Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

问题:wsl2中goproxy.cn基本不可用,过一段时间就会connection reset by peer #146

Closed
wxybear opened this issue Jul 14, 2022 · 5 comments
Closed

问题:wsl2中goproxy.cn基本不可用,过一段时间就会connection reset by peer #146

wxybear opened this issue Jul 14, 2022 · 5 comments

Comments

@wxybear
Copy link

wxybear commented Jul 14, 2022

目前差不多把之前的issue看了没有相同的场景,希望能探讨下

当你执行 go version 命令后的输出结果是什么?

$ go version
go version go1.16.9 linux/amd64

当你执行 go env 命令后的输出结果是什么?

GO111MODULE="on"
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/xx/.cache/go-build"
GOENV="/home/xx/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/xx/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/xx/go"
GOPRIVATE=""
GOPROXY="https://goproxy.cn,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.16.9"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2750135551

你做了什么?

下面是我排查的所有过程

dns 没问题

dig goproxy.cn

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> goproxy.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40509
;; flags: qr rd ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;goproxy.cn.                    IN      A

;; ANSWER SECTION:
goproxy.cn.             0       IN      CNAME   goproxy.cn.qiniudns.com.
goproxy.cn.qiniudns.com. 0      IN      CNAME   chinadownload89.china.line.qiniudns.com.
chinadownload89.china.line.qiniudns.com. 0 IN CNAME qiniuopencdn.jomodns.com.
qiniuopencdn.jomodns.com. 0     IN      A       112.240.62.41

;; Query time: 1 msec
;; SERVER: 172.28.64.1#53(172.28.64.1)
;; WHEN: Fri Jul 15 00:53:46 CST 2022
;; MSG SIZE  rcvd: 268

Go mod tidy会有问题

github.com/pingcap/tidb/br/pkg/storage imports
        cloud.google.com/go/storage tested by
        cloud.google.com/go/storage.test imports
        cloud.google.com/go/httpreplay imports
        cloud.google.com/go/httpreplay/internal/proxy imports
        github.com/google/martian/v3/mitm: github.com/google/[email protected]+incompatible: Get "https://goproxy.cn/github.com/google/martian/@v/v2.1.0+incompatible.zip": read tcp 172.28.70.211:49992->112.240.62.41:443: read: connection reset by peer
github.com/pingcap/tidb/br/pkg/mock imports
        github.com/tikv/client-go/v2/testutils imports
        github.com/tikv/client-go/v2/internal/mockstore/mocktikv imports
        github.com/pingcap/goleveldb/leveldb tested by
        github.com/pingcap/goleveldb/leveldb.test imports
        github.com/pingcap/goleveldb/leveldb/testutil imports
        github.com/onsi/ginkgo/config: github.com/onsi/[email protected]: Get "https://goproxy.cn/github.com/onsi/ginkgo/@v/v1.13.0.zip": read tcp 172.28.70.211:49984->112.240.62.41:443: read: connection reset by peer

wsl2测速

$ python3 speedtest.py
Retrieving speedtest.net configuration...
Testing from China Unicom (114.249.133.120)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by China Unicom FuJian (Fuzhou) [1563.96 km]: 59.872 ms
Testing download speed................................................................................
Download: 25.75 Mbit/s
Testing upload speed......................................................................................................
Upload: 39.20 Mbit/s

测试下载文件也可以

$ wget https://golang.google.cn/dl/go1.18.4.linux-amd64.tar.gz
Will not apply HSTS. The HSTS database must be a regular and non-world-writable file.
ERROR: could not open HSTS store at '/home/wangxingyu/.wget-hsts'. HSTS will be disabled.
--2022-07-15 00:35:02--  https://golang.google.cn/dl/go1.18.4.linux-amd64.tar.gz
Resolving golang.google.cn (golang.google.cn)... 114.250.65.34
Connecting to golang.google.cn (golang.google.cn)|114.250.65.34|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://dl.google.com/go/go1.18.4.linux-amd64.tar.gz [following]
--2022-07-15 00:35:02--  https://dl.google.com/go/go1.18.4.linux-amd64.tar.gz
Resolving dl.google.com (dl.google.com)... 114.250.66.33
Connecting to dl.google.com (dl.google.com)|114.250.66.33|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 141812725 (135M) [application/x-gzip]
Saving to: ‘go1.18.4.linux-amd64.tar.gz’

go1.18.4.linux-amd64.tar.gz                                              100%[================================================================================================================================================================================>] 135.24M  48.3MB/s    in 2.8s    

2022-07-15 00:35:05 (48.3 MB/s) - ‘go1.18.4.linux-amd64.tar.gz’ saved [141812725/141812725]

下载goproxy.cn的文件

以这个为例 https://goproxy.cn/github.com/%21roaring%21bitmap/roaring/@v/v1.2.1.zip

  • 宿主机chrome秒下
  • 宿主机windows powershell
Invoke-WebRequest -UseBasicParsing -Uri "https://goproxy.cn/github.com/%21roaring%21bitmap/roaring/@v/v
1.2.1.zip" `
>> -WebSession $session `
>> -Headers @{
>> "authority"="goproxy.cn"
>>   "method"="GET"
>>   "path"="/github.com/%21roaring%21bitmap/roaring/@v/v1.2.1.zip"
>>   "scheme"="https"
>>   "accept"="text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/sig
ned-exchange;v=b3;q=0.9"
>>   "accept-encoding"="gzip, deflate, br"
>>   "accept-language"="zh-CN,zh;q=0.9"
>>   "sec-ch-ua"="`".Not/A)Brand`";v=`"99`", `"Google Chrome`";v=`"103`", `"Chromium`";v=`"103`""
>>   "sec-ch-ua-mobile"="?0"
>>   "sec-ch-ua-platform"="`"Windows`""
>>   "sec-fetch-dest"="document"
>>   "sec-fetch-mode"="navigate"
>>   "sec-fetch-site"="none"
>>   "sec-fetch-user"="?1"
>>   "upgrade-insecure-requests"="1"
>> };


