Bug#636292: MD5Sum mismatch is due to multiple DNS queries!

To: jidanni@jidanni.org
Cc: hmh@debian.org, 636292@bugs.debian.org, debian-mirrors@lists.debian.org
Subject: Bug#636292: MD5Sum mismatch is due to multiple DNS queries!
From: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 12 Aug 2011 01:03:20 +0200
Message-id: <[🔎] 20110811230320.GA25451@roeckx.be>
Reply-to: Kurt Roeckx <kurt@roeckx.be>, 636292@bugs.debian.org
In-reply-to: <[🔎] 871uwz1pig.fsf@jidanni.org>
References: <[🔎] 20110805204327.GA1093@khazad-dum.debian.net> <[🔎] 871uwz1pig.fsf@jidanni.org>

On Sat, Aug 06, 2011 at 06:07:19AM +0800, jidanni@jidanni.org wrote:
> Ha ha ha, it really does split a single apt-get update into two
> different places completely across the Internet.
> 
> Any maybe even for singular servers like rocky-mountain... maybe
> upstream from it is the same splitting problem somewhere.
> 
> Anyway here we go:
> # cat /etc/apt/sources.list.d/*
> deb http://ftp.us.debian.org/debian unstable contrib
> # tcpflow -i ppp0 &
> # apt-get update
> # ls -og /tmp/m
> -rw-r--r-- 1 146150 Aug  6 05:54 064.050.233.100.00080-218.163.001.135.45826
> -rw-r--r-- 1  68985 Aug  6 05:54 199.006.012.070.00080-218.163.001.135.56243
> -rw-r--r-- 1    185 Aug  6 05:54 218.163.001.135.45826-064.050.233.100.00080
> -rw-r--r-- 1   1432 Aug  6 05:54 218.163.001.135.56243-199.006.012.070.00080
> $ host ftp.us.debian.org
> ftp.us.debian.org has address 128.30.2.36
> ftp.us.debian.org has address 199.6.12.70
> ftp.us.debian.org has address 35.9.37.225
> ftp.us.debian.org has address 64.50.233.100
> ftp.us.debian.org has address 64.50.236.52
> ftp.us.debian.org has IPv6 address 2001:500:61:28::70

So let's take a real look at what it does:
First it does some UDP thing to all IP addresses:
[pid 25433] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
[pid 25433] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("128.30.2.36")}, 16) = 0
[pid 25433] getsockname(3, {sa_family=AF_INET, sin_port=htons(49660), sin_addr=inet_addr("10.0.200.1")}, [16]) = 0
[pid 25433] connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
[pid 25433] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("199.6.12.70")}, 16) = 0
[pid 25433] getsockname(3, {sa_family=AF_INET, sin_port=htons(35821), sin_addr=inet_addr("10.0.200.1")}, [16]) = 0
[pid 25433] connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
[pid 25433] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("35.9.37.225")}, 16) = 0
[pid 25433] getsockname(3, {sa_family=AF_INET, sin_port=htons(52379), sin_addr=inet_addr("10.0.200.1")}, [16]) = 0
[pid 25433] connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
[pid 25433] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("64.50.233.100")}, 16) = 0
[pid 25433] getsockname(3, {sa_family=AF_INET, sin_port=htons(39421), sin_addr=inet_addr("10.0.200.1")}, [16]) = 0
[pid 25433] connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
[pid 25433] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("64.50.236.52")}, 16) = 0
[pid 25433] getsockname(3, {sa_family=AF_INET, sin_port=htons(37020), sin_addr=inet_addr("10.0.200.1")}, [16]) = 0
[pid 25433] close(3)                    = 0
[pid 25433] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3
[pid 25433] connect(3, {sa_family=AF_INET6, sin6_port=htons(80), inet_pton(AF_INET6, "2001:500:61:28::70", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid 25433] getsockname(3, {sa_family=AF_INET6, sin6_port=htons(50188), inet_pton(AF_INET6, "2001:0:53aa:64c:2ca7:460f:aeac:9430", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
[pid 25433] close(3)                    = 0

No idea what it's really trying to do, but I guess it's trying to see which if they're routable.
The AF_UNSPEC part probably doesn't make much sense.

