Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Timeout on pip commands when Windows defender for public network is turned on #6992

Closed
1 of 2 tasks
alkesander opened this issue May 26, 2021 · 12 comments
Closed
1 of 2 tasks

Timeout on pip commands when Windows defender for public network is turned on #6992

alkesander opened this issue May 26, 2021 · 12 comments
Labels
network

Comments

@alkesander
Copy link

Windows Build Number

Microsoft Windows [Version 10.0.19042.985]

WSL Version

  • WSL 2
  • WSL 1

Kernel Version

5.4.72

Distro Version

Ubunto 20.04

Other Software

Python 3.8.5
pip 21.1.2

Repro Steps

  1. Install wsl2 (https://docs.microsoft.com/en-us/windows/wsl/install-win10)
  2. Allow traffic to wsl by executing in powershell: New-NetFirewallRule -DisplayName "WSL by interface" -Direction Inbound -InterfaceAlias "vEthernet (WSL)" -Action Allow
  3. Check that ping google.com works now
  4. Turn off windows defender for public networks
  5. Execute in wsl: pip --verbose install --upgrade pip
  6. See it finishes with success
  7. Turn on windows defender
  8. Execute in wsl again: pip --verbose install --upgrade pip
  9. See it fail after long time due to timeout.

Expected Behavior

pip is working fine on WSL with defender turned on.

Actual Behavior

pip is failing with defender turned on

Diagnostic Logs

Please let me know what can be helpful to debug this issue. I was trying to add a rule to whitelist all traffic to windows defender but it wasn't working. Only turning it off for public networks resulted in success.
@OneBlue
Copy link
Collaborator

OneBlue commented Jun 1, 2021

Thanks for reporting this @alkesander.

This looks like a networking issue. Can you please follow the Networking issues
 section, and share the script output and wsl.etl ?

@Apreche
Copy link

Apreche commented Jun 4, 2021
edited
Loading

@OneBlue I am having the same issue as @alkesander. I have run the diagnostics. Here is the script output. How can I share the wsl.etl file with you? It is 50MB.

Here is the output of networking.bat run from powershell on Windows.

HNS objects:
{
    "ActivityId":"5CE7A879-5E8E-41BA-8624-D8A8666A1A99",
    "AdditionalParams":{

    },
    "CurrentEndpointCount":1,
    "DNSServerList":"172.25.160.1",
    "Extensions":[
        {
            "Id":"E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A",
            "IsEnabled":false,
            "Name":"Microsoft Windows Filtering Platform"
        },
        {
            "Id":"E9B59CFA-2BE1-4B21-828F-B6FBDBDDC017",
            "IsEnabled":false,
            "Name":"Microsoft Azure VFP Switch Extension"
        },
        {
            "Id":"430BDADD-BAB0-41AB-A369-94B67FA5BE0A",
            "IsEnabled":true,
            "Name":"Microsoft NDIS Capture"
        }
    ],
    "Flags":9,
    "GatewayMac":"00-15-5D-D2-4C-64",
    "Health":{
        "AddressNotificationMissedCount":0,
        "AddressNotificationSequenceNumber":0,
        "DHCPNotificationMissedCount":0,
        "DHCPNotificationSequenceNumber":0,
        "DNSCacheNotificationMissedCount":0,
        "DNSCacheNotificationSequenceNumber":0,
        "DNSNotificationMissedCount":0,
        "DNSNotificationSequenceNumber":0,
        "InterfaceNotificationMissedCount":0,
        "InterfaceNotificationSequenceNumber":0,
        "LastErrorCode":0,
        "LastUpdateTime":132672444492337154,
        "MacAddressNotificationMissedCount":0,
        "MacAddressNotificationSequenceNumber":0,
        "NeighborNotificationMissedCount":0,
        "NeighborNotificationSequenceNumber":0,
        "RouteNotificationMissedCount":0,
        "RouteNotificationSequenceNumber":0,
        "XlatNotificationMissedCount":0,
        "XlatNotificationSequenceNumber":0
    },
    "ID":"B95D0C5E-57D4-412B-B571-18A81A16E005",
    "IPv6":false,
    "IsolateSwitch":true,
    "LayeredOn":"0B957019-55C2-43AE-A6E2-912CC35DFA45",
    "MacPools":[
        {
            "EndMacAddress":"00-15-5D-D2-4F-FF",
            "StartMacAddress":"00-15-5D-D2-40-00"
        }
    ],
    "MaxConcurrentEndpoints":1,
    "Name":"WSL",
    "NatName":"ICSA293EC36-B4E7-4283-B4ED-23598DD69A61",
    "Policies":[

