Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wget reset https connection when tls response server hello #63

Open
mYu4N opened this issue Jan 10, 2023 · 2 comments
Open

wget reset https connection when tls response server hello #63

mYu4N opened this issue Jan 10, 2023 · 2 comments

Comments

@mYu4N
Copy link

mYu4N commented Jan 10, 2023
edited
Loading

Background:

errorlog ex:

wget https://www.baidu.com

Connecting to www.baidu.com (180.97.34.96:443)
wget: note: TLS certificate validation not implemented
wget: error getting response: Connection reset by peer

Env:

  • busybox image version :latest (2023.1.10 1.36.0)
    wget -v
    wget: invalid option -- 'v'
    BusyBox v1.36.0 (2023-01-03 22:42:57 UTC) multi-call binary.

Issue :

  • in the scenario of https communitation, the wget client sends "finack" and closes the connection before a "server hello" arrives. Refer to the tcpdump traces
    as below
    image

Workaround:

  • Replace image version to 1.34.0, it works
@mYu4N
Copy link
Author

mYu4N commented Jan 11, 2023
edited
Loading

like this issue:
wurstmeister/kafka-docker#487

linuxkit/linuxkit#193

i hope busybox fix it

kstack:
[2023-01-10 17:34:26.893488 ] [4026532314] b'nil' 000000000000 T_ACK,RST:10.246.0.198:60674->59.110.185.4:443 ffff974ef8a31400.0:b'ip_output'
b'ip_output+0x1'
b'__ip_queue_xmit+0x196'
b'__tcp_transmit_skb+0x89b'
b'tcp_send_active_reset+0xf5'
b'tcp_close+0x13d'
b'inet_release+0x42'
b'__sock_release+0x3d'
b'sock_close+0x11'
b'__fput+0x96'
b'task_work_run+0x5c'
b'do_exit+0x228'
b'do_group_exit+0x33'
b'get_signal+0x152'
b'arch_do_signal+0x2a'
b'exit_to_user_mode_loop+0x8d'
b'exit_to_user_mode_prepare+0x6e'
b'irqentry_exit_to_user_mode+0x5'
b'asm_exc_invalid_op+0x12'

@mYu4N
Copy link
Author

mYu4N commented Jan 13, 2023

resvq Accumulation,so,when close socket send reset
1.36.0 busybox ca-cert is wrong

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 1 10.246.0.201:53942 180.97.34.96:443 SYN_SENT 3502234/wget
tcp 0 110 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED -
tcp 0 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget
tcp 5248 0 10.246.0.201:53942 180.97.34.96:443 ESTABLISHED 3502242/wget

ebocchi added a commit to sciencebox/charts that referenced this issue Jan 18, 2023
@ebocchi
cernbox: Use busybox with 'stable' tag for initContainer
8223df7 
We were hit by [this](mirror/busybox#63) using latest
@marevers marevers mentioned this issue Jan 19, 2023
Closed
2 tasks
k8spacket added a commit to k8spacket/k8spacket-helm-chart that referenced this issue Feb 10, 2023
@k8spacket
Fix for busybox wget problem mirror/busybox#63
f8e2b48
k8spacket added a commit to k8spacket/k8spacket-helm-chart that referenced this issue Feb 10, 2023
@k8spacket
Fix for busybox wget problem mirror/busybox#63 (#24)
bcc22da 
Fix for wget problem in busybox: mirror/busybox#63

Additionally fixed: k8spacket/k8spacket#25
@Shuimo03 Shuimo03 mentioned this issue Jul 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mYu4N