-
Notifications
You must be signed in to change notification settings - Fork 18k
net: FreeBSD build failed with net.inet.tcp.blackhole=2 #28883
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
CC @mikioh Errors in net package are:
|
Why do you want that setting? It's not clear to me that this is fixable. The tests expect TCP to behave normally, which I think is reasonable. Note that the installed Go toolchain will still work, even though these tests failed. |
Hi, this is recommended setting for server security. Yes i have the error while build golang and golang can build without this setting but if you inspect the error you can see deadline errors, my main problem is deadline errors. |
Hi @ianlancetaylor, error is not limited to net package, if you scroll down the file attached you can see runtime error like --- FAIL: TestNetpollDeadlock (60.01s)
FAIL |
My assumption is that if we fix this in the net package, somehow, then all the other problems will be fixed. In any case the net package seems like the place to start. I haven't looked but I would guess that the tests are reporting deadline errors because when one end of the socket is closed, the other end is not being closed as expected. That seems an inevitable consequence of setting this kernel parameter. Do you have any suggestion for what we could do to change this? |
@ianlancetaylor No i haven't any suggestion, you are the master. |
The blackhole setting will disable the kernel from replying with RST packets on SYN requests (if the sysctl is set to 1) or for any packet (if sysctl is set to 2) arriving on a closed port. Maybe unrelated but is |
a few additional data points:
These are errors from the server listener handling a client connection doing io.Copy: // The server, with no timeouts of its own,
// sending bytes to clients as fast as it can.
go func() {
t0 := time.Now()
n, err := io.Copy(c, neverEnding('a'))
dt := time.Since(t0)
c.Close()
pasvch <- result{n, err, dt}
}() The I'm not sure what is causing the |
"connection reset by peer" means that the TCP connection received a RST packet. The definition of blackhole=2 is reported to be "Do not send RST on segments to closed ports." So the connection seems clear. |
As @ianlancetaylor described above, the test case TestVariousDeadlines does a cheat, I mean, using TCP in-band signaling (TCP RST segment exchange) to wait for the server goroutine shutdown, to break the continuous data transfer on a passive-open connection at the server goroutine side. So a fix would be just making an out-of-band signaling but If someone wants a temporally fix for Go 1,12, please replace "tcp" with "unix" in testVariousDeadlines and keep this issue open. Will fix this with other test case issues in Go 1.13. Not sure about TestNetpollDeadlock but perhaps it might also rely on the in-band signaling of the underlying connection during the connection setup phase. It's probably hard to fix and it should be another issue, another way to fix the flakiness. |
PS: This is not a FreeBSD-specific issue. It`s pretty easy to reproduce this on Linux with funny configuration for netfilter and conntrack, PF on OpenBSD, etc. |
Change https://golang.org/cl/150618 mentions this issue: |
Just to clarify the above point. https://www.freebsd.org/cgi/man.cgi?query=blackhole
I don't think either of the two sides is considered a "port where there is no socket accepting connections", the server is in LISTENING state, while the client after closing it's side of the socket is in the 'CLOSING' state. Update:
These are the server(listener) goroutines keeping hammering at the closed client. |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
i want to build golang (master) from source
i follow the instructions from https://golang.org/doc/install/source
% git rev-parse --short HEAD
90777a3
What did you expect to see?
ALL TESTS PASSED
What did you see instead?
Failed: exit status 1
With default net.inet.tcp.blackhole=0 setting its compiled successfully
but with
sudo sysctl net.inet.tcp.blackhole=2
failed with errors as attached
net.inet.tcp.blackhole: Do not send RST on segments to closed ports
i test build with FreeBSD 11.2 amd64 and FreeBSD 12.0-RC1 amd64 with same results
Thanks.
go_build.txt
The text was updated successfully, but these errors were encountered: