search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
10.78k stars 486 forks source link

Docker version has stopped for a long time #1041

Open aston314 opened 1 year ago

aston314 commented 1 year ago

stderr: 2023-08-02T00:05:37Z ERRO client/internal/wgproxy/factory_linux.go:15: failed to initialize ebpf proxy: field XdpProgFunc: program xdp_prog_func: map .rodata: map create: read- and write-only maps not supported (requires >= v5.2) stderr: panic: runtime error: invalid memory address or nil pointer dereference stderr: [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x796d00] stderr: stderr: goroutine 1 [running]: stderr: github.com/coreos/go-iptables/iptables.(IPTables).runWithOutput(0x0, {0x400094a480, 0x3, 0x7f91b93f18?}, {0xd4e6e0, 0x400094a4b0}) stderr: /home/runner/go/pkg/mod/github.com/coreos/go-iptables@v0.6.0/iptables/iptables.go:497 +0x50 stderr: github.com/coreos/go-iptables/iptables.(IPTables).executeList(0x7f6a728648?, {0x400094a480, 0x3, 0x3}) stderr: /home/runner/go/pkg/mod/github.com/coreos/go-iptables@v0.6.0/iptables/iptables.go:399 +0x58 stderr: github.com/coreos/go-iptables/iptables.(IPTables).ListChains(0xd5b8e8?, {0xbbf303, 0x6}) stderr: /home/runner/go/pkg/mod/github.com/coreos/go-iptables@v0.6.0/iptables/iptables.go:238 +0x98 stderr: github.com/netbirdio/netbird/client/internal/routemanager.isIptablesClientAvailable(...) stderr: /home/runner/work/netbird/netbird/client/internal/routemanager/iptables_linux.go:480 stderr: github.com/netbirdio/netbird/client/internal/routemanager.newIptablesManager({0xd5b8e8?, 0x40000f8eb0?}) stderr: /home/runner/work/netbird/netbird/client/internal/routemanager/iptables_linux.go:55 +0x4c stderr: github.com/netbirdio/netbird/client/internal/routemanager.NewFirewall({0xd5b8e8, 0x40000f8eb0}) stderr: /home/runner/work/netbird/netbird/client/internal/routemanager/firewall_linux.go:37 +0x70 stderr: github.com/netbirdio/netbird/client/internal/routemanager.newServerRouter(...) stderr: /home/runner/work/netbird/netbird/client/internal/routemanager/server_nonandroid.go:28 stderr: github.com/netbirdio/netbird/client/internal/routemanager.NewManager({0xd5b8e8?, 0x40000f8eb0}, {0x40007157a0, 0x2c}, 0x4000727540, 0x40000e28c0, {0x400000e028?, 0xd68120?, 0x4000722af0?}) stderr: /home/runner/work/netbird/netbird/client/internal/routemanager/manager.go:45 +0x60 stderr: github.com/netbirdio/netbird/client/internal.(Engine).Start(0x400083c9a0) stderr: /home/runner/work/netbird/netbird/client/internal/engine.go:217 +0x2d4 stderr: github.com/netbirdio/netbird/client/internal.runClient.func2() stderr: /home/runner/work/netbird/netbird/client/internal/connect.go:173 +0x8ec stderr: github.com/cenkalti/backoff/v4.RetryNotifyWithTimer(0x40007bfa90, {0xd545b0, 0x40005cbe00}, 0x0, {0x0?, 0x0?}) stderr: /home/runner/go/pkg/mod/github.com/cenkalti/backoff/v4@v4.1.3/retry.go:55 +0xc8 stderr: github.com/cenkalti/backoff/v4.RetryNotify(...) stderr: /home/runner/go/pkg/mod/github.com/cenkalti/backoff/v4@v4.1.3/retry.go:34 stderr: github.com/cenkalti/backoff/v4.Retry(...) stderr: /home/runner/go/pkg/mod/github.com/cenkalti/backoff/v4@v4.1.3/retry.go:28 stderr: github.com/netbirdio/netbird/client/internal.runClient({0xd5b8e8, 0x40000f8e60}, 0x40006d4b40, 0x40000e28c0, {{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, ...}) stderr: /home/runner/work/netbird/netbird/client/internal/connect.go:204 +0x2e8 stderr: github.com/netbirdio/netbird/client/internal.RunClient(...) stderr: /home/runner/work/netbird/netbird/client/internal/connect.go:29 stderr: github.com/netbirdio/netbird/client/cmd.runInForegroundMode({0xd5b990, 0x40006e6330}, 0x9d6aa0?) stderr: /home/runner/work/netbird/netbird/client/cmd/up.go:107 +0x354 stderr: github.com/netbirdio/netbird/client/cmd.upFunc(0x14da900, {0xbbbfd3?, 0x0?, 0x0?}) stderr: /home/runner/work/netbird/netbird/client/cmd/up.go:65 +0x1d4 stderr: github.com/spf13/cobra.(Command).execute(0x14da900, {0x1a50098, 0x0, 0x0}) stderr: /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.6.1/command.go:916 +0x5c4 stderr: github.com/spf13/cobra.(Command).ExecuteC(0x14d97c0) stderr: /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.6.1/command.go:1044 +0x340 stderr: github.com/spf13/cobra.(*Command).Execute(...) stderr: /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.6.1/command.go:968 stderr: github.com/netbirdio/netbird/client/cmd.Execute(...) stