Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Marin Ivanov
    @metala:matrix.org
    [m]
    I've also commented on a similar older issue #5635 and @amscanne is looking into it.
    Bhasker Hariharan
    @hbhasker
    Yea looks like Adin was backfilling releases
    Marin Ivanov
    @metala:matrix.org
    [m]
    :point_up: Edit: There is something wrong with the hashes of runsc. I am looking at more than 5 different hashes. It's a bit worrying. The hash check of the binary from the site also does not match when I run sha512sum -c.
    Richard Stephens
    @richard_st_twitter
    hi. i'm trying to use gvisor with docker, mostly following this guide. when running containers in a custom network, they don't seem to get DNS reslotuion, either for containers running in the same network or to the internet.
    Bhasker Hariharan
    @hbhasker
    could you provide more details on how the containers are connected to the network?
    or maybe open a bug with more details
    Richard Stephens
    @richard_st_twitter
    while writing up the issue i realised that it actually works, but that it doesn't start working immediately
    will still file an issue
    argh, no, scratch that, just realised that test was without the --runtime runsc flag
    Richard Stephens
    @richard_st_twitter
    here you go: google/gvisor#7523
    Bhasker Hariharan
    @hbhasker
    will take a look. Most likely it fails because runsc does not copy over whatever docker is doing to setup DNS for containers (either sticking in a custom /etc/resolv.conf or setting up some custom DNS server reached by remapping 127.0.0.1:53 to a custom docker dns resolver) See: google/gvisor#7469 for a similar bug with docker compose
    alephman9898
    @alephman9898:matrix.org
    [m]
    hey, gvisor has own netstack, but I wonder why don't use LWIP, and is there a comparison for them?
    Richard Stephens
    @richard_st_twitter
    @hbhasker thanks for that. for now i've worked around it by importing my own resolv.conf into the container with 8.8.8.8, and using the ip addresses from docker network inspect for the inter-container communications.
    Bhasker Hariharan
    @hbhasker
    @alephman9898:matrix.org gVisor is a security sandbox and as a result we made an early decision to write it in a memory safe language which means it pretty much ruled out all existing network stacks.
    At this point I would say gvisor Netstack is more mature than LWIP and implements more TCP/UDP features and IP capabilites than LWIP.
    alephman9898
    @alephman9898:matrix.org
    [m]
    is there some docs about gvisor Netstack?
    I haven't find out in https://gvisor.dev/
    how about the performance?
    Bhasker Hariharan
    @hbhasker
    I believe gvisor netstack will perform better under various network condtions. Over a lossless low latency link lwip might work fine. But performanxe is just one aspect and a network stack for gvisor has to do a lot more.
    alephman9898
    @alephman9898:matrix.org
    [m]
    thanks @hbhasker
    Jianfeng Tan
    @tanjianfeng
    At Ant Group, we mainly use gVsior in east-west lossless communication (LB/firewall in responsible for north-south networking). Three year ago, we integrated TLDK into gVisor as we care performance more by sacrificing a little on security; that saves us 2%~8% CPU utils and brings better latency (with a passthrough VF net device).
    Bhasker Hariharan
    @hbhasker
    @tanjianfeng since then gvisor has improved quite a bit. We implemented RACK and socket buffer auto tuning which should help with long fat pipes. Cpu we are working on and i think we will be able reduce cpu usage significantly as the buffer pooling canges land in the next 2-3 months
    1 reply
    neilalexander
    @neilalexander:neilalexander.dev
    [m]
    Is it a known/accepted issue that go test ./... completely fails on the master branch due to all sorts of problems with build tags?
    I have been trying to figure out how to write tests for google/gvisor#7281 but seemingly the tests are broken with native Go tooling and Bazel builds don't work on macOS either
    neilalexander
    @neilalexander:neilalexander.dev
    [m]
    Also FindRoute, constructAndValidateRoute, makeRoute etc in netstack are super confusing and terribly documented, and I am pretty sure it is mixing up route selection and source address selection in ways that it shouldn't be
    Is there someone around who can help me to unpick what all of this is doing?
    Bhasker Hariharan
    @hbhasker
    @neilalexander:neilalexander.dev our build files etc are mostly written assuming a Linux environment. I would suggest you use a Linux VM and not MacOS.
    7 replies
    alephman9898
    @alephman9898:matrix.org
    [m]
    hey, I haven't seen the running queue in sentry kernel
    may I know the reason? thanks
    Bhasker Hariharan
    @hbhasker
    @alephman9898:matrix.org That is because gvisor does not have its own scheduler. It relies on the goruntime scheduler.
    neilalexander
    @neilalexander:neilalexander.dev
    [m]
    (that is, if you want to work with netstack in isolation)
    Adin Scannell
    @amscanne
    Go tooling does not generally work on the master branch, but should work on the go branch as a convenience
    Dan Norris
    @protochron
    hi, it looks like the two last releases (20220510 and 20220502) aren't available in the apt repositories, at least for arm64. The latest release on there is 20220425
    ah, it looks like someone already filed an issue about it google/gvisor#7545. Missed it earlier!
    Adin Scannell
    @amscanne
    Thanks, I missed that issue but will take a look now
    jeyaprabhuj-tts
    @jeyaprabhuj-tts

    Hi

    Can anyone provide details on how marshal and unmarshal code is generated for exchnage between lisaf client and server
    e.g.
    UnmarshalUnsafeMIDSlice

    I have marked them as //+marshall in struct definition like
    // +marshal boundCheck
    type VideoQueryCapResp struct {
    Driver [16]uint8
    Card [32]uint8
    Bus_info [32]uint8
    Version uint32
    Capabilities uint32
    Device_caps uint32
    Reserved [3]uint32
    }
    Ayush Ranjan
    @ayushr2
    Apart from marking the structs with the +marshal directive, you also need to set the marshal = True property on the library in the BUILD file: https://cs.opensource.google/gvisor/gvisor/+/master:pkg/lisafs/BUILD;l=100;drc=d5002c6adc315bb0efa958917e6b2fb13c8a434f
    So that the go_marshal code generator gets triggered to parse your code.
    jeyaprabhuj-tts
    @jeyaprabhuj-tts
    Thanks @ayushr2 marshall= True is already added. Let me have a look at gvisor marshal link .
    @ayushr2 Is it enough to define String() method and assume go_marshall will provide default implementation for MarshalBytes and CheckedUnmarshal etc ?
    Ayush Ranjan
    @ayushr2
    Well you don't even need the String() method. String() is not part of the marshal.Marshallable interface.
    go_marshal should just generate everything for you.
    Unless you specify +marshal dynamic: see "Working with dynamically sized structs" in https://cs.opensource.google/gvisor/gvisor/+/master:tools/go_marshal/README.md
    jeyaprabhuj-tts
    @jeyaprabhuj-tts
    @ayushr2 Now i am able to retrieve and share video query capabilites of webcam inside sentry (btw lisafs client and server)
    Thanks
    Ayush Ranjan
    @ayushr2
    Great