-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some Kernels have broken SO_REUSEPORT handling #126
Comments
This comment has been minimized.
This comment has been minimized.
Could u say something what happens with old kernels? I updated the version to 19.07.4 with 4.14.180 or 4.19.X kernel. |
Clients were unable to reliably connect with broken kernels, so we saw many connection timeouts or other disconnects in the logs. Also see #129. You should also see warnings specifically pointing out that the kernel is likely buggy. Maybe Ubuntu backported the problematic patches, who knows. (I assume you are using Ubuntu? You didn't state the distro you are using.) |
OpenWrt. Thanks I will have a look at the log. |
This issue is about the tunneldigger broker. Are you really running that server-side component on OpenWrt? |
No. :O Sry, than everytihng is fine. :D |
… bei alten Kernelversionen siehe wlanslovenija/tunneldigger#126
… bei alten Kerneln siehe wlanslovenija/tunneldigger#126
Would using While implementing L2TP support for fastd (still work in progress), I noticed another advantage of With |
I have to admit I am out of my league here; the differences between these flags are beyond my experience in this space. @kaechele did the implementation with SO_REUSEPORT, he might be able to comment. Other than that, if someone writes a PR that switches to SO_REUSEADDR, I'd be willing to test that on our servers and merge it if it works. |
I initially implemented this using I don't know if I have an immediate need to switch the current implementation over to |
This is correct. If running on the same machine as untrusted users, only using low ports for L2TP would mitigate the issue. |
So, we (freifunk berlin) have been trying to use the NAT-removed version and have run into some strange issues. It seems like if an in-between router which is also doing NAT (perhaps with an older kernel) then the post-NAT-removal doesn't work and the tunnels time out. It's stange because it works for some people, and not for others. And the only difference we can find is in the router in-between. For example, it works with a recent openwrt image just fine, but with a fritz 7590 with firware 7.50 it doesn't We have reverted to 7c467e6 |
Sounds like an issue unrelated to this Kernel bug, possibly in the NAT implementation of the faulty routers. |
Newer versions of the Tunneldigger broker use
SO_REUSEPORT
to process multiple tunnels on one single port. In the past Tunneldigger used a NAT-based workaround to make this work. To simplify the code and remove unnecessary dependencies this workaround was removed.Unfortunately there are several kernel bugs that prevent
SO_REUSEPORT
for UDP sockets from working properly, that are only fixed in fairly recent kernels.This means that the change in conjunction with the bug has some peculiar implications for which Kernel versions can be used for brokers. (Tunneldigger clients are unaffected by all of this.)
Kernel versions 5.10.152 and newer exhibit the correct behaviour and should work.
You have probably landed here because you still use an older Linux distribution or haven't updated to a working Kernel version. If you are experiencing this issue you have two options:
Kernel fixes
For the curious among you, the two fixes that are needed are:
69421bf98482d089e50799f45e48b25ce4a8d154
below)The text was updated successfully, but these errors were encountered: