We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
moby
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Setup TCP keep-alive on hijacked HTTP(S) client <--> daemon sessions
Fixes #10387

Without TCP keep-alive set on socket connections to the daemon, any
long-running container with std{out,err,in} attached that doesn't
read/write for a minute or longer will end in ECONNTIMEDOUT (depending
on network settings/OS defaults, etc.), leaving the docker client side
believing it is still waiting on data with no actual underlying socket
connection.

This patch turns on TCP keep-alive for the underlying TCP connection
for both TLS and standard HTTP hijacked daemon connections from the
docker client, with a keep-alive timeout of 30 seconds.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>

Phil Estes 10 anni fa
parent
d400ac756c
commit
f73a6b3845
1 ha cambiato i file con 18 aggiunte e 0 eliminazioni
Visualizzazione unificata Mostra Diff Stats
  1. 18 0
      api/client/hijack.go

+ 18 - 0
api/client/hijack.go
Vedi File 

@@ -72,6 +72,15 @@ func tlsDialWithDialer(dialer *net.Dialer, network, addr string, config *tls.Con
 
 	if err != nil {
 
 	if err != nil {
 
 		return nil, err
 
 		return nil, err
 
 	}
 
 	}
 
+	// When we set up a TCP connection for hijack, there could be long periods
 
+	// of inactivity (a long running command with no output) that in certain
 
+	// network setups may cause ECONNTIMEOUT, leaving the client in an unknown
 
+	// state. Setting TCP KeepAlive on the socket connection will prohibit
 
+	// ECONNTIMEOUT unless the socket connection truly is broken
 
+	if tcpConn, ok := rawConn.(*net.TCPConn); ok {
 
+		tcpConn.SetKeepAlive(true)
 
+		tcpConn.SetKeepAlivePeriod(30 * time.Second)
 
+	}
 
 
 
 	colonPos := strings.LastIndex(addr, ":")
 
 	colonPos := strings.LastIndex(addr, ":")
 
 	if colonPos == -1 {
 
 	if colonPos == -1 {
 
@@ -140,6 +149,15 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 
 	req.Host = cli.addr
 
 	req.Host = cli.addr
 
 
 
 	dial, err := cli.dial()
 
 	dial, err := cli.dial()
 
+	// When we set up a TCP connection for hijack, there could be long periods
 
+	// of inactivity (a long running command with no output) that in certain
 
+	// network setups may cause ECONNTIMEOUT, leaving the client in an unknown
 
+	// state. Setting TCP KeepAlive on the socket connection will prohibit
 
+	// ECONNTIMEOUT unless the socket connection truly is broken
 
+	if tcpConn, ok := dial.(*net.TCPConn); ok {
 
+		tcpConn.SetKeepAlive(true)
 
+		tcpConn.SetKeepAlivePeriod(30 * time.Second)
 
+	}
 
 	if err != nil {
 
 	if err != nil {
 
 		if strings.Contains(err.Error(), "connection refused") {
 
 		if strings.Contains(err.Error(), "connection refused") {
 
 			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
 
 			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5