TCP Ping Rejected By Caddy


Does Caddy reject TCP ping from a particular client IP after ~30mins?

I have a client keeps doing TCP ping to a Caddy server, but TCP connect starts failing in ~30mins.


Hi @fshewl, welcome to the Caddy community!

I don’t believe there’s any reason Caddy would do that, except maybe with specific plugins.

I’d be investigating the network path.

Thanks for the help.

I will keep investigating, even though it’s very confusing to me.

We have a proxy that does TCP ping every 1 minutes, but in ~30mins, all the ping got RST.

What is your complete caddyfile and it runs on which OS?

The Caddyfile:

It runs in gvisor

I also enabled strace and noticed that before caddy started sending RST, it tried to read the following file but not found:
[ 8] caddy E newfstatat(0xffffffffffffff9c, 0xc0001fa160 /home/.caddy/ocsp, 0xc0002b2038, 0x100)
[ 8] caddy X newfstatat(0xffffffffffffff9c, 0xc0001fa160 /home/.caddy/ocsp, 0xc0002b2038, 0x100) = 0x0 errno=2 (no such file or directory) (99.593533ms)

Not sure if it’s related.

I also see a epoll_pwait errno = 4, interrupted system call error:
caddy X epoll_pwait(0x4, 0x7e0ae7ab4590, 0x80, 0xffffffff, null, 0x3) = 0x0 errno=4 (interrupted system call) (1.100222458s)

Did you try enabling error logs (error directive) and checking if cgi writes errors at the same time TCP seems to drop?

What kind of applications does the cgi run?

From the Caddyfile link, you’re running HTTP DOOM? Looks pretty neat.

Are you sure Caddy’s sending the RST?

It turns out it’s related to throttling the server CPU via cgroup. For some reason, TCP SYNC floods will cause the gVisor kernel / application stuck.

Thanks for all the help.

We disabled the TCP ping while the application is throttled. It’s all good now.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.