New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL connection does not timeout #130

Closed
PriceChild opened this Issue Aug 19, 2014 · 4 comments

Comments

Projects
None yet
3 participants
@PriceChild
Copy link

PriceChild commented Aug 19, 2014

Today my internet provider's upstream misconfigured a router during an upgrade. In short, until they fix it I've needed to set my router's MTU to a lower value.

Incorrect MTU settings have often meant that some connections fail to complete, in my experience this has most often been seen with ssl connections (whether https or irc)

This happenned around 23:10Z and when I reattached my screen around 08:00Z irssi had been attempting to reconnect, but had only tried every couple of hours. As far as I can tell, all of my (re)connect timeouts are set to 5 minutes. Not 2 hours. As per the log below, the connection was listed as (reconnecting) so a /reconnect ALL wouldn't do anything.

After "fixing" the MTU, /disconnect'ing & /reconnect'ing irssi connected fine.
#irssi on freenode suggested < ~dg> Pricey: ah, it's likely the ssl stuff won't have timeouts at that level so here I am...

23:10:40 [freenode] -!- Irssi: No PONG reply from server chat.freenode.net in 301 seconds, disconnecting
23:10:40 -!- Irssi: Connection lost to chat.freenode.net
23:10:41 -!- Irssi: Removed reconnection to server chat.freenode.net port 7000
23:10:41 [freenode] -!- Irssi: Looking up chat.freenode.net
23:11:37 -!- Irssi: Unable to connect server chat.freenode.net port 7000 [Name or service not known]
23:16:37 -!- Irssi: Removed reconnection to server chat.freenode.net port 7000
23:16:37 [freenode] -!- Irssi: Looking up chat.freenode.net
23:17:33 -!- Irssi: Unable to connect server chat.freenode.net port 7000 [Name or service not known]
23:22:33 -!- Irssi: Removed reconnection to server chat.freenode.net port 7000
23:22:33 [freenode] -!- Irssi: Looking up chat.freenode.net
23:22:55 [freenode] -!- Irssi: Reconnecting to chat.freenode.net [2001:708:40:2001:a822:baff:fec4:2428] port 7000 - use /RMRECONNS to abort
Day changed to 19 Aug 2014
01:23:58 -!- Irssi: warning SSL handshake failed: Connection reset by peer
01:23:58 -!- Irssi: Connection lost to chat.freenode.net
01:28:58 -!- Irssi: Removed reconnection to server chat.freenode.net port 7000
01:28:58 [freenode] -!- Irssi: Looking up chat.freenode.net
01:28:58 [freenode] -!- Irssi: Reconnecting to chat.freenode.net [2620:0:861:52:208:80:155:68] port 7000 - use /RMRECONNS to abort
03:29:13 -!- Irssi: warning SSL handshake failed: Connection reset by peer
03:29:13 -!- Irssi: Connection lost to chat.freenode.net
03:34:13 -!- Irssi: Removed reconnection to server chat.freenode.net port 7000
03:34:14 [freenode] -!- Irssi: Looking up chat.freenode.net
03:34:14 [freenode] -!- Irssi: Reconnecting to chat.freenode.net [2001:708:40:2001:a822:baff:fec4:2428] port 7000 - use /RMRECONNS to abort
03:34:54 -!- Irssi: warning SSL handshake failed: server closed connection unexpectedly
03:34:54 -!- Irssi: Connection lost to chat.freenode.net
03:39:54 -!- Irssi: Removed reconnection to server chat.freenode.net port 7000
03:39:54 [freenode] -!- Irssi: Looking up chat.freenode.net
03:39:54 [freenode] -!- Irssi: Reconnecting to chat.freenode.net [2620:0:861:52:208:80:155:68] port 7000 - use /RMRECONNS to abort
05:40:13 -!- Irssi: warning SSL handshake failed: Connection reset by peer
05:40:13 -!- Irssi: Connection lost to chat.freenode.net
05:45:13 -!- Irssi: Removed reconnection to server chat.freenode.net port 7000
05:45:13 [freenode] -!- Irssi: Looking up chat.freenode.net
05:45:13 [freenode] -!- Irssi: Reconnecting to chat.freenode.net [2001:708:40:2001:a822:baff:fec4:2428] port 7000 - use /RMRECONNS to abort
07:45:39 -!- Irssi: warning SSL handshake failed: Connection reset by peer
07:45:39 -!- Irssi: Connection lost to chat.freenode.net
07:50:39 -!- Irssi: Removed reconnection to server chat.freenode.net port 7000
07:50:39 [freenode] -!- Irssi: Looking up chat.freenode.net
07:50:39 [freenode] -!- Irssi: Reconnecting to chat.freenode.net [2a02:2f0c:8000:19:62:231:75:133] port 7000 - use /RMRECONNS to abort
08:11:11 [server]
08:11:11 server_reconnect_time = 5min
08:11:19 [server]
08:11:19 server_reconnect_time = 5min
08:50:26 -!- bitlbee: localhost:6667 (bitlbee)
08:50:26 -!- freenode: chat.freenode.net:7000 (freenode) (connecting...)
09:39:19 [server]
09:39:19 server_connect_timeout = 5min

