Bug #17878

[container shell] confusing error "channel 3: bad ext data" when forwarding tcp traffic into a container with API: false

Added by Tom Clegg 7 months ago.

Assigned To:
Target version:
Start date:
Due date:
% Done:


Estimated time:
Story points:


Currently, the "container shell" port forwarding feature only works on containers with network access enabled via RuntimeConstraints: {API: true} (aside: it is possible for crunch-run to enable the required networking features on the fly to make it work on containers with API: false but this is not yet implemented).

When the container does not have networking enabled, "arvados-client shell {uuid} -L1234:localhost:1234" at first appears to work (it doesn't complain or fail), but when a client tries to use this connection, mysterious error messages appear:

(on client host)

$ go tool pprof -http :6060 http://localhost:6000/debug/pprof/goroutine
Fetching profile over HTTP from http://localhost:6000/debug/pprof/goroutine
http://localhost:6000/debug/pprof/goroutine: Get "http://localhost:6000/debug/pprof/goroutine": EOF

(in arvados-client shell session)

channel 3: bad ext data

In this situation where port forwarding isn't supported, the SSH server should print a message on the client's stderr when first setting up the SSH connection with port forwarding enabled, and/or print a more helpful message on the client's stderr when attempting to connect to the forwarded port.

Also available in: Atom PDF