Skip to content

Commit

Permalink
enable --net-disconnect-ok by default
Browse files Browse the repository at this point in the history 
PiperOrigin-RevId: 686286904
  • Loading branch information
@kevinGC @gvisor-bot
kevinGC authored and gvisor-bot committed Oct 16, 2024
1 parent c752d07 commit 291abe6
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
11 changes: 11 additions & 0 deletions pkg/tcpip/transport/tcp/endpoint_state.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,23 @@ import (
"fmt"

"gvisor.dev/gvisor/pkg/atomicbitops"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/sync"
"gvisor.dev/gvisor/pkg/tcpip"
"gvisor.dev/gvisor/pkg/tcpip/header"
"gvisor.dev/gvisor/pkg/tcpip/ports"
"gvisor.dev/gvisor/pkg/tcpip/stack"
)

// logDisconnectOnce ensures we don't spam logs when many connections are terminated.
var logDisconnectOnce sync.Once

func logDisconnect() {
logDisconnectOnce.Do(func() {
log.Infof("One or more TCP connections terminated during save")
})
}

// beforeSave is invoked by stateify.
func (e *Endpoint) beforeSave() {
// Stop incoming packets.
Expand All @@ -44,6 +54,7 @@ func (e *Endpoint) beforeSave() {
Err: fmt.Errorf("endpoint cannot be saved in connected state: local %s:%d, remote %s:%d", e.TransportEndpointInfo.ID.LocalAddress, e.TransportEndpointInfo.ID.LocalPort, e.TransportEndpointInfo.ID.RemoteAddress, e.TransportEndpointInfo.ID.RemotePort),
})
}
logDisconnect()
e.resetConnectionLocked(&tcpip.ErrConnectionAborted{})
e.mu.Unlock()
e.Close()
Expand Down
2 changes: 1 addition & 1 deletion runsc/config/flags.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ func RegisterFlags(flagSet *flag.FlagSet) {
flagSet.Bool("EXPERIMENTAL-xdp-need-wakeup", true, "EXPERIMENTAL. Use XDP_USE_NEED_WAKEUP with XDP sockets.") // TODO(b/240191988): Figure out whether this helps and remove it as a flag.
flagSet.Bool("reproduce-nat", false, "Scrape the host netns NAT table and reproduce it in the sandbox.")
flagSet.Bool("reproduce-nftables", false, "Attempt to scrape and reproduce nftable rules inside the sandbox. Overrides reproduce-nat when true.")
flagSet.Bool("net-disconnect-ok", false, "Indicates whether open network connections and open unix domain sockets should be disconnected upon save.")
flagSet.Bool("net-disconnect-ok", true, "Indicates whether open network connections and open unix domain sockets should be disconnected upon save.")

// Flags that control sandbox runtime behavior: accelerator related.
flagSet.Bool("nvproxy", false, "EXPERIMENTAL: enable support for Nvidia GPUs")
Expand Down

0 comments on commit 291abe6

Please sign in to comment.