New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug - SAM: I2Pd, Stream and Datagram forwarding fails on hosts having multiple interfaces (C++, Boost ASIO related) #1778
Comments
So, you have multiple local interface and forwarding fails? |
Sorry took a bit - had to enable debug logging (can be reproduced using the docker compose file above and some additional efforts to create SAM sessions). Now, more analysis data from the debug logs, i2p.http.-container:
and from the i2p.udp.-container
Now, the output from the web console (like:
Same kind of console output for the http stream forward (
Result: IP is wrong, forwarding is broken. ConclusionSo, the connection handshake sees the gateway IP. This is reasonable from a networking point of view. Then the session seems to store this IP as a "forward" IP. This is IMHO wrong in the case where a HOST param gets passed to either the SESSION CREATE or the STREAM FORWARD command. Potential FixRemark: untested (only true for docker containers, and AFAIK only possible on Linux) Some Suggestions and thoughtsIMHO the recognition of the HOST param has to be fixed sooner or later (see specs at https://geti2p.net/en/docs/api/samv3, section "SAM Virtual Streams : FORWARD" for streams and same is true for DATAGRAM). The "automatic" derivation of a forward IP from the session handshake goes wrong on some systems with a more complex network interface setup. |
Update 1: "potential fix" has no effect (it's not related to ip forwarding at all). Update 2: it is related to iptables though. Assume a rule on any given linux host system (example of an extract of "/etc/iptables/rules.v4"): |
How to reproduce (to have multiple interfaces, like virtual interfaces and bridges on a system):
a) Docker container setup, see below "docker compose", as an example to reproduce the bug
b) create some SAM sessions just using 1..n other containers on the same docker network (called "network.local.testnet.diva.i2p" in the reproduction example below).
Problem/Bug:
Sending a "SESSION CREATE ... STYLE=DATAGRAM PORT=17468 HOST=172.19.72.21 ..." to SAM might (depending on the number of interfaces on the system [and it's enumeration]) lead to a wrong forward IP (like: it takes the gateway ip where the traffic is coming from, like 172.19.72.1 in this specific example, instead of the "real" local ip, which is 172.19.72.21 in this example). This is fatal, since it breaks the SAM communication.
Please note: I do not know much about C++... just able to read and +/- understand the code.
I believe that this line here is the problem:
i2pd/libi2pd_client/SAM.cpp
Line 374 in 6b4ffcf
BTW: same is true for STREAM FORWARD - but I really wonder where in the code, the "HOST" param gets processed during the STREAM FORWARD command. Method, see:
i2pd/libi2pd_client/SAM.cpp
Line 604 in 6b4ffcf
I also believe that this is a generic problem of boost/ASIO on systems with many interfaces. I am not totally sure, but it might be worth looking at how boost/ASIO gets the "real" local IP.
Fact: on some systems the same setup works, on other systems it does not. Therefore I see the bug related to boost/ASIO and the way the network interfaces are handled.
Docker compose file to reproduce the bug:
The text was updated successfully, but these errors were encountered: