tcp: Enable SO_KEEPALIVE if we see keep-alive segments from container / guest

This is an approximation, as enabling SO_KEEPALIVE doesn't mean that
a keep-alive segment will be sent right away, rather that keep-alive
segments will start being sent if the connection is idle.

On the other hand, we don't have direct control over the host-side
TCP, so this is probably the best approximation we can get.

By default, namespaces inherit keep-alive parameters from their parent
namespace, so we can assume that, in case of a container, we'll wait
for the same interval it took for the container to start sending us
keep-alives, effectively doubling that interval.

To keep this simple, set SO_KEEPALIVE whenever we see a keep-alive
segment, instead of tracking its state. Keep-alive segments are
relatively infrequent, so we don't expect any substantial cost from
doing that.

Reported-by: Dominic Kohls <Dominic.Wenzler@rewe-group.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

1 files changed, 4 insertions, 0 deletions

diff --git a/tcp.c b/tcp.c
index b36d1f1..9827302 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1786,6 +1786,10 @@ static int tcp_data_from_tap(const struct ctx *c, struct tcp_tap_conn *conn,
 			tcp_send_flag(c, conn, ACK);
 			tcp_timer_ctl(c, conn);
 
+			if (setsockopt(conn->sock, SOL_SOCKET, SO_KEEPALIVE,
+				       &((int){ 1 }), sizeof(int)))
+				flow_trace(conn, "failed to set SO_KEEPALIVE");
+
 			if (p->count == 1) {
 				tcp_tap_window_update(c, conn,
 						      ntohs(th->window));