dae
dae copied to clipboard
daeuniverse
[Bug Report] Pid matching misfunctions when running dae inside a pid-namespaced container
Checks
- [X] I have searched the existing issues
- [X] I have read the documentation
- [X] Is it your first time sumbitting an issue
Current Behavior
Running dae inside a container with an independent pid namespace leads to infinite loop. This is because cgroup/* bpf programs record host pid while dae setup namespaced pid by os.GetPid().
Likely it's not a bug, as I am not aware of any solution except:
- we match process name instead of pid
- we ditch the pid matching to be in favor of mark matching (to distinguish dae traffic)
Still, the general pid routing fails to work properly when inside a pid-namespaced container.
Not saying we must take care of this, just open an issue for record and awareness.
Expected Behavior
No response
Steps to Reproduce
- Prepare the conf:
global {
tproxy_port: 12345
log_level: trace
wan_interface: auto
allow_insecure: false
}
node {
local: 'socks5://socks5:1080'
}
group {
proxy {
policy: min_moving_avg
}
}
routing {
fallback: proxy
}
- Run dae inside a pid-namespaced container
# assume we have "dae" binary under pwd
docker run -td --name dae --privileged -v $(pwd):/host ubuntu:22.04 bash
docker exec dae mount bpffs -t bpf /sys/fs/bpf
docker exec dae mount -t debugfs none /sys/kernel/debug/
docker exec -it docker exec -it dae /host/dae run -c /host/conf.dae
- dae gets stuck into infinite loop
Environment
-
Dae version (use
dae --version): dae version unstable-20231221.r627.84c8eeb -
OS (e.g
cat /etc/os-release): Ubuntu 22.04.3 LTS -
Kernel (e.g.
uname -a): Linux gray-Latitude-5530 6.2.0-39-generic #40~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 16 10:53:04 UTC 2 x86_64 x86_64 x86_64 GNU/Linux - Others: None
Anything else?
No response
![dae-prow[bot] avatar](https://avatars.githubusercontent.com/in/345419?v=4 "Published by a pub.dev verified publisher"){kind=small}
@sumire88 Not really, this issue if for record and awarenes in case other users hit it.