git pull hangs

Marco Morandini marco.morandini at polimi.it
Tue Oct 27 14:44:15 UTC 2020 

> The git server is run by Open Source Labs at Ohio State University. It
> would be surprising if you were blacklisted there. Have you checked with
> your IT folks about whether they are prohibiting some traffic?

Apologize for bothering you again about this,
but we really need an help or a suggestion
from someone else from the other side of the wall,
since here we have exhausted the tests we can think of.

The status is as this:

- lyx's git uses the git protocol (port 9418)
- we can reliably connect to other git servers that use the same port and protocol
   (e.g.
    git clone git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
    works flaslessly)
- lyx is not blacklistd on our side
- telnetting to git.lyx.org on port 9418 always works
- we tried, without success, with different operating systems and different git versions
- the client git log shows a successfull connection to the server:

marco at spark:~> git clone --verbose git://git.lyx.org/lyx
Cloning into 'lyx'...
Looking up git.lyx.org ... done.
Connecting to git.lyx.org (port 9418) ... 140.211.9.84 done.

- what we can observe by sniffing the network traffic is that the tcp-ip connections
   do works (we correctly receive tcp packets with ACK from server)
- the last packet that is sent from the client uses the git protocol asking for some repository metadata (or
   header?). After this the server, after a few seconds (say 20 or30), sends a connection reset
   (a tcp packet with a reset flag).
   i.e. after

CLIENT: git-upload-pack /lyxhost=git.lyx.org
SERVER sends TCP packet with ACK flag
   
   we see nothing till the reset


What really gets us crazy is that there is a single internal ip from which the connection works with the lyx git server.
For that working ip after

CLIENT: git-upload-pack /lyxhost=git.lyx.org
SERVER sends TCP packet with ACK flag

we immediately get a second packet from the server (git protocol) with

009bb7f632ca1c624e0c81d73d0a03b7d5f8154ab9e5 HEAD multi_ack thin-pack side-band side-band-64k ofs-delta shallow no-progress include-tag multi_ack_detailed

and, after this packets fly back and forth

Assigning that internal ip to different machines (be them windows-based or linux-based) allows them to fetch
the repository. The nat is the same for the working and not-working internal systems
(131.175.154.248 , i.e. nat-staff.aero.polimi.it ). However, our network guys are unable to spot any
difference between the non-working internal addresses and the only one tat works.

It seems that the last packet is somehow malformed, and that the server timeouts.

And now the questions:

would it be possible to get a log from the server on your side?
Or could you give a look?
On our side we can make whatever test you may ask for.

Thank you for your attention,

Marco & Marco

More information about the lyx-devel mailing list