-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
disconnect sockets when they're removed #260
base: master
Are you sure you want to change the base?
Conversation
Thanks for your contribution! I am working on refreshing the dependencies of vpnkit to make it easier to compile, but this needs quite few changes to be approved by @djs55 first (who is coming back from PTO next week and who will be able to comment more on your issue). |
Brilliant, thank you! |
@TylerLubeck thanks for taking a look at this! I hadn't considered a possible interaction between the silent filter rule dropping and the connection leak. If the remote machine closes the connection then the socket on the Mac host should enter the CLOSE_WAIT state (as observed) and the call to Mirage_flow.proxy will call There's also a (slightly tacky) background keep-alive thread whose job is supposed to keep prodding the host to make sure the connection still exists but this may not be working. I notice the Port.write function does not update the I'll see if I can add some more debugging information, so we can see more easily what's going on. Thanks for your help so far! |
So, to be honest with you, a lot of what you said is going over my head. I have no particular reason to suspect that it's a bug in the silent filter rule dropping other than that that's the first area I traced it to that looks kinda funny. I'd love to get to a point that I can compile things and try them, but until then I would be more than happy to take any binaries you can produce and test them either myself or with a handful of people I work with that are experiencing the same issue if that's something you'd be up for. |
@TylerLubeck if you do:
that should now work. If not, please report any issue and I will fix it :-) We are still trying to upgrade all the dependencies to the latest version (so the EDIT: replaced |
Hey @samoht, two things came up:
I tried running
I'm happy to get you more logs, move this to a separate issue, or just sit tight until your work over in #262 is done. Just let me know, and thank you for your help so far! |
@TylerLubeck thanks for your patience. It should work better with #266 (and indeed you should be using |
@samoht I still see the
|
Ha I think I found the issue: ocaml/opam-repository@dba6c74 added an upper bound on dns. Fixing that now. |
See #267 for a fix. Don't forget to add a local repo as master is still using a bunch of unreleased packages (hopefully not for long). |
Success! I can now build everything. I'll keep poking around to see if I can track this thing down. Thanks for your help! |
7ca240f
to
a0aa83f
Compare
attempts to fix docker/for-mac/issues/#1374
a0aa83f
to
a39ea09
Compare
I've started having more of a look too. I added this debug patch: djs55@41cdadc which
I've let it time out an ssh connection to the host and the socket is still open after 1.5hrs so far (which seems bad). Out of curiosity I'm going to leave it overnight to see if the connection is still open in the morning. |
That's great, thank you! Another question for y'all - how can I get these custom versions running with Docker for Mac so I can reproduce my test cases? I've been digging through documentation and have tried to replace the binaries with my new compiled ones, but no luck with anything so far. Any suggestions? |
Previously there was no way to locate the connections associated with an endpoint to shut them down. This patch adds a map of TCP `id` to `unit Lwt.u` and a function `Endpoint.destroy` which triggers the disconnection of all the active connections. Related to moby#260 Signed-off-by: David Scott <[email protected]>
@TylerLubeck could you try a binary for me? The CI just built this from #269. If you download and untar the archive, there should be a |
Awesome, thank you. I'll get this distributed out to a few folks I'm working with that are able to reproduce this on a much more regular basis, and we'll monitor for a bit and get you logs as they come up. Thank you so much for digging in to this!!! |
@TylerLubeck have you heard any feedback? I think I'll probably merge the PR in #269 since I think it's good to have anyway, but I'd love to know if it makes a difference to the people suffering from the original problem. |
Previously there was no way to locate the connections associated with an endpoint to shut them down. This patch adds a map of TCP `id` to `unit Lwt.u` and a function `Endpoint.destroy` which triggers the disconnection of all the active connections. Related to moby#260 Signed-off-by: David Scott <[email protected]>
Previously there was no way to locate the connections associated with an endpoint to shut them down. This patch adds a map of TCP `id` to `unit Lwt.u` and a function `Endpoint.destroy` which triggers the disconnection of all the active connections. Related to moby#260 Signed-off-by: David Scott <[email protected]>
Unfortunately I haven't heard much back yet, but I'll bug some folks to get some information |
i'm having this issue as well on |
Hey @djs55, just heard back from some folks and unfortunately this didn't seem to help the problem. That said, we're also not seeing |
any news on that ? I'm still hagin the CLOSE_WAIT and FIN_WAIT_2. I've just tested on 17.10.0-ce-mac36. I've moved back to 17.06 for now where |
I'm having the same case as @sulphur fwiw. Some additional info that may or may not help:
I've got some more detail here: docker/for-mac#1374 (comment) |
Hiya! I've been plagued by docker/for-mac/issues/1374 for a while now, so I wanted to dig in and see if I could do anything about it. I think I might have found a potential fix for it, but here's the kicker: I can not for the life of me figure out how to compile VPNKit, with or without this patch.
So setting aside the "this hasn't been tested because it hasn't been compiled" thing for a minute, would you be up for checking my thought process?
CLOSE_WAIT
stateSo I'm wondering if shutting down that Mirage stack is leaving sockets around that need to be formally closed.
I'm in a bit (a lot) over my head jumping in here so I'd love to treat this PR as a discussion point to see if I can't help track down the cause of docker/for-mac/issues/1374, if that's something that would work for y'all?
Back to the compiling thing:
The instructions in the README for compiling don't seem to quite cover it. The guide here gets me closer, but I still run in to issues. If anybody has steps I can follow to configure ocaml on my Mac and get vpnkit to compile, I'd love to see them! If not, I'll keep chipping away at it and try to submit a different PR with instructions