-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable GSO, disable if sending fails for a particular address #4005
Conversation
cc493b8
to
dda9d07
Compare
Codecov Report
@@ Coverage Diff @@
## master #4005 +/- ##
==========================================
+ Coverage 82.94% 83.25% +0.31%
==========================================
Files 147 147
Lines 14781 14800 +19
==========================================
+ Hits 12260 12321 +61
+ Misses 2023 1981 -42
Partials 498 498
|
5b0c2d4
to
8154148
Compare
8154148
to
3a075cd
Compare
@zllovesuki @otbutz @bt90 @kgersen Could you try out this PR, and see if it actually resolves #3911. I'll leave this PR open for a few days, and if it works, I'll ship v0.38 very soon to get GSO support out. |
@marten-seemann negative, testing with this PR in a container on raspberry pi still encounters problems |
@zllovesuki Thanks for testing! Can you provide some more details? What's the error you're getting? |
|
The retry attempt means that it "lost" connectivity with the remotes, and initial request also failed with "Invalid Argument." |
Ok, so it looks like the GSO error detection (in |
same error as before ( (this is @kgersen on my work account) |
(possibly?) related comment from @jwhited |
What OS / kernel version are you using? |
same as before: see #3911 (comment) it's an issue for IPv6 only. |
the pi is running: |
68d3caa
to
9532779
Compare
I added kernel GSO support detection by checking the error return value from |
negative, still getting |
I really don't know what else to do. There's not much more that we can do than checking for kernel support and the specific error. As far as I can tell, our detection logic is equivalent to the one in wireguard: https://github.com/WireGuard/wireguard-go/pull/75/files#diff-2db94c8b4e96b109a13cdbd5b5828184ceeb129ded12b67b7b3d3b22b281287c. |
@zllovesuki I finally got my hands on a Raspberry Pi (Model 4) myself. I can't reproduce the issue though. I can do QUIC downloads from QUIC servers on the internet (using the wlan0 interface), with GSO enabled on the interface. I can also transfer data from the Raspberry Pi to my computer when connected via the ethernet interface. Kernel version seems to be the same: 6.1.21-v8+. Can you please provide more details what exactly you're running on your machine that causes this error? |
@marten-seemann if you want to replicate exactly my environment, install k3s on the raspberry pi, then run the program in deployment |
Both the eth0 and wlan0 are connected, but eth0 is the primary interface. |
I’d like to avoid touching Kubernetes. Could you provide a minimum reproducer for this? It’s probably sufficient to run it in Docker, maybe? |
I mean, I don't know if the k3s distribution does something specific with how it starts a container. You can try running it in docker first and see if you can replicate it |
@zllovesuki What exactly should I run in Docker? |
@marten-seemann try running a docker container/k8s deployment with version: 2
apex: fly.specter.im:443
tunnels:
- target: http:https://127.0.0.1:8080 |
I tried running a QUIC server inside of Docker, and doing QUIC transfers both to the Raspi and to my computer, connected via Ethernet, as well as via WiFi via Tailscale. Everything works as expected. I'm beginning to wonder if there's anything to fix here at all. Maybe @zllovesuki's setup is just so horribly broken that we don't actually need to make any accommodations for it (other than providing a config flag to turn GSO off). Maybe we should just merge this PR as is. @zllovesuki If you want me to continue debugging this, I will need clearer instructions from you. I have no idea how to make sense of your last message. A docker-compose file that does all the setup would be appreciated (no Kubernetes please). Please also include instructions how to exactly hit the endpoint to elicit the error message. |
@marten-seemann OK, I tried to reproduce it on bare raspberry pi, it didn't error, nor in docker, but only inside of k3s/containerd. Let's consider this to be resolved for now, and I will just turn GSO off when running in k3s. |
Can we add the environment variable back to disable GSO if needed? |
Interesting. Does it happen in a bare containerd, without k3s? |
Not sure about how to run it in just containerd. Although docker and k3s both uses containerd underneath. They must have different ways of setting up namespaces or network |
9532779
to
1c078f8
Compare
I re-added the QUIC_GO_DISABLE_GSO env. |
1c078f8
to
85f142a
Compare
85f142a
to
5200f27
Compare
Fixes #3911.