Closed gitmachtl closed 2 years ago
scarmuega
commented
2 years ago @gitmachtl I'm trying to narrow down the root cause in an upstream repo (pallas).
The DROP is happening after the socket is successfully established? or the tcp connection is never established to begin with?
I ask because there's are several timeouts involved, the initial "connect" timeout and a "read"/"write" timeout once the socket is established.
gitmachtl
commented
2 years ago The connection is established, but after that it is dropped/surpressed so no data is coming thru the connection, but still established. Like:
CNCLI ---> ✔️ HOST1 ---> ✔️ Tunnel/VPN/Proxy ---> ✔️ HOST2 ---> 🚫 Firewall(DROP) ---> CardanoNode
Connection is dropped/blocked at the 🚫 position. So the connection to HOST1 is established and up, but no data is going thru because of a block later on in the path. But even after the block, the connection from CNCLI to the first HOST1 is still up and established. If the connection is "REJECTed" at the 🚫 position, CNCLI recognizes it and exits. Write me a PM if you need a public testhost:port for this scenario.
AndrewWestberg
commented
2 years ago
cncli version 5.0.1
if you do a ping to a destination and that connection is closed via a DROP by a firewall/iptables entry, the given timeout seconds never exits cncli. cncli is stuck and exits at around 60secs.
if a connection is closed via a REJECT, cncli is paniking with the issue https://github.com/cardano-community/cncli/issues/5