Kevin Krakauer
Kevin Krakauer
Just want to check on this and see if there's anything I can do help it along.
Hey, back to see whether there's anything I can do to help here. We're really excited to try this out, benchmark, and see the effects on gVisor networking.
Thanks a TON. Just responded over there, but want to ask about testing here. We'll want to test third party netstacks. I'm thinking that what you're contributing will only be...
I agree that this is likely the syncookie path. Looking at it now, we might not be handling options like MSS correctly.
It seems like the error is accurate: gVisor copies the routes from the network namespace, and it fails if a default route has no gateway. It doesn't know what to...
So IIUC the default gateway-less route is saying "instead of sending default traffic to a gateway, just send it out via this device". We could, I think, support this.
Does the runtime config in `/etc/docker/daemon.json` pass the `--net-raw` flag, e.g: ```json "runsc": { "path": "/usr/bin/runsc", "runtimeArgs": [ "--net-raw" ] }, ``` Raw sockets, which are needed by `iptables-legacy`, are...
Sorry for my lateness, looking now.
I think we'll live with the dependency as-is.
Looking at the pcaps for both runsc and runc, it looks like every packet is repeated. Even the initial SYN shows up twice, and this isn't normal "TCP is trying...