binary. It can be tested like this:

• stop Docker

  
  # backup original file
  cp /Applications/Docker.app/Contents/Resources/bin/vpnkit /Applications/Docker.app/Contents/Resources/bin/vpnkit.backup

mkdir tmp cd tmp wget https://794-58395340-gh.circle-artifacts.com/0/Users/distiller/vpnkit/vpnkit.tgz tar -xvzf vpnkit.tgz sha1sum Contents/MacOS/vpnkit # should be 948c4e075fbc9659c85ed514e19f1e655f3e0fa8 cp Contents/MacOS/vpnkit /Applications/Docker.app/Contents/Resources/bin/vpnkit

- restart the app

[joris-lammers]

Hmmm... no vpnkit binary in my install:

[lammerj@osx bin]$ pwd
/Applications/Docker.app/Contents/Resources/bin
[lammerj@osx bin]$ ls -lh
total 119712
-rwxr-xr-x  1 lammerj  admin    11M May 11 16:35 docker
-rwxr-xr-x  1 lammerj  admin   5.2M May 11 16:35 docker-compose
-rwxr-xr-x  1 lammerj  admin   1.4M May 11 16:35 docker-credential-osxkeychain.bin
-rwxr-xr-x  1 lammerj  admin   4.0M May 11 16:35 docker-diagnose
-rwxr-xr-x  1 lammerj  admin    28M May 11 16:35 docker-machine
-rwxr-xr-x  1 lammerj  admin   118B May 11 16:35 notary
-rwxr-xr-x  1 lammerj  admin   8.1M May 11 16:35 notary.bin
[lammerj@osx bin]$

[joris-lammers]

Ok, got it. It's now called com.docker.slirp. Will test.

[joris-lammers]

It is working with the modified vpnkit