116-7 commented on issue #263: URL: https://github.com/apache/mina-sshd/issues/263#issuecomment-2268459993
@tomaswolf providing the Wireshark cap files will probably not be possible given the aforementioned bureaucracy. For context it's probably safe to assume that there are VPN tunnels, firewalls, and probably proxies in-between the client and server. For context the server is a Bitbucket server and clients are openssh through the git command. Given that the issue only occurs about 1/20 times even when attempting from the same client in the space of about 2 minutes and even when testing during times of low network activity (e.g. very early hours of the morning) my gut feel is that it may be mina-sshd related. There does seem to be an increase in the frequency of the error during times of server load e.g. towards the end of day when more people are committing their code. It's possible that there is some network path that is terminating and re-writing the packets incorrectly but given all the possible intermediate network hardware as well as the general opaqueness of the network/vlan/vpn/etc. it's not possible to trace the issue of such a device. I do have some screenshots from Wireshark though. 1) In the unsuccessful case the TCP handshake completes, the client sends its protocol negotiation but the server responds with its key exchange which then makes its way to the application layer which then panics when it seems the null chars at the start of the key exchange packet. <img width="738" src="https://github.com/user-attachments/assets/6035deba-48a4-44bb-bcd3-316e63621d99";> <img width="799" src="https://github.com/user-attachments/assets/6feca034-be42-402c-9c09-bed3db9df1bc";> 2) In the successful case the server's protocol negotiation comes through as expected with a relative sequence of 1 and the following server key exchange init has a sequence of 28. <img width="751" src="https://github.com/user-attachments/assets/1eab9c4e-c63a-491a-89f7-fed7a93f85e4";> <img width="653" src="https://github.com/user-attachments/assets/811ca942-fbf4-45b3-9193-c456186ef893";> <img width="667" src="https://github.com/user-attachments/assets/8b129ba6-95d6-41ac-89d4-b343d63119d4";> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
