Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

outbound_addr is not applied #346

Open
gptlang opened this issue May 13, 2024 · 1 comment
Open

outbound_addr is not applied #346

gptlang opened this issue May 13, 2024 · 1 comment

Comments

@gptlang
Copy link

gptlang commented May 13, 2024

I have 2 wireguard connections:

  • wg0 is created by network manager and all traffic on the device goes through it.
  • I create wg1 with the following config:
[Interface]
PrivateKey = xxx
Address = xxx
Table = off

[Peer]
PublicKey = xxx
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = xxx

curl ifconfig.me --interface wg1 works nicely and gives me the correct IP address. I then create a podman container with --network slirp4netns :enable_ipv6=false,outbound_addr=wg1

Inside the container, I run curl ifconfig.me. This returns the IP address of wg0.

Possibly related: #267. I have a feeling this is a routing issue but I'm unsure of how to debug/fix it
@notpeelz
Copy link

notpeelz commented Jun 16, 2024
edited

I'm getting a similar issue with outbound_addr. It works with curl outside the container, but doesn't work inside the container.

Outside the container:

$ curl --interface=wg0 https://ifconfig.me
xxx.xxx.xxx.xxx

Inside the container:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo 
       valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 72:c5:a0:d3:03:73 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.100/24 brd 10.0.2.255 scope global tap0
       valid_lft forever preferred_lft forever
    inet6 fd00::70c5:a0ff:fed3:373/64 scope global dynamic mngtmpaddr proto kernel_ra 
       valid_lft 86343sec preferred_lft 14343sec
    inet6 fe80::70c5:a0ff:fed3:373/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever

$ ip route
default via 10.0.2.2 dev tap0
10.0.2.0/24 dev tap0 proto kernel scope link src 10.0.2.100

$ ping -c1 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 10.0.2.2 icmp_seq=1 Destination Net Unreachable

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

The pwru trace:

$ sudo pwru 'icmp' --output-meta
               SKB    CPU          PROCESS                     FUNC
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]           __ip_local_out netns=4026534322 mark=0x0 iface=0 proto=0x0000 mtu=0 len=84
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]                ip_output netns=4026534322 mark=0x0 iface=0 proto=0x0800 mtu=0 len=84
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]         ip_finish_output netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]       __ip_finish_output netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]        ip_finish_output2 netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]     neigh_resolve_output netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]               eth_header netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]                 skb_push netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]         __dev_queue_xmit netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]      netdev_core_pick_tx netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]          sch_direct_xmit netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]   validate_xmit_skb_list netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]        validate_xmit_skb netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]       netif_skb_features netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]  passthru_features_check netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]     skb_network_protocol netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]       validate_xmit_xfrm netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]      dev_hard_start_xmit netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]   skb_clone_tx_timestamp netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400      9 [/usr/bin/ping:118180]               sock_wfree netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400     14 [/usr/bin/slirp4netns:117955]              consume_skb netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400     14 [/usr/bin/slirp4netns:117955]   skb_release_head_state netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400     14 [/usr/bin/slirp4netns:117955]         skb_release_data netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400     14 [/usr/bin/slirp4netns:117955]            skb_free_head netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9ebc5fa73400     14 [/usr/bin/slirp4netns:117955]             kfree_skbmem netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=98
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]        netif_receive_skb netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]   skb_defer_rx_timestamp netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]      __netif_receive_skb netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955] __netif_receive_skb_one_core netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]                   ip_rcv netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]              ip_rcv_core netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]               sock_wfree netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]     ip_route_input_noref netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]      ip_route_input_slow netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]      fib_validate_source netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]         ip_local_deliver netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]  ip_local_deliver_finish netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=112
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]  ip_protocol_deliver_rcu netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=92
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]        raw_local_deliver netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=92
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]                 icmp_rcv netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=92
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]  __skb_checksum_complete netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=92
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]             icmp_unreach netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]      icmp_socket_deliver netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]           raw_icmp_error netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]                 icmp_err netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]                 ping_err netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]            ip_icmp_error netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]                skb_clone netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8c00     14 [/usr/bin/slirp4netns:117955]                 skb_pull netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8c00     14 [/usr/bin/slirp4netns:117955]       sock_queue_err_skb netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]              consume_skb netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]   skb_release_head_state netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]         skb_release_data netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8100     14 [/usr/bin/slirp4netns:117955]             kfree_skbmem netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=84
0xffff9eb818dc8c00      9 [/usr/bin/ping:118180]    __sock_recv_timestamp netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64
0xffff9eb818dc8c00      9 [/usr/bin/ping:118180]      ip_cmsg_recv_offset netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64
0xffff9eb818dc8c00      9 [/usr/bin/ping:118180]              consume_skb netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64
0xffff9eb818dc8c00      9 [/usr/bin/ping:118180]   skb_release_head_state netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64
0xffff9eb818dc8c00      9 [/usr/bin/ping:118180]           sock_rmem_free netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64
0xffff9eb818dc8c00      9 [/usr/bin/ping:118180]         skb_release_data netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64
0xffff9eb818dc8c00      9 [/usr/bin/ping:118180]            skb_free_head netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64
0xffff9eb818dc8c00      9 [/usr/bin/ping:118180]             kfree_skbmem netns=4026534322 mark=0x0 iface=2(tap0) proto=0x0800 mtu=65520 len=64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@notpeelz @gptlang