    ],
    "State":1,
    "Subnets":[
        {
            "AdditionalParams":{

            },
            "AddressPrefix":"172.25.160.0/20",
            "Flags":0,
            "GatewayAddress":"172.25.160.1",
            "Health":{
                "LastErrorCode":0,
                "LastUpdateTime":132672444492337154
            },
            "ID":"3A9E0269-304E-4ED1-BDDB-E60692AF9005",
            "IpSubnets":[
                {
                    "AdditionalParams":{

                    },
                    "Flags":3,
                    "Health":{
                        "LastErrorCode":0,
                        "LastUpdateTime":132672444492337154
                    },
                    "ID":"8F6EDC35-AB78-4306-AC48-BE62F4CA130E",
                    "IpAddressPrefix":"172.25.160.0/20",
                    "ObjectType":6,
                    "Policies":[

                    ],
                    "State":0
                }
            ],
            "ObjectType":5,
            "Policies":[

            ],
            "State":0
        }
    ],
    "TotalEndpoints":1,
    "Type":"ICS",
    "Version":47244640267,
    "Layer":{
        "ActivityId":"EEB8C5DB-6A30-45F7-B31E-8C85B0C018A0",
        "AdditionalParams":{

        },
        "Extensions":[
            {
                "Id":"E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A",
                "IsEnabled":false,
                "Name":"Microsoft Windows Filtering Platform"
            },
            {
                "Id":"E9B59CFA-2BE1-4B21-828F-B6FBDBDDC017",
                "IsEnabled":false,
                "Name":"Microsoft Azure VFP Switch Extension"
            },
            {
                "Id":"430BDADD-BAB0-41AB-A369-94B67FA5BE0A",
                "IsEnabled":true,
                "Name":"Microsoft NDIS Capture"
            }
        ],
        "Flags":0,
        "Health":{
            "LastErrorCode":0,
            "LastUpdateTime":132672444492337154
        },
        "ID":"0B957019-55C2-43AE-A6E2-912CC35DFA45",
        "IsFSE":false,
        "IsSDN":false,
        "MacPools":[
            {
                "EndMacAddress":"00-15-5D-FD-EF-FF",
                "StartMacAddress":"00-15-5D-FD-E0-00"
            }
        ],
        "Name":"WSL",
        "Policies":[

        ],
        "State":0,
        "SubType":"NAT",
        "SupportsIpv6":false,
        "Type":"Layered",
        "Version":47244640267,
        "Resources":{
            "AdditionalParams":{

            },
            "AllocationOrder":1,
            "Allocators":[
                {
                    "AdditionalParams":{

