Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High Packet Loss Between Android and Linux (avc: denied) #12662

Open
ThisIsCyreX opened this issue Jun 29, 2024 · 2 comments
Open

High Packet Loss Between Android and Linux (avc: denied) #12662

ThisIsCyreX opened this issue Jun 29, 2024 · 2 comments
Labels
bug Bug conndebug needs-triage

Comments

@ThisIsCyreX
Copy link

ThisIsCyreX commented Jun 29, 2024
edited
Loading

What is the issue?

Hello,

I have recently installed Tailscale on multiple devices including Linux, Windows, iOS, and Android.
While the setup works perfectly on all devices, Android has some problems to connect to the Linux machine.
If I ping Android from Linux or vice versa there is a extrem high packet loss, but not constant. Sometimes 400 packets are fine then 50 not, then 300 not.
I disabled UFW and MagicDNS. I tried the v1.69.75 beta.
All is tested on a home network locally on wifi. I tested two different Android devices (LineageOS, and Stock Samsung A50).

This problem is only between Android and Linux. Every other combination do not have problems.

Android on cellular to Linux does work without packet loss.

Thank you very much!

Steps to reproduce

Linux wired. Android on wifi
Install Tailscale on Linux Mint 21.3 curl -fsSL https://tailscale.com/install.sh | sh
Install Tailscale on Android (LineageOS or Samsung)
Login with one user on all of them
From Android: Try to visit the tailscale webserver with http://tailscale-IP-Linux:5252 (could work if the packet loss is not high enough).

Are there any recent changes that introduced the issue?

I'm new to Tailscale, never used it before. Works fine except the issue above.

OS

Linux, Android

OS version

Linux Mint 21.3

Tailscale version

Linux: 1.68.1, Android: 1.68.1 + 1.69.75 (to test)

Other software

Only UFW on Linux, but disabled while testing.

Bug report

Report from Linux after ping and tailscale ping an Android device:

--- tailscale-IP-Android ping statistics ---
100 packets transmitted, 32 received, 68% packet loss, time 100637ms
rtt min/avg/max/mdev = 14.466/65.931/200.228/37.884 ms

pong from Android (tailscale-IP-Android) via [redacted]:51856 in 835ms

BUG-dec91093e13ffb712cbbd1197ea9d914f6a43f8c94a74d8c50b7456ffc6fd53a-20240701080717Z-6a03377ca9c9dca7
Same time from Android:
BUG-3c939a3b286f77b84a300660951478ee03a6ac381b3941ce9f193440f9f75394-20240701080750Z-0f048c9a17f0eaa9
@ThisIsCyreX
Copy link
Author

ThisIsCyreX commented Jun 30, 2024
edited
Loading

/edit
I did some ping tests:

Ping Linux to Android, local IP (wifi)

--- local-IP-Android ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99082ms
rtt min/avg/max/mdev = 7.129/352.525/821.087/240.757 ms

Ping Linux to Android, Tailscale IP (wifi)

--- tailscale-IP-Android ping statistics ---
100 packets transmitted, 61 received, 39% packet loss, time 99986ms
rtt min/avg/max/mdev = 9.716/349.223/1054.919/281.793 ms, pipe 2

Ping Linux to Android, Tailscale IP (cellular)

--- tailscale-IP-Android ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99144ms
rtt min/avg/max/mdev = 36.399/109.349/489.624/93.780 ms

Ping Windows to Android, Tailscale IP (wifi)

Ping statistics for tailscale-IP-Android:
    Packets: Sent = 100, Received = 100, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 8ms, Maximum = 1024ms, Average = 157ms

Ping Linux to iOS, Tailscale IP (wifi)

--- tailscale-IP-iOS ping statistics ---
100 packets transmitted, 94 received, 6% packet loss, time 99259ms
rtt min/avg/max/mdev = 4.273/196.196/1139.671/315.305 ms, pipe 2

Stopped/disabled Docker, UFW and flushed the iptables just in case. But no changes

@ThisIsCyreX ThisIsCyreX changed the title Fresh install. All devices work except from Android to Linux. High Packet Loss Between Android and Linux on Local Network; Cellular Connection Works Fine Jul 1, 2024
@ThisIsCyreX ThisIsCyreX mentioned this issue Jul 1, 2024
Open
@ThisIsCyreX
Copy link
Author

ThisIsCyreX commented Jul 3, 2024
edited
Loading

I checked the Android log with adb logcat -v time | grep GoLog
Opened the adb log and started ping -c 500 tailscale-android-ip from the linux machine.
The ping log runs until package 121 and then time outs/packet loss

[...]
64 bytes from tailscale-android-ip: icmp_seq=114 ttl=64 time=88.4 ms
64 bytes from tailscale-android-ip: icmp_seq=115 ttl=64 time=12.0 ms
64 bytes from tailscale-android-ip: icmp_seq=116 ttl=64 time=102 ms
64 bytes from tailscale-android-ip: icmp_seq=117 ttl=64 time=770 ms
64 bytes from tailscale-android-ip: icmp_seq=118 ttl=64 time=12.8 ms
64 bytes from tailscale-android-ip: icmp_seq=119 ttl=64 time=792 ms
64 bytes from tailscale-android-ip: icmp_seq=120 ttl=64 time=604 ms
64 bytes from tailscale-android-ip: icmp_seq=121 ttl=64 time=117 ms
[...]

The adb log stays until package 121 on this line:

`07-03 08:43:10.252 I/Vpn     ( 5066): Established by com.tailscale.ipn on tun0`

but after 121, for every package (I guess), it says:

7-03 08:47:27.074 W/Thread-19(17700): type=1400 audit(0.0:259357): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:27.078 W/Thread-3(17700): type=1400 audit(0.0:259358): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:29.834 W/Thread-19(17700): type=1400 audit(0.0:259363): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:29.834 W/Thread-19(17700): type=1400 audit(0.0:259364): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:33.070 W/Thread-3(17700): type=1400 audit(0.0:259365): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:33.070 W/Thread-3(17700): type=1400 audit(0.0:259366): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:36.006 W/Thread-3(17700): type=1400 audit(0.0:259375): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:36.006 W/Thread-3(17700): type=1400 audit(0.0:259376): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:39.094 W/Thread-19(17700): type=1400 audit(0.0:259377): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:39.094 W/Thread-19(17700): type=1400 audit(0.0:259378): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 08:47:42.074 W/Thread-3(17700): type=1400 audit(0.0:259379): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 
[...]

Then after some time, it will work again for an unkown number of packages
Here after 121, skips until 180 etc

[...]
64 bytes from tailscale-android-ip: icmp_seq=117 ttl=64 time=770 ms
64 bytes from tailscale-android-ip: icmp_seq=118 ttl=64 time=12.8 ms
64 bytes from tailscale-android-ip: icmp_seq=119 ttl=64 time=792 ms
64 bytes from tailscale-android-ip: icmp_seq=120 ttl=64 time=604 ms
64 bytes from tailscale-android-ip: icmp_seq=121 ttl=64 time=117 ms
64 bytes from tailscale-android-ip: icmp_seq=180 ttl=64 time=126655 ms
64 bytes from tailscale-android-ip: icmp_seq=181 ttl=64 time=125631 ms
64 bytes from tailscale-android-ip: icmp_seq=182 ttl=64 time=124606 ms
64 bytes from tailscale-android-ip: icmp_seq=183 ttl=64 time=123584 ms
64 bytes from tailscale-android-ip: icmp_seq=184 ttl=64 time=122560 ms
64 bytes from tailscale-android-ip: icmp_seq=185 ttl=64 time=121536 ms
64 bytes from tailscale-android-ip: icmp_seq=186 ttl=64 time=120518 ms
[...]
--- tailscale-android-ip ping statistics ---
500 packets transmitted, 196 received, 60.8% packet loss, time 508172ms
rtt min/avg/max/mdev = 10.175/31755.019/126654.526/44331.704 ms, pipe 124

This is LineageOS 20, Android version 13. Tailscale 1.68.1

//edit:

With $ setenforce 0 the adb log is now much cleaner, but same high packet loss. 169 lost of 500 sent.

07-03 11:01:14.130 I/Thread-11(23077): type=1400 audit(0.0:265744): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=1 bug=b/155595000 app=com.tailscale.ipn
07-03 11:05:14.234 I/Thread-8(23077): type=1400 audit(0.0:265748): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=1 bug=b/155595000 app=com.tailscale.ipn
07-03 11:10:14.050 I/Thread-8(23077): type=1400 audit(0.0:265752): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=1 bug=b/155595000 app=com.tailscale.ipn

//edit2:
Ping from Windows to Android:

Ping statistics for tailscale-android-ip:
    Packets: Sent = 500, Received = 500, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 7ms, Maximum = 2307ms, Average = 291ms

adb logs:

07-03 11:32:47.114 W/Thread-12(23077): type=1400 audit(0.0:266599): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:33:47.154 W/Thread-12(23077): type=1400 audit(0.0:266656): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:34:47.158 W/Thread-11(23077): type=1400 audit(0.0:266697): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:35:47.182 W/Thread-3(23077): type=1400 audit(0.0:266722): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:36:47.202 W/Thread-11(23077): type=1400 audit(0.0:266747): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:37:47.226 W/Thread-12(23077): type=1400 audit(0.0:266772): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:38:47.250 W/Thread-3(23077): type=1400 audit(0.0:266797): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:39:47.274 W/Thread-11(23077): type=1400 audit(0.0:266822): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:40:47.298 W/Thread-7(23077): type=1400 audit(0.0:266847): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn
07-03 11:41:47.322 W/Thread-7(23077): type=1400 audit(0.0:266872): avc: denied { bind } for scontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c2,c257,c512,c768 tclass=netlink_route_socket permissive=0 bug=b/155595000 app=com.tailscale.ipn

I guess the adb warning is not the problem here..?

/edit3:
Tried now with
Samsung S9+, LineageOS 20, Android 13
Samsung A50 Stock, Android 11
Samsung S23 Stock, Android 14
all have the same issue

@ThisIsCyreX ThisIsCyreX changed the title High Packet Loss Between Android and Linux on Local Network; Cellular Connection Works Fine High Packet Loss Between Android and Linux (avc: denied) Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug conndebug needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bradfitz @ThisIsCyreX