Then it goes on with:
[pid 25433] socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
[pid 25433] fcntl(3, F_GETFL)           = 0x2 (flags O_RDWR)
[pid 25433] fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 25433] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("128.30.2.36")}, 16) = -1 EINPROGRESS (Operation now in progress)
[...]
[pid 25433] write(3, "GET /debian/dists/sid/InRelease HTTP/1.1\r\nHost: ftp.us.debian.org\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\nIf-Modified-Since: Thu, 11 Aug 2011 20:22:47 GMT\r\nUser-Agent: Debian APT-HTTP/1.3 (0.8.15.5)\r\n\r\n", 213) = 213
[...]
[pid 25433] read(3, "HTTP/1.1 304 Not Modified\r\nDate: Thu, 11 Aug 2011 22:32:27 GMT\r\nServer: Apache/2.2.9 (Debian)\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=15, max=100\r\nETag: \"1d0a203-239d0-4aa408f6173c0\"\r\n\r\n", 65536) = 191
[...]
[pid 25433] write(3, "GET /debian/dists/sid/main/binary-amd64/Packages.diff/Index HTTP/1.1\r\nHost: ftp.us.debian.org\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\nIf-Modified-Since: Thu, 11 Aug 2011 20:16:48 GMT\r\nUser-Agent: Debian APT-HTTP/1.3 (0.8.15.5)\r\n\r\n", 241) = 241
[...]
[pid 25433] read(3, "HTTP/1.1 304 Not Modified\r\nDate: Thu, 11 Aug 2011 22:32:28 GMT\r\nServer: Apache/2.2.9 (Debian)\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=15, max=99\r\nETag: \"1d0a308-7f6-4aa4079fb8c00\"\r\n\r\n", 65345) = 188

So it looked for the InRelease and Packages file over the same connection.

And than for some unclear reason to me it closes and opens the connection again to get the i18n files:

[pid 25433] close(3)                    = 0
[pid 25433] read(0, 0x7fff66c68790, 64000) = -1 EAGAIN (Resource temporarily unavailable)
[pid 25433] close(4294967295)           = -1 EBADF (Bad file descriptor)
[pid 25433] write(1, "102 Status\nURI: http://ftp.us.debian.org/debian/dists/sid/main/i18n/Index\nMessage: Connecting to ftp.us.debian.org (199.6.12.70)\n\n", 130) = 130
[pid 25433] socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
[pid 25433] fcntl(3, F_GETFL)           = 0x2 (flags O_RDWR)
[pid 25433] fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 25433] connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("199.6.12.70")}, 16) = -1 EINPROGRESS (Operation now in progress)
[...]
[pid 25433] write(3, "GET /debian/dists/sid/main/i18n/Index HTTP/1.1\r\nHost: ftp.us.debian.org\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\nIf-Modified-Since: Thu, 11 Aug 2011 19:55:34 GMT\r\nUser-Agent: Debian APT-HTTP/1.3 (0.8.15.5)\r\n\r\n", 219 <unfinished ...>
[...]
[pid 25433] read(3, "HTTP/1.1 304 Not Modified\r\nServer: nginx/0.8.54\r\nDate: Thu, 11 Aug 2011 22:32:46 GMT\r\nLast-Modified:
Thu, 11 Aug 2011 19:55:34 GMT\r\nConnection: keep-alive\r\n\r\n", 65536) = 158
[...]
[pid 25433] exit_group(100)             = ?

(It stops the program without closing the socket.)

This i18n/Index file is also covered by the InRelease, so this clearly is a problem.


Kurt

Reply to:

References:
- Bug#636292: MD5Sum mismatch is due to multiple DNS queries!
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Bug#636292: MD5Sum mismatch is due to multiple DNS queries!
  - From: jidanni@jidanni.org

Prev by Date: Bug#636292: MD5Sum mismatch is due to multiple DNS queries!
Next by Date: Bug#637484: /usr/bin/apt-ftparchive: apt-ftparchive doesn't create directories
Previous by thread: Bug#636292: MD5Sum mismatch is due to multiple DNS queries!
Next by thread: Bug#636796: use compression on first part of update transaction too
Index(es):
- Date
- Thread