guestagent: ticker: watch sys_exit_bind with eBPF #4066
Conversation
|
Does this work for UDP as well ?? |
|
I don't have time to test right now, but I think this will not trigger when the port is closed, right? One common problem with our polling is that test suites create a container with exposed ports, and after stopping the container create another one again in the next test that exposes the same ports. Due to the 3 second polling the old forwards may not have been removed yet, blocking the new container from exposing the same ports again. Maybe there is another trace point to also kick the ticker, like |
Yes
Seems too frequent
Doesn't seem to exist in |
The event watcher is now triggered immediately on `sys_exit_bind`, not waiting for the next 3-second tick. This commit resolves the long-standing TODO since the initial commit: https://github.com/lima-vm/lima/blob/7459f4587987ed014c372f17b82de1817feffa2e/cmd/lima-guestagent/daemon_linux.go#L57-L63 Close PR 3067, 3766, 4021 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
bd686c7 to
4962543
Compare
How does this happen? The guest kernel isn't aware of the usage of the host port, so it doesn't block |
I guess the issue used to be that the test would connect to the dangling port on the host. So maybe just looking for bind events is enough; will need to write a test to verify. |
It verifies that when a container is destroyed, its ports can be reused immediately and are not subject to being freed by a polling loop. See lima-vm#4066. Signed-off-by: Jan Dubois <jan.dubois@suse.com>
There was a problem hiding this comment.
I haven't reviewed the code (@balajiv113 seems to have done so already), but I wrote a test (#4077) to verify it works properly, which is seems to do.
This seems like the most straightforward fix to the issue!
It verifies that when a container is destroyed, its ports can be reused immediately and are not subject to being freed by a polling loop. See lima-vm#4066. Signed-off-by: Jan Dubois <jan.dubois@suse.com>
|
After this is merged, the CPU utilization rate of 
I confirmed that it will be resolved with reverted. |
It verifies that when a container is destroyed, its ports can be reused immediately and are not subject to being freed by a polling loop. See lima-vm#4066. Signed-off-by: Jan Dubois <jan.dubois@suse.com>
The event watcher is now triggered immediately on
sys_exit_bind, not waiting for the next 3-second tick.This commit resolves the long-standing TODO since the initial commit:
lima/cmd/lima-guestagent/daemon_linux.go
Lines 57 to 63 in 7459f45
Close #3067
Close #3766
Close #4021