Why is there no tcp_keepalive under LXD?


(John R) #1

I’m getting this in a container (Ubuntu 16.04)

cat /proc/sys/net/ipv4/tcp_keepalive_time
cat: /proc/sys/net/ipv4/tcp_keepalive_time: No such file or directory

Any solution?
LXD v 2.20


(Stéphane Graber) #2

No solution, that'd be a kernel bug, either related to the network namespace or to the user namespace. If it's limited to user namespaces, then making the container privileged (security.privileged=true) may help.

In either case, you could file a kernel bug at https://launchpad.net/ubuntu/+source/linux/+filebug so there's at least a record of this issue.


(Stéphane Graber) #3

Oh and if you do file a bug, please post the link here so others can follow along.


(John R) #4

Wow! I am having fun...
I've reported as you suggest.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1736804


(Christian Brauner) #5

This is fixed upstream. The file appears in user namespaces at least from kernels 4.13 onwards but it must be turned on way earlier.

commit 13b287e8d1cad951634389f85b8c9b816bd3bb1e
Author: Nikolay Borisov kernel@kyup.com
Date: Thu Jan 7 16:38:43 2016 +0200

ipv4: Namespaceify tcp_keepalive_time sysctl knob

Different net namespaces might have different requirements as to
the keepalive time of tcp sockets. This might be required in cases
where different firewall rules are in place which require tcp
timeout sockets to be increased/decreased independently of the host.

Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

(John R) #6

Thanks @brauner

I'm using hosting from Scaleway, and they have brought out a new kernel version
Linux zentyal1 4.14.4-mainline-rev1 #1 SMP Tue Dec 5 13:08:45 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

And I can confirm that its fixed.
Sorry, that I didn't try a different kernel before posting originally - it didn't occur to me that it would be a kernel issue.