-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GCM diagnose partially fails with System.Net.Http.HttpRequestException
#1215
Comments
Thanks for opennning the issue @joe733.
The exception is being thrown after we try a simple curl --head 'http://example.com' Example output: % curl --head 'http://example.com'
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 388970
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Mon, 24 Apr 2023 15:52:51 GMT
Etag: "3147526947"
Expires: Mon, 01 May 2023 15:52:51 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (sec/96ED)
X-Cache: HIT
Content-Length: 648 |
$ curl --head "http://example.com"
curl: (56) Recv failure: Connection reset by peer whereas $ curl --head "https://example.com"
HTTP/2 200
accept-ranges: bytes
age: 599256
cache-control: max-age=604800
content-type: text/html; charset=UTF-8
date: Mon, 24 Apr 2023 16:09:04 GMT
etag: "3147526947"
expires: Mon, 01 May 2023 16:09:04 GMT
last-modified: Thu, 17 Oct 2019 07:18:26 GMT
server: ECS (oxr/8310)
x-cache: HIT
content-length: 1256 Can't reach over |
What happens if you try to visit |
It's unreachable.
No I do not think so.
$ curl --head "http://httpforever.com"
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 25 Apr 2023 01:34:00 GMT
Content-Type: text/html
Content-Length: 5124
Last-Modified: Wed, 22 Mar 2023 14:54:48 GMT
Connection: keep-alive
ETag: "641b16b8-1404"
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Content-Security-Policy: default-src 'self'; script-src cdnjs.cloudflare.com 'self'; style-src cdnjs.cloudflare.com 'self' fonts.googleapis.com 'unsafe-inline'; font-src fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; frame-ancestors 'none'; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce
Accept-Ranges: bytes |
Interesting. GCM uses I'm interested as to why
% nslookup example.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
% curl --http1.1 -I -H 'Host: example.com' 'http://93.184.216.34'
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 484610
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 18:26:51 GMT
Etag: "3147526947"
Expires: Tue, 02 May 2023 18:26:51 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (sec/96ED)
X-Cache: HIT
Content-Length: 648 |
$ lsof -i -P -n | grep LISTEN
# adb, vscode and pantsd did listen, but I've killed them all
$ nslookup example.com
Server: 9.9.9.9
Address: 9.9.9.9#53
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
Name: example.com
Address: 2606:2800:220:1:248:1893:25c8:1946
$ curl --http1.1 -I -H 'Host: example.com' 'http://93.184.216.34'
curl: (56) Recv failure: Connection reset by peer
404 on IPv4, Unreachable on IPv6 |
The fact that |
I've a suggestion, GCM can attempt more than one site for network check.
I'd recommend the FOSS one at $ curl --head "http://http.badssl.com"
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 02 May 2023 04:46:04 GMT
Content-Type: text/html
Content-Length: 483
Last-Modified: Mon, 24 Apr 2023 00:02:00 GMT
Connection: keep-alive
ETag: "6445c6f8-1e3"
Cache-Control: no-store
Accept-Ranges: bytes From superuser/q#1213116 there are plenty of other HTTP sites that GCM can use for testing network. |
I'll re-open this. I'm open to changing to http://httpforever.com/ since multiple users are running into it. |
@ldennington, any objections to use multiple URLs, and preferably FOSS http://http.badssl.com? |
@joe733 - I'm curious what the advantage is of using multiple URLs? I'm also unsure of purposefully putting something titled |
You'll have a fallback mechanism which would trigger, if the primary network check fails due reasons including, but not limited, to ISP / region wide blocking / inaccessibility.
That is a just concern. So you can have this URL ( The reason for not going for non-FOSS URLs is, you won't know when they'll be taken down. With |
We (the maintainers) discussed this and have decided on the following:
|
Currently, failure to access http://example.com causes failure of the Networking Diagnostic portion of the `diagnose` command. To improve the experience for users who are unable to access http://example.com, this change: 1. Adds a fallback URI - if accessing http://example.com throws an exception, we now try http://httpforever.com. 2. Prints a warning when either the primary or both the primary and fallback uris throw an exception (instead of failing the Networking Diagnostic). Fixes #1215
**Changes since 2.2.2:** - Fix a GCM/Git Trace2 file locking issue - Issue: #1323 - PR: #1340 - Remove symlinks to `git-credential-manager-core` exe - Issue: #1322 - PR: #1327 - Add fallback http uri to `diagnose` command - Issue: #1215 - PR: #1339 - Workaround MSAL tenant issue with silent auth - Issue: #1297 - PR: #1321
Version:
2.0.886+ea93cb5158
OS:
ArchLinux
(on VM - minimal Arch install with BSPWM and Alacritty)/home/user-name/gcm-diagnose.log
The text was updated successfully, but these errors were encountered: