Closed thijsvandien closed 6 months ago
Update: I bisected it down to commit 710824c3ce9f8084517e8ab099d57f9060f62061.
/cc @WeidiDeng
Thanks for narrowing that down!
Well, thanks for the easy build process. 👌
I was able to replicate this on a clean Parallels VM (now aarch64
). Here are two interesting finds:
Hence my workaround in production is adding default_bind 127.0.0.1 [::1] <server_ipv4> <server_ipv6>
.
Also confirmed on FreeBSD 13.2, so we can't blame it on 14.0 (which is fairly new).
Actually, that patch is no longer present in the latest version (udp sockets are reused using SO_REUSEADDR
on unix).
That patch does enable more aggressive optimization from quic-go. I guess there is a bug from there.
Can you try using quic-go
directly? Try passing a *net.UDPConn
directly and wrapping it as a generic net.PacketConn
without any more interfaces. I don't own a FreeBSD machine, so I can't debug it furthur.
Since I have zero experience with either Go or (implementing) QUIC, building a custom server isn't a trivial task. Perhaps their example requires minimal changes to test something.
On the other hand, if you need access to a FreeBSD box, that would be less of a problem to provide – it's just a question of where to send the credentials...? It doesn't need a dedicated box however; it's easy to run in a VM.
The problem is, I don't have access to VMs right now. You can send a temporary credentials to my email, or running ttyd with -t enableTrzsz=true
with a limited privileged user so I can upload test quic-go files if you don't mind.
OK, I sent you an email to work out a testing environment.
You two are awesome -- thank you for looking into this :pray: :blush:
I am now experiencing an unexpected consequence of my workaround. Connections to port 80 are refused rather than answered with HTTP 308
. The same happens for both IPv4 and IPv6. Is this a misunderstanding of default_bind
on my part, or should this be considered a separate issue?
Just adding that I'm experiencing this issue as well.
1. Environment
1a. Operating system and version
1b. Caddy version
2. Description
2a. What happens
Using v2.7.6 or e1b9a9d I can't connect with
curl --http3-only --ipv4
(ERR_HANDSHAKE_TIMEOUT
), whereas--ipv6
works as expected. HTTP/3 Check similarly works over IPv6, but not IPv4.When I try v2.6.0, IPv4 starts working for both. Switching back, the results are as they were before.
Running
tcpdump
on the server, with no firewalls active, I seeQUIC Initial
packets but nothing more. There are entries in the console output indicating that they do reach Caddy.2b. Why it's a bug
2c. Log output
In case of failure, repetitions (each with a unique
id
) of:In case of success: