Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug Report] Pid matching misfunctions when running dae inside a pid-namespaced container #384

Open
3 tasks done
jschwinger233 opened this issue Dec 28, 2023 · 5 comments
Open
3 tasks done

[Bug Report] Pid matching misfunctions when running dae inside a pid-namespaced container #384

jschwinger233 opened this issue Dec 28, 2023 · 5 comments
Labels
kind/bug-report triage/ongoing-discussion

Comments

@jschwinger233
Copy link
Member

Checks

  • I have searched the existing issues
  • I have read the documentation
  • Is it your first time sumbitting an issue

Current Behavior

Running dae inside a container with an independent pid namespace leads to infinite loop. This is because cgroup/* bpf programs record host pid while dae setup namespaced pid by os.GetPid().

Likely it's not a bug, as I am not aware of any solution except:

  1. we match process name instead of pid
  2. we ditch the pid matching to be in favor of mark matching (to distinguish dae traffic)

Still, the general pid routing fails to work properly when inside a pid-namespaced container.

Not saying we must take care of this, just open an issue for record and awareness.

Expected Behavior

No response

Steps to Reproduce

  1. Prepare the conf:
global {
    tproxy_port: 12345
    log_level: trace
    wan_interface: auto
    allow_insecure: false
}

node {
    local: 'socks5://socks5:1080'
}

group {
    proxy {
        policy: min_moving_avg
    }
}

routing {
    fallback: proxy
}
  1. Run dae inside a pid-namespaced container
# assume we have "dae" binary under pwd
docker run -td --name dae --privileged -v $(pwd):/host ubuntu:22.04 bash
docker exec dae mount bpffs -t bpf /sys/fs/bpf
docker exec dae mount -t debugfs none /sys/kernel/debug/
docker exec -it docker exec -it dae /host/dae run -c /host/conf.dae
  1. dae gets stuck into infinite loop

Environment

  • Dae version (use dae --version): dae version unstable-20231221.r627.84c8eeb
  • OS (e.g cat /etc/os-release): Ubuntu 22.04.3 LTS
  • Kernel (e.g. uname -a): Linux gray-Latitude-5530 6.2.0-39-generic Unix Socket support request #40~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 16 10:53:04 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
  • Others: None

Anything else?

No response
@dae-prow
Copy link
Contributor

dae-prow bot commented Dec 28, 2023

Thanks for opening this issue!

@mzz2017
Copy link
Contributor

mzz2017 commented Dec 28, 2023

image

https://hub.docker.com/r/daeuniverse/dae

Yes. It is what we recommend.

@sumire88
Copy link
Contributor

Running dae inside a container is not recommended.

@sumire88
Copy link
Contributor

Hey @jschwinger233, any updates on this one?

@jschwinger233
Copy link
Member Author

@sumire88 Not really, this issue if for record and awarenes in case other users hit it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug-report triage/ongoing-discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jschwinger233 @mzz2017 @sumire88