New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 594328 link

Starred by 4 users
Status: Verified
Owner:
cernekee@chromium.org
Last visit > 30 days ago
Closed: May 2016
Cc:
pauljensen@chromium.org
rsleevi@chromium.org
dskaram@chromium.org
bartfab@chromium.org
benchan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Connecting to third party VPN makes open TCP connections hang

Project Member Reported by cernekee@chromium.org, Mar 12 2016 
Chrome may have sockets open when a VPN connection is established, e.g.

localhost ~ # netstat -an | grep ESTABLISHED
tcp        0      0 <wifi_ip>:59021     74.125.28.95:443        ESTABLISHED

When a third party VPN comes up, the netfilter rules and routing tables are modified such that all traffic with UID 1000 is routed over tun0.  This seems to have a side effect of causing traffic on pre-existing sockets to be routed out tun0, but with wlan0's source IP address.  These connections then hang until they time out, which causes intermittent problems accessing Google services right after connecting to a VPN.

My proposed workaround is to call FlushSocketPoolsWithError(ERR_NETWORK_CHANGED) upon VPN connection or disconnection.  But I am not sure how to get ClientSocketPoolManagerImpl registered for a Chrome OS specific event (NetworkConnectionObserver).  Any thoughts on the best way to implement this?

Comment 1 by rsleevi@chromium.org, Mar 13 2016

Cc: pauljensen@chromium.org
Adding pauljensen who can better comment.

Comment 2 by eric.kuf...@kohls.com, Mar 15 2016 

We see hangs immediately after connecting to Cisco AnyConnect VPN on a Chromebook.

Comment 3 by cernekee@chromium.org, Mar 15 2016 

If you navigate to chrome://net-internals/#sockets and click "Flush socket pools", does that fix the hang?

That calls the FlushSocketPoolsWithError() function mentioned above, so if it works for you, then my proposed solution should fix the same issue.

Comment 4 by pauljensen@chromium.org, Mar 16 2016 

A VPN connecting should be detected as a network change, which on CrOS should flush all idle connections, close all SPDY/QUIC connections, and cancel all DNS resolution and TCP connect operations.  Please collect a net-internals log covering a VPN connect:
http://dev.chromium.org/for-testers/providing-network-details
Also, what does the "ifconfig" section of chrome://system say when a VPN is up?
Are there any directions for configuring a VPN on CrOS?

Comment 5 by cernekee@chromium.org, Mar 16 2016 

> A VPN connecting should be detected as a network change

Could you please point me to the code that handles this?  I'll add a printf and see if it's executing.

Comment 6 by pauljensen@chromium.org, Mar 16 2016 

Just collect a net-internals log and it will contain events indicating whether the network change was detected.

Comment 7 by denny.lo...@gmail.com, Mar 25 2016 

#CBC-RS/TC-watchlist

Comment 8 by cernekee@chromium.org, Mar 29 2016

Status: Started (was: Untriaged)
Landed https://android-review.googlesource.com/#/c/210176/

Will test with this for a while to see if the shill regression was causing the problem.

Comment 9 by cernekee@chromium.org, May 5 2016

Status: Fixed (was: Started)
I haven't seen any issues since the patch landed.  Marking as Fixed.

Comment 10 by patricia@chromium.org, May 23 2016

Status: Verified (was: Fixed)
Bulk verified

Sign in to add a comment