@ailin-nemui

This comment has been minimized.

Copy link
Contributor

ailin-nemui commented Sep 11, 2017

report by zj1995

irssi 1.0.4 (20170705 1712)

once again irssi failed to reconnect to a server after "SSL read error: Connection reset by peer"

what's strange is that around 15 minutes before the same disconnect occurred and it reconnected within 30 seconds like it should have

it didn't look like a flood occurred, and the network in question only has one server

i've tried reproducing it by forcibly terminating the connection and it seems to reconnect properly every time

it had been disconnected for over 6 hours and i only saw it when i logged onto my shell just now

irssi showed "connecting..." next to the server

so it probably did try to reconnect

it showed connection reset, connection lost, removed reconnection, looking up, and finally "Reconnecting to [...] - use /RMRECONNS to abort"

and then it just stays like that

entering /rmreconns gives no response

@LemonBoy

This comment has been minimized.

Copy link
Member

LemonBoy commented Sep 11, 2017

Here's what I think happens in this case, take it with a grain of salt.

Suppose server_connect_callback_init_ssl calls irssi_ssl_handshake and SSL_ERROR_WANT_READ is returned. We set connect_tag and poll the socket indefinitely because we /hope/ the server will answer anytime soon.
If the server we're talking to is misbehaving then we may never get an answer and we're stuck with the SERVER in lookup_servers since server_connect_callback_init_ssl only removes it when the handshake phase is over and then calls server_connect_finished which in turns adds it to the servers list.
When server_reconnect_timeout kicks in it doesn't reap the connection because it only scans the servers list and not lookup_servers.

@LemonBoy

This comment has been minimized.

Copy link
Member

LemonBoy commented Sep 11, 2017

Ok, we've also got an easy way to test this :) just open nc -l 6666 and /connect -ssl localhost 6666 and you'll see the connection won't drop, confirming my hypothesis.
A quick and dirty patch that adds another time_t timestamp (we should really use a monotonic time source, ugh) to the SERVER and a small piece of code in server_reconnect_timeout to scan lookup_servers shows the desired behaviour, we may want to have yet another timeout option and/or consolidate the timestamps in the server structure.

@ailin-nemui

This comment has been minimized.

Copy link
Contributor

ailin-nemui commented Sep 11, 2017

nice!

ailin-nemui added a commit that referenced this issue Apr 6, 2018

Merge pull request #866 from ailin-nemui/reconnects
This is a simple change which might fix #130

The lookup_servers are also disconnected if the lookup/SSL handshake doesn't succeed in time. I'm not perfectly sure if this is the master fix but it does seem to be an issue that servers can be stuck in lookup, especially for SSL. See the issue for a reproducer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment