BGPalerter [1.33.0] httpProxy usage not working anymore

Hello,

With version 1.33.0, "httpProxy" configuration is not working anymore for updates check and RPKI monitoring (RIS connection is still OK)

You'll find bellow some logs and tcpdump outputs :

2024-03-06T14:25:10+01:00 info: ris connector connected (instance:29e88f3c-f77a-4bfe-bd46-97eba8df3a88 connection:11ef5fe1-c11f-49da-8c2d-0fdf9817ceae)
2024-03-06T14:25:24+01:00 error: The VRP list cannot be downloaded. The RPKI monitoring should be working anyway with one of the on-line providers.
2024-03-06T14:25:44+01:00 error: It was not possible to check for software updates
2024-03-06T14:25:48+01:00 error: RPKI validation failed due to:TypeError: fetch failed

root@xxxxxxxxxxx:/home/bgpalerter# tcpdump -i eth0 dst port 443
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

14:25:02.288744 IP xxxxxxxxxxx.33420 > wbr5.webrobotics.net.https: Flags [S], seq 2189867168, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:02.288816 IP xxxxxxxxxxx.36894 > 199.232.171.52.https: Flags [S], seq 1834668875, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:03.308469 IP xxxxxxxxxxx.36894 > 199.232.171.52.https: Flags [S], seq 1834668875, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:03.308501 IP xxxxxxxxxxx.33420 > wbr5.webrobotics.net.https: Flags [S], seq 2189867168, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:05.324479 IP xxxxxxxxxxx.33420 > wbr5.webrobotics.net.https: Flags [S], seq 2189867168, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:05.324508 IP xxxxxxxxxxx.36894 > 199.232.171.52.https: Flags [S], seq 1834668875, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:09.484463 IP xxxxxxxxxxx.36894 > 199.232.171.52.https: Flags [S], seq 1834668875, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:09.484491 IP xxxxxxxxxxx.33420 > wbr5.webrobotics.net.https: Flags [S], seq 2189867168, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:14.185798 IP xxxxxxxxxxx.33996 > wbr5.webrobotics.net.https: Flags [S], seq 1085971897, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:14.185887 IP xxxxxxxxxxx.51834 > 199.232.171.52.https: Flags [S], seq 3212199509, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:15.212471 IP xxxxxxxxxxx.51834 > 199.232.171.52.https: Flags [S], seq 3212199509, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:15.212500 IP xxxxxxxxxxx.33996 > wbr5.webrobotics.net.https: Flags [S], seq 1085971897, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:17.228466 IP xxxxxxxxxxx.33996 > wbr5.webrobotics.net.https: Flags [S], seq 1085971897, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:17.228494 IP xxxxxxxxxxx.51834 > 199.232.171.52.https: Flags [S], seq 3212199509, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:21.260469 IP xxxxxxxxxxx.51834 > 199.232.171.52.https: Flags [S], seq 3212199509, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:21.260498 IP xxxxxxxxxxx.33996 > wbr5.webrobotics.net.https: Flags [S], seq 1085971897, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:22.302199 IP xxxxxxxxxxx.40488 > cdn-185-199-110-133.github.com.https: Flags [S], seq 2054678021, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:23.308468 IP xxxxxxxxxxx.40488 > cdn-185-199-110-133.github.com.https: Flags [S], seq 2054678021, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:25.324466 IP xxxxxxxxxxx.40488 > cdn-185-199-110-133.github.com.https: Flags [S], seq 2054678021, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:29.452462 IP xxxxxxxxxxx.40488 > cdn-185-199-110-133.github.com.https: Flags [S], seq 2054678021, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
14:25:34.307188 IP xxxxxxxxxxx.57610 > cdn-185-199-109-133.github.com.https: Flags [S], seq 3663576359, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
[...]

I don't know if this issue is link to this modification in the file "env.js" :

... or due to the "https-proxy-agent" package update (from 5.0.1 to 7.0.2)

Best regards,

Philippe

Mar 06 '24 15:03 Plipplopplip

Hello,

After reading "https-proxy-agent" changelogs, I found this major change

it seems that the package don't use the deprecated url.parse method anymore

Thanks

Mar 06 '24 20:03 Plipplopplip

Hi @Plipplopplip,

Thanks for reporting this. I pushed a commit in dev to fix this. The proxy feature is one of the features I really didn't want to merge into the codebase. I don't think it is a relevant feature for the majority of the users but it adds complexity and increased the amount of features that need to be maintained. I really would like to drop it altogether in the long run. In any case, thanks again for reporting this.

Mar 15 '24 13:03 massimocandela

Hi @massimocandela,

I think that the issue is not entirely resolved. After applying your fix, it seems that there are still connectivity issues in different places:

File: stdout

> [email protected] serve
> babel-node index.js -c /local/config.yml

Loaded config: /local/config.yml
BGPalerter, version: 1.33.0 environment: production
[...]
TypeError: fetch failed
    at Object.fetch (node:internal/deps/undici/undici:11730:11)
    at processTicksAndRejections (node:internal/process/task_queues:95:5) {
  cause: ConnectTimeoutError: Connect Timeout Error
      at onConnectTimeout (node:internal/deps/undici/undici:6869:28)
      at node:internal/deps/undici/undici:6825:50
      at Immediate._onImmediate (node:internal/deps/undici/undici:6857:13)
      at processImmediate (node:internal/timers:476:21) {
    code: 'UND_ERR_CONNECT_TIMEOUT'
  }
}
[...]

File: error-2024-03-19.log

[...]
2024-03-19T16:58:49+00:00 error: The VRP list cannot be downloaded. The RPKI monitoring should be working anyway with one of the on-line providers.
2024-03-19T16:59:10+00:00 error: It was not possible to check for software updates
2024-03-19T16:59:17+00:00 error: RPKI validation failed due to:TypeError: fetch failed
2024-03-19T16:59:46+00:00 error: RPKI validation failed due to:TypeError: fetch failed
2024-03-19T17:00:11+00:00 error: RPKI validation failed due to:TypeError: fetch failed
[...]

Also, for reference I can confirm that the container does have HTTP/HTTPS Internet access and that the same proxy is configured in BGPAlerter configuration file:

/opt/bgpalerter # ack httpProxy src/
src/env.js
195:if (config.httpProxy) {
197:    vector.agent = new HttpsProxyAgent(config.httpProxy);

src/generatePrefixesList.js
20:        httpProxy,
42:    if (httpProxy) {
44:        proxy = new HttpsProxyAgent(httpProxy);
[...]

/opt/bgpalerter # cat /local/config.yml | grep httpProxy
httpProxy: http://proxy.address:port

/opt/bgpalerter # https_proxy=http://proxy.address:port curl -v --silent https://raw.githubusercontent.com/nttgin/BGPalerter/main/package.json 2>&1 | grep version
  "version": "1.33.0",

Mar 20 '24 14:03 tgreenx

Hi @massimocandela,

Did you have some time to investigate this further?

Thanks,

Apr 30 '24 15:04 tgreenx

BGPalerter BGPalerter copied to clipboard

[1.33.0] httpProxy usage not working anymore

BGPalerter
BGPalerter copied to clipboard