StatusCode        : 200
StatusDescription : OK
Content           : {80, 75, 3, 4...}
RawContent        : HTTP/1.1 200 OK
                    Connection: keep-alive
                    Age: 28432
                    Content-Transfer-Encoding: binary
                    Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
                    X-Reqid: nXgAAAABZBOCqv0W
                    x-amz-requ...
Headers           : {[Connection, keep-alive], [Age, 28432], [Content-Transfer-Encoding, binary], [Vary, Origin,Access-Control
                    -Request-Method,Access-Control-Request-Headers]...}
RawContentLength  : 141637971
  • wsl2中不行
curl 'https://goproxy.cn/github.com/%21roaring%21bitmap/roaring/@v/v1.2.1.zip' \
  -H 'authority: goproxy.cn' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicati
on/signed-exchange;v=b3;q=0.9' \
  -H 'accept-language: zh-CN,zh;q=0.9' \
  -H 'sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: none' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safa
ri/537.36' \
  --compressed \
--output a.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:12 --:--:--     0

其他

  • 防火墙全部关掉
  • 没开代理,也没设置http_proxy

你期望看到的结果是什么?

goproxy正常

你实际看到的结果是什么?

超时导致connection reset by peer

希望有遇到类似问题的可以指教下,感谢
@aofei
Copy link
Member

aofei commented Jul 15, 2022

这看起来似乎是一个本地的网络问题。麻烦执行一下 curl -iv https://goproxy.cn/github.com/%21roaring%21bitmap/roaring/@v/v1.2.1.zip 并提供出输出结果。

@wxybear
Copy link
Author

wxybear commented Jul 15, 2022

感谢!下面是执行过程

curl -iv https://goproxy.cn/github.com/%21roaring%21bitmap/roaring/@v/v1.2.1.zip

  • Trying 112.240.62.41...
  • TCP_NODELAY set
  • Connected to goproxy.cn (112.240.62.41) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Unknown (8):
  • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=*.goproxy.cn
  • start date: Aug 2 00:00:00 2021 GMT
  • expire date: Aug 26 23:59:59 2022 GMT
  • subjectAltName: host "goproxy.cn" matched cert's "goproxy.cn"
  • issuer: C=CN; O=TrustAsia Technologies, Inc.; OU=Domain Validated SSL; CN=TrustAsia TLS RSA CA
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):
  • Using Stream ID: 1 (easy handle 0x5621d14d1580)
  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):

GET /github.com/%21roaring%21bitmap/roaring/@v/v1.2.1.zip HTTP/2
Host: goproxy.cn
User-Agent: curl/7.58.0
Accept: /

  • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

  • TLSv1.3 (IN), TLS Unknown, Certificate Status (22):

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

  • TLSv1.3 (IN), TLS Unknown, Unknown (23):

  • Connection state changed (MAX_CONCURRENT_STREAMS updated)!

  • TLSv1.3 (OUT), TLS Unknown, Unknown (23):

  • TLSv1.3 (IN), TLS Unknown, Unknown (23):

  • OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104

  • Failed receiving HTTP2 data

  • Connection #0 to host goproxy.cn left intact
    curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104

@aofei
Copy link
Member

aofei commented Jul 15, 2022

麻烦执行一下 curl -iv --resolve goproxy.cn:443:116.0.89.226 https://goproxy.cn/github.com/%21roaring%21bitmap/roaring/@v/v1.2.1.zip 并贴出输出结果。这条命令的区别是强制让 curl 使用我们的 CDN 香港节点(116.0.89.226),这么做的目的是为了验证是否是节点问题。

此外,我刚自己在本地有尝试过你拿到的这个 CDN 节点(112.240.62.41),一切正常。

@wxybear
Copy link
Author

wxybear commented Jul 16, 2022

输出如下:

  • Added goproxy.cn:443:116.0.89.226 to DNS cache
  • Hostname goproxy.cn was found in DNS cache
  • Trying 116.0.89.226...
  • TCP_NODELAY set
  • Connected to goproxy.cn (116.0.89.226) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to goproxy.cn:443
  • stopped the pause stream!
  • Closing connection 0
    curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to goproxy.cn:443

@wxybear
Copy link
Author

wxybear commented Jul 18, 2022
edited
Loading

update:
问题解决了
调试过程:

  1. 升级curl到7.58版本,curl可以了,不过tls还是会报unknown
  2. wget initial TLS花了很长时间,下载速度几k或者完全没有
  3. go mod download xxx 报TLS handshake timeout

搜了下TLS handshake timeout 关键词搜出microsoft/WSL#4698
这个之前就搜到过,不过太长了没看下去,总结下原因是WSL的MTU大于宿主机的MTU,导致TLS编解码有问题(不是所有网站都不可以),我的是1500/1420
sudo ip link set dev eth0 mtu 1420
修改下可以了

@wxybear wxybear closed this as completed Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aofei @wxybear