failed to run ./server or ./server-warp

Question

failed to run ./server or ./server-warp

yc1997427 opened this issue 4 years ago · 24 comments

yc1997427 commented 4 years ago

Hi,

I tried to run ./server and ./server-warp, with the command ./server -b 50000 -i ens3f1 -p 4434,
It failed, got this error:
0.005 :0 ABORT: DIED [errno 2 = No such file or directory]
util_die at ??:?
init_tls_ctx at ??:?
q_init at ??:?
main at ??:?
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fa1e49cf09b]
_start at ??:?
Aborted

I succesfully ./server and ./server-warp with this command before, haven't got such error yet. Is it because quant has updated, and requires other arguments?

Answer 1 · 2020-11-17T05:08:08.000Z

You are not specifying a TLS certificate or a TLS key. The builtin defaults only work for when you execute from within the build directory.

Answer 2 · 2020-11-20T18:58:04.000Z

Hi, thank you very much. I've sucesfully set up the connection. But now it seems that, there is no data transport between client and server. The following is the trace log:

[removed by Lars]

Answer 3 · 2020-11-21T09:11:06.000Z

enc_close_frame frame.c:1726 CONNECTION_CLOSE 0x1c=quic err=0x130 frame=0x06 rlen=26 reason=PTLS error 48 (UNKNOWN_CA)

The client can't verify your server cert. You need to turn off cert verification if your very is not properly signed by a CA.

(Also, please look at the error messages yourself first? Just search the log?)

Answer 4 · 2020-11-22T23:39:35.000Z

Really appreciate for your kind reply, sorry for the bothering. I did look at the log myself, but I didn't think it was result of the cert verification since I didn't specify a certificate in the client command, and it shows the default for -c is false.

The command I run the client is this ./bin/client -b 50000 -i ens3f0 http://192.168.0.1:4433/50000000, without specifying the certficate. I searched in the repo to see is there a way to turn off the verification, but I failed to find it.

Answer 5 · 2020-11-23T07:38:57.000Z

Make sure you are on the latest version.

Also run with a much shorter request size while debugging (like 2048) so your log is not full of irrelevant things.

I assume you have made no modifications to the source?

And I assume you are running the quant server, built out of the same repo?

You don't specify the cert for the client, you specify it when you run the server. Do you use the dummy one that is created during the build process, or another one?

Can you post the command lines when you run the client and server, and are they running on the same machine?

Answer 6 · 2020-11-23T14:35:14.000Z

Yes, I'm on the latest version, I just cloned and built it recently.
I just add some lines of codes for bps printout, nothing else.
Yes, I'm running both quant server and client, running in Debug directory.
I saw the server -c default is default test/dummy.crt, so I didn't specify any certificate on both server and client. I'll rebuild the repo and check if the dummy one is created during the process
The command line I run is server is : sudo ip netns exec blue ./bin/server -b 50000 -i ens3f1 -p 4433,
run client is :sudo ip netns exec red ./bin/client -c -b 50000 -i ens3f0 http://192.168.0.1:4433/50000000

Answer 7 · 2020-11-23T17:35:53.000Z

Well you are telling the client with -c to verify the server cert, which will fail with the dummy cert you are having the server use. Omit the -c or use a proper signed cert from a CA.

You also need to specify a https URL for the client to retrieve and not a http one.

Answer 8 · 2020-11-24T19:43:14.000Z

Hi, sorry for the mistake. I've now omited all -c,
the server command is: sudo ip netns exec blue ./bin/server -b 50000 -i ens3f1 -p 4434
client command is : sudo ip netns exec red ./bin/client -b 50000 -r 20 -i ens3f0 https://192.168.0.1:4434/

But still getting Uknown_CA error, very strange. May I ask is there a way to turn off the verfication, didn't find any option in the code.

Answer 9 · 2020-11-25T07:11:53.000Z

If you use the dummy cert, you need to tell if use use the dummy CA cert for verification, i.e., give the client it -c test/dummy.ca.crt. (Sorry, I misremembered how -c works.)

Answer 10 · 2020-11-25T10:00:29.000Z

This time it doesn't report Unknown_CA, but reporting: reason=PTLS error 42 (BAD_CERTIFICATE)...really strange.

Answer 11 · 2020-11-25T12:05:41.000Z

The dummy cert only works for localhost.

Can you see if -c /dev/null works?

Or you need to make your own cert for the IP address your server is using, sign it with a dummy CA, and pass the CA cert to -c.

Answer 12 · 2020-12-13T22:57:52.000Z

Hi, sorry for late response. I've been too busy with other deadlines. I tried -c dev/null, it's also not working, reporting Unknow_CA. Now I'm looking at how to generate a cert and sign it. Havne't done this before. Sorry for the bothering.

Answer 13 · 2020-12-14T06:59:15.000Z

You don't need to generate one. If you are using the dummy cert and key for the server, you also need to tell the client to use the dummy CA cert for validating. See what bin/test.sh is doing.

Answer 14 · 2020-12-14T08:48:20.000Z

hi, thanks for the help, really appreciate! Yes, I also did that, but kept getting Bad Certificate, reason=PTLS error 42 (BAD_CERTIFICATE). I followed the commands in test.sh, but still not working.

Answer 15 · 2020-12-14T11:12:46.000Z

How do you run client and server now?

Answer 16 · 2020-12-14T11:16:14.000Z

This is how I run client: sudo ip netns exec red ./bin/client -c test/dummy.ca.crt -b 50000 -r 20 -i ens3f0 https://192.168.0.1:4434/

server: sudo ip netns exec blue ./bin/server -c test/dummy.crt -k test/dummy.key -b 50000 -i ens3f1 -p 4434

Answer 17 · 2020-12-14T11:24:47.000Z

That should work. I just ran the client and server like this:

bin/server -c test/dummy.crt -k test/dummy.key

bin/client -c test/dummy.ca.crt https://127.0.0.1/1000

and it worked fine over loopback.

When you run the above, does it work for you?

Answer 18 · 2020-12-14T11:27:49.000Z

This works, too, and turns of cert validation completely:

bin/client -c false https://127.0.0.1/1000

Answer 19 · 2020-12-14T11:28:42.000Z

Yes, they work, and no error reported. I'm guessing it is probably due to network namespaces? Since I'm running server from one namespace, and send traffic to another server then traverse back to the other namespace which client runs.

Answer 20 · 2020-12-14T11:39:21.000Z

Well, I hope you are running the client and server out of the same build directory, i.e., with the same dummy cert/key and CA cert? Because if you build the client in one directory and the server in another, obviously the certs will be different and then fail validation.

Answer 21 · 2020-12-14T11:42:21.000Z

Hi, I'm running client and server in the same directory,both in the Debug direcotory. But only under differnet network namespaces, I created 2 network namespaces, 1 is called red, one is blue, as shown in the commands. They are all using the same certs.

Answer 22 · 2020-12-14T11:45:17.000Z

The namespaces should not matter when it comes to reading files. What happens if you run the client and server with namespaces over loopback?

Answer 23 · 2020-12-14T11:47:32.000Z

Also, what happens if you run the client with -c false in your setup? (As I wrote above, the dummy cert only works for localhost.)

Answer 24 · 2020-12-14T11:51:32.000Z

Yes!!!!!!They are working now, working with -c false, thank you very much!!! I sincerely appreciate! Thanks a lot!