                    },
                    "AllocationOrder":0,
                    "ExternalNic":false,
                    "Flags":0,
                    "Health":{
                        "LastErrorCode":0,
                        "LastUpdateTime":132672444492337154
                    },
                    "ID":"4E3415AF-3CB5-45BD-8178-EDC0E99A2D9E",
                    "IsPolicy":false,
                    "IsolateSwitch":true,
                    "MacAddress":"WSL",
                    "State":3,
                    "SwitchAllocated":true,
                    "SwitchId":"3000B952-C66E-4C8F-A474-645308CD43C1",
                    "Tag":"Virtual Switch"
                }
            ],
            "CompartmentOperationTime":0,
            "Flags":0,
            "Health":{
                "LastErrorCode":0,
                "LastUpdateTime":132672444492337154
            },
            "ID":"EEB8C5DB-6A30-45F7-B31E-8C85B0C018A0",
            "PortOperationTime":0,
            "State":1,
            "SwitchOperationTime":0,
            "VfpOperationTime":0
        }
    },
    "Resources":{
        "AdditionalParams":{

        },
        "AllocationOrder":2,
        "Allocators":[
            {
                "AdapterNetCfgInstanceId":"{A293EC36-B4E7-4283-B4ED-23598DD69A61}",
                "AdditionalParams":{

                },
                "AllocationOrder":0,
                "CompartmendId":0,
                "Connected":true,
                "DNSFirewallRules":true,
                "DevicelessNic":false,
                "DhcpDisabled":true,
                "EndpointNicGuid":"357D0DAC-ED0E-4E61-B9BC-A754E1440482",
                "EndpointPortGuid":"764DD1F1-1835-4372-A08D-B04C9B9CF3C9",
                "Flags":0,
                "Health":{
                    "LastErrorCode":0,
                    "LastUpdateTime":132672444493784113
                },
                "ID":"6CABD6C1-C257-4A31-9356-F226061A7224",
                "InterfaceGuid":"A293EC36-B4E7-4283-B4ED-23598DD69A61",
                "IsPolicy":false,
                "IsolationId":0,
                "MacAddress":"00-15-5D-F3-06-78",
                "ManagementPort":true,
                "NcfHidden":false,
                "NicFriendlyName":"WSL",
                "NlmHidden":true,
                "PreferredPortFriendlyName":"Container NIC 6cabd6c1",
                "State":3,
                "SwitchId":"3000B952-C66E-4C8F-A474-645308CD43C1",
                "Tag":"Host Vnic",
                "WaitForIpv6Interface":false,
                "nonPersistentPort":false
            },
            {
                "AdditionalParams":{

                },
                "AllocationOrder":1,
                "Dhcp":false,
                "Dns":true,
                "ExternalInterfaceConstraint":0,
                "Flags":0,
                "Health":{
                    "DHCPState":1,
                    "DNSState":2,
                    "ICSState":2,
                    "LastErrorCode":0,
                    "LastUpdateTime":132672444495012111
                },
                "ICSDHCPFlags":0,
                "ICSFlags":0,
                "ID":"99DAB985-1BF3-4AE1-9E69-5D68751C1D30",
                "IsPolicy":false,
                "Prefix":20,
                "PrivateInterfaceGUID":"A293EC36-B4E7-4283-B4ED-23598DD69A61",
                "State":3,
                "SubnetIPAddress":"172.25.160.0",
                "Tag":"ICS"
            }
        ],
        "CompartmentOperationTime":0,
        "Flags":0,
        "Health":{
            "LastErrorCode":0,
            "LastUpdateTime":132672444493784113
        },
        "ID":"5CE7A879-5E8E-41BA-8624-D8A8666A1A99",
        "PortOperationTime":0,
        "State":1,
        "SwitchOperationTime":0,
        "VfpOperationTime":0,
        "parentId":"EEB8C5DB-6A30-45F7-B31E-8C85B0C018A0"
    }
}
{
    "ID":"47f305a3-5d52-4a26-8aa2-a7fe879fde2d",
    "Name":"Ethernet",
    "Version":47244640267,
    "AdditionalParams":{
        "SwitchId":"3000B952-C66E-4C8F-A474-645308CD43C1",
        "SwitchPortId":"DD3819C4-62C2-4C48-9236-167EB9EA855F"
    },
    "State":2,
    "VirtualNetwork":"b95d0c5e-57d4-412b-b571-18a81a16e005",
    "VirtualNetworkName":"WSL",
    "MacAddress":"00-15-5D-D2-4A-6C",
    "IPAddress":"172.25.171.182",
    "PrefixLength":20,
    "GatewayAddress":"172.25.160.1",
    "IPSubnetId":"8f6edc35-ab78-4306-ac48-be62f4ca130e",
    "DNSServerList":"172.25.160.1",
    "SharedContainers":[

    ],
    "VirtualMachine":"F79D586A-CAB1-4716-85B0-82E7A7FB941B"
}
{
    "ActivityId":"3ECEECDC-BBD4-454B-815E-558F76BE14D3",
    "AdditionalParams":{

    },
    "CompartmentGuid":"B1062982-2B18-4B4F-B3D5-A78DDB9CDD49",
    "CompartmentId":1,
    "Containers":[

    ],
    "Flags":0,
    "Health":{
        "LastErrorCode":0,
        "LastUpdateTime":132672444380425931
    },
    "ID":"910F7D92-BA2D-4C3F-98AE-7C0AC590D2DC",
    "IsDefault":true,
    "Policies":[

    ],
    "State":1,
    "Version":47244640267
}
Routing table:
===========================================================================
Interface List
  5...70 85 c2 6c 26 05 ......Intel(R) Ethernet Connection (2) I219-V
  1...........................Software Loopback Interface 1
 10...00 15 5d f3 06 78 ......Hyper-V Virtual Ethernet Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     172.25.160.0    255.255.240.0         On-link      172.25.160.1   5256
     172.25.160.1  255.255.255.255         On-link      172.25.160.1   5256
   172.25.175.255  255.255.255.255         On-link      172.25.160.1   5256
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    281
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    281
        224.0.0.0        240.0.0.0         On-link      172.25.160.1   5256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    281
  255.255.255.255  255.255.255.255         On-link      172.25.160.1   5256
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  5    281 fe80::/64                On-link
 10   5256 fe80::/64                On-link
  5    281 fe80::48ac:ab7:b6bf:7bd7/128
                                    On-link
 10   5256 fe80::a826:5853:1e34:e120/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    281 ff00::/8                 On-link
 10   5256 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
Deleting HNS network
The LxssManager service is stopping.
The LxssManager service was stopped successfully.



Name               : HnsPacketCapture
CaptureMode        : SaveToFile
LocalFilePath      : D:\Desktop\WSL-master\WSL-master\diagnostics\\packets.etl
MaxFileSize        : 250 MB
TraceBufferSize    : 0 KB
MaxNumberOfBuffers : 0
SessionStatus      : NotRunning





Name               : Microsoft-Windows-NDIS-PacketCapture
SessionName        : HnsPacketCapture
Level              : 5
MatchAnyKeyword    : 0xFFFFFFFFFFFFFFFF
MatchAllKeyword    : 0x0
CaptureType        : BothPhysicalAndSwitch
VmCaptureDirection : IngressAndEgress
MultiLayer         : False
LinkLayerAddress   : {}
EtherType          : {}
IpAddresses        : {}
IpProtocols        : {}
TruncationLength   : 128



+ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.2 LTS
Release:        20.04
Codename:       focal
+ uname -a
Linux CINDI 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
+ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 12:20:25:0d:84:fd brd ff:ff:ff:ff:ff:ff
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 56:a1:37:4d:96:2e brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:c7:93:fa brd ff:ff:ff:ff:ff:ff
    inet 172.23.9.240/20 brd 172.23.15.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fec7:93fa/64 scope link
       valid_lft forever preferred_lft forever
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
+ ip route show
default via 172.23.0.1 dev eth0
172.23.0.0/20 dev eth0 proto kernel scope link src 172.23.9.240
++ ip route show
++ awk '/default/ { print $3 }'
+ gateway=172.23.0.1
+ '[' 0 '!=' 0 ']'
+ ping -c 4 172.23.0.1
PING 172.23.0.1 (172.23.0.1) 56(84) bytes of data.

