3

The goal is to launch the container with specific tcp_timestamps and tcp_sack flags.

This command is working as expected on ubuntu (22.05) and fedora (36) hosts.

docker run --privileged --rm -dt --name ubuntu -p 8080:80 ubuntu /bin/bash -c "sysctl -w net.ipv4.tcp_timestamps=0 && sysctl -w net.ipv4.tcp_sack=0 && sleep 15"

Container shell from a fedora host, where I launched ubuntu container with this command. It worked as expected.

root@3c7583143b0d:/# sysctl -a | grep -E "tcp_timestamps|tcp_sack"
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
root@3c7583143b0d:/#

However on centos (7.9.2009) host it doesn't work for either timestamps or sack. The container exits immediately with error. Container shell shows neither of these are present inside the container.

root@fa306af3eb37:/# sysctl -a | grep -i "timestamp"
net.netfilter.nf_conntrack_timestamp = 0
root@fa306af3eb37:/#

I can apply the changes to both tiemstamps and sack on the centos host but somehow its not exposed to the container.

Any ideas why this wouldn't work just on centos host?

json ilika
  • 31
  • 4

1 Answers1

0

Right, so after more than 12 hours on this I was finally able to figure it out. The behavior was due to the kernel version. I had taken the latest centos 7 iso (July 2022) from official website, it installed kernel v3.10.0. Started with my docker work upon installation and ran in to the issue. Should have taken a break earlier and started with relaxed mind.

Finally decided to upgrade the kernel from 3.10.0 to latest stable version 6.0.2 and that fixed it.

root@71e6bd7e3088:/# sysctl -a | grep -E "tcp_timestamps|tcp_sack"
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
root@71e6bd7e3088:/#
json ilika
  • 31
  • 4