search

AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home.html
GNU General Public License v3.0
25.44k stars 1.83k forks source link

"failed to sufficiently increase send buffer size" log error even though UDP buffer size was increased to ~2.5MB in /etc/sysctl.conf #5903

Open kosmonot opened 1 year ago

kosmonot commented 1 year ago

Prerequisites

Operating system type

Linux, Other (please mention the version in the description)

CPU architecture

x86

Installation

GitHub releases or script from README

Setup

On a router, DHCP is handled by the router

AdGuard Home version

v0.107.31

Description

What did you do?

Upgraded container to v.107.31 (this started happening at the prior version v0.107.30). It does not happen in v0.107.29.

I had edited my /etc/sysctl.conf to add the line net.core.rmem_max=2500000 to allocate ~2.5MB of buffer

Expected result

No failed to sufficiently increase send buffer size error

Actual result

failed to sufficiently increase send buffer size error

Additional information

This started happening on all my adguardhome instances:

Rolling back to v0.107.29 fixes the issue

kosmonot commented 1 year ago

This is the full error message I receive on all my instances after upgrading to v0.107.30 . Still happening in v0.107.31 .

failed to sufficiently increase send buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details.

ainar-g commented 1 year ago

Is AdGuard Home running in a container or on the host system itself? Because in your issue template you've written that you've used the installation script as opposed to selecting the “Docker” option. If it's in a Docker container, there are known Docker issues with sysctl, and resolving those requires running the container in a more privileged manner.

siaush commented 1 year ago

I run AGH in Docker containers and I have set net.core.rmem_max=2500000 in the Docker host's /etc/sysctl.conf to mitigate the inability to change kernel sysctls from inside a Docker container.

This was working up until v0.107.29, and stopped working on v0.107.31, along with the other issue I reported on another post (#5902).

Currently I have one AGH container running v0.107.29 (to test out rolling back AGH version for #5902) and another one running the v0.107.31 and just upgraded to v0.107.32.

The one on v0.107.29 is running without UDP buffer complains, while the one on v0.107.32 is throwing the following message in the log: 

failed to sufficiently increase send buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details.
timkgh commented 1 year ago

Does this setting really matter for DNS queries over http/3? I can see how in general it's important for http/3 connections that move a lot of data, but DNS queries should be very small. Maybe it is important for AGH servers that see a lot of traffic and not an issue in a home setup.

kosmonot commented 1 year ago

Is AdGuard Home running in a container or on the host system itself? Because in your issue template you've written that you've used the installation script as opposed to selecting the “Docker” option. If it's in a Docker container, there are known Docker issues with sysctl, and resolving those requires running the container in a more privileged manner.

Apologies, I am running in a docker container using a standard AGH docker compose stack.

Unrepentant-Atheist commented 1 year ago

Same problem here...

Just using 

---
version: "2"
services:
  adguardhome:
    image: adguard/adguardhome
    container_name: adguardhome
    hostname: adguardhome
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 784:784/udp
      - 853:853/tcp
      - 3000:3000/tcp
      - 80:80/tcp
      - 443:443/tcp
    network_mode: "host"
    restart: unless-stopped
    #healthcheck:
      #test: wget --no-verbose --tries=1 --spider http://localhost || exit 1
      #interval: 120s
      #retries: 5
      #start_period: 20s
      #timeout: 10s
    labels:
      - deunhealth.restart.on.unhealthy=true
    volumes:
      - /volume1/docker/adguardhome/work:/opt/adguardhome/work
      - /volume1/docker/adguardhome/conf:/opt/adguardhome/conf
otbutz commented 1 year ago

Add the NET_ADMIN capability to your container and things should work, as quic-go is using SO_RCVBUFFORCE / SO_SNDBUFFORCE as of v0.35.0

version: "2"
services:
  adguardhome:
    image: adguard/adguardhome
    container_name: adguardhome
    hostname: adguardhome
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 784:784/udp
      - 853:853/tcp
      - 3000:3000/tcp
      - 80:80/tcp
      - 443:443/tcp
    network_mode: "host"
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    #healthcheck:
      #test: wget --no-verbose --tries=1 --spider http://localhost || exit 1
      #interval: 120s
      #retries: 5
      #start_period: 20s
      #timeout: 10s
    labels:
      - deunhealth.restart.on.unhealthy=true
    volumes:
      - /volume1/docker/adguardhome/work:/opt/adguardhome/work
      - /volume1/docker/adguardhome/conf:/opt/adguardhome/conf
BobWs commented 1 year ago

I had the same "problem" error message with Adguard in Docker on a macvlan network, but after adding NET_ADMIN to my docker-compose.yml as @otbutz suggested the error message is gone! Thanks!

kosmonot commented 1 year ago

This works great, thanks so much!

imTHAI commented 1 year ago

Hello,

I have the same problem. I run AGH in a docker container under unRAID.

I tried running the container with the NET_ADMIN capabilities.

My host has :

net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

Those parameters are unknown for the sysctl inside the container.

# sysctl -a | grep net.core.rmem
#

I get the error message with a dns-over-quic query, but I get an answer:

./dnslookup example.com quic://my.dns.server.address
dnslookup v1.10.0
2023/10/29 15:23:01 failed to sufficiently increase send buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
Server: quic://my.dns.server.address

dnslookup result (elapsed 43.258684ms):
;; opcode: QUERY, status: NOERROR, id: 26316
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.   IN   A

;; ANSWER SECTION:
example.com.    86400   IN  A   93.184.216.34

But I also get the error with a http/3 query and it ends with a time out:

$ ./dnslookup example.com h3://my.dns.server.address/dns-query
dnslookup v1.10.0
2023/10/29 15:29:42 failed to sufficiently increase send buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
2023/10/29 15:29:47 [fatal] Cannot make the DNS request: requesting https://my.dns.server.address:443/dns-query: Get_0rtt "https://my.dns.server.address:443/dns-query?dns=AAABAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE": timeout: no recent network activity

No error with https queries (or tls)