--- 172.23.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3088ms

+ ping -c 4 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=3.88 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=5.91 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=58 time=6.66 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=58 time=9.62 ms

--- 1.1.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 3.881/6.518/9.621/2.059 ms
+ traceroute 1.1.1.1
bash: line 24: traceroute: command not found
+ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.23.0.1
+ which curl
+ curl -m 5 -v https://microsoft.com
*   Trying 104.215.148.63:443...
* TCP_NODELAY set
* Connected to microsoft.com (104.215.148.63) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=microsoft.com
*  start date: Feb 10 03:42:54 2021 GMT
*  expire date: Feb 10 03:42:54 2022 GMT
*  subjectAltName: host "microsoft.com" matched cert's "microsoft.com"
*  issuer: C=US; O=Microsoft Corporation; CN=Microsoft RSA TLS CA 01
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55e9490b2820)
> GET / HTTP/2
> Host: microsoft.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 301
< date: Fri, 04 Jun 2021 01:54:57 GMT
< location: https://www.microsoft.com/
< server: Kestrel
< content-length: 0
<
* Connection #0 to host microsoft.com left intact

Here is the output of networking.sh when run from inside of the Ubuntu 20.04 on WSL2.

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.2 LTS
Release:        20.04
Codename:       focal
+ uname -a
Linux CINDI 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
+ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 96:c3:35:25:9a:11 brd ff:ff:ff:ff:ff:ff
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 26:e3:cd:2a:83:c1 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:c7:97:70 brd ff:ff:ff:ff:ff:ff
    inet 172.23.9.64/20 brd 172.23.15.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fec7:9770/64 scope link
       valid_lft forever preferred_lft forever
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
+ ip route show
default via 172.23.0.1 dev eth0
172.23.0.0/20 dev eth0 proto kernel scope link src 172.23.9.64
++ ip route show
++ awk '/default/ { print $3 }'
+ gateway=172.23.0.1
+ '[' 0 '!=' 0 ']'
+ ping -c 4 172.23.0.1
PING 172.23.0.1 (172.23.0.1) 56(84) bytes of data.

--- 172.23.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3086ms

+ ping -c 4 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=4.44 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=6.42 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=58 time=9.26 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=58 time=9.47 ms

--- 1.1.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 4.435/7.394/9.465/2.088 ms
+ traceroute 1.1.1.1
./networking.sh: line 24: traceroute: command not found
+ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.23.0.1
+ which curl
+ curl -m 5 -v https://microsoft.com
*   Trying 104.215.148.63:443...
* TCP_NODELAY set
* Connected to microsoft.com (104.215.148.63) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=microsoft.com
*  start date: Feb 10 03:42:54 2021 GMT
*  expire date: Feb 10 03:42:54 2022 GMT
*  subjectAltName: host "microsoft.com" matched cert's "microsoft.com"
*  issuer: C=US; O=Microsoft Corporation; CN=Microsoft RSA TLS CA 01
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55dff9526820)
> GET / HTTP/2
> Host: microsoft.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 301
< date: Fri, 04 Jun 2021 02:01:40 GMT
< location: https://www.microsoft.com/
< server: Kestrel
< content-length: 0
<
* Connection #0 to host microsoft.com left intact```

@Apreche
Copy link

Apreche commented Jun 4, 2021

I did some testing and I have confirmed something. There maybe some problem involving the Keychain app. Normally I have keychain in my bashrc so that I start the ssh agent and add my keys the first time I open a terminal, and then it just stays set, until WSL shuts down.

I realized with some experimentation that pip works just fine as long as I do not start the ssh agent with keychain.

I tested starting the ssh-agent by hand without using the keychain app, and pip still worked fine.

This is extremely strange, but extremely consistent behavior.

@OneBlue
Copy link
Collaborator

OneBlue commented Jun 4, 2021

@Apreche: Thanks for the output.

This is interesting, I wonder if pip is somehow trying to interact with ssh-agent ?

Can you share an strace of a pip command that times out ? (strace -f [your-command])

@Apreche
Copy link

Apreche commented Jun 4, 2021

@OneBlue I can now reproduce the problem with just WSL2, pip, and Microsoft Defender firewall. The keychain scenario was happening consistently before. However, now that I can reproduce the issue without it, it's good to know that the core problem lies elsewhere. Best not to be distracted by a possible red herring.

Here is my current situation:

  1. Reboot PC. Windows Defender Firewall is enabled on all networks.
  2. Open Windows terminal with WSL2 (Ubuntu 20.04 LTS)
  3. Try to pip install anything. It just hangs there. Have to stop it with keyboard interrupt.
  4. Other network activity such as curl/ping of popular web sites from within WSL2 works normally
  5. Disable windows defender firewall on public network.
  6. Pip install now works normally. Other network activity still works normally.
  7. Re-enable firewall.
  8. Pip fails again. Other network traffic still works just fine.

I have performed this exact sequence on 2-3 sequential reboots, so it is very reproduceable.

I have produced straces of pip both in the failure case and the success case. You can see the failure case ends with a keyboard interrupt because otherwise it would just hang. It may time out eventually, but I never had the patience to wait that long.

failtrace.txt
goodtrace.txt

@Apreche
Copy link

Apreche commented Jun 4, 2021

I spoke too soon, further discoveries have been made. I got suspicious upon seeing references to X11 in the strace. Why is pip doing anything with X11? It's an entirely CLI program? Regardless, we have a new reproducable pattern.

  1. Windows firewall is on.
  2. DISPLAY environment variable is set. X11 server (VcXsrv) is not running.
  3. pip fails
  4. unset the DISPLAY environment variable.
  5. pip succeeds
  6. set the DISPLAY environment variable, launch the X11 server.
  7. pip succeeds
  8. turn off the X11 server
  9. pip fails

TL;DR: As long as DISPLAY is set if the X11 server is not running, things like this will fail.

I also ran pstree while pip was in its locked/broken state and saw this.

init─┬─init───ssh-agent
     ├─init───init───bash───pip───dbus-launch
     ├─init───init───bash───pstree
     └─2*[{init}]

Therefore I think this issue is very likely related to #2016

That's all the info I have for now.

@Apreche
Copy link

Apreche commented Jun 4, 2021

This issue seems to be the same as well:

pypa/pip#8485

@peschue
Copy link

peschue commented Jun 8, 2021
edited
Loading

I think I have the same issue:

  • deactivating firewall for public makes pip work without delay
  • activating X server makes pip work without delay
  • setting DISPLAY= =setting it to empty makes pip work without delay
  • if firewall is active and X server is not started, pip hangs for a while (around 2 minutes) with dbus-launch as child process

As it is fixable by starting the X server, I think that is fine.

@AloneFancy
Copy link

I am having the same issue up till now. I turned public firewall off but the pip isn't working as people did above.

@mars2nico
Copy link

mars2nico commented Jan 19, 2023
edited
Loading

I am having the same issue up till now. I turned public firewall off but the pip isn't working as people did above.

If the following command would returns NetworkCategory is Private then perhaps you should turn off private firewall instead of public one.
PS> Get-NetConnectionProfile | Select-Object Name, InterfaceAlias, NetworkCategory

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue has been automatically closed since it has not had any activity for the past year. If you're still experiencing this issue please re-file this as a new issue or feature request.

Thank you!

@adriaanph
Copy link

just to confirm the issue or similar is still around, and can be solved by something as simple as
export DISPLAY=

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
network
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@Apreche @peschue @adriaanph @mars2nico @OneBlue @benhillis @alkesander @AloneFancy