Support monitoring wireguard events

[ciarand]

I have a wireguard network with two defined peers. I was hoping to use sysdig to examine the traffic (even if it's just "received X bytes from peer with address Y"). Unfortunately I haven't been able to get sysdig to do anything except ignore these connections. Tcpdump works as expected.

Here's what I tried (all examples running from the "server" that forwards incoming traffic from the remote "client" peer):

$ sysdig 'evt.is_io=true'
# (nothing relevant gets printed here)

On the other hand, tcpdump -i any 'src ${MY_PEER_IP}' does print the expected events. And because tcpdump produces I/O events you can see where sysdig is missing these packets:

$ sysdig 'evt.is_io=true'
15270 16:40:45.023115699 1 tcpdump (1503) < write res=89 data=16:40:44.952576 IP
example.com > ${MY_PEER_IP}53386: 27145 NXDomain 0/ 

Is this somehow related to sysdig not being able to monitor the in-kernel wireguard implementation? Is there a magic set of flags I can provide sysdig for it to be able to do the same thing tcpdump can?

[ciarand]

alternatively: is this supposed to work and I have just made some sort of mistake configuring my system that is preventing sysdig from doing its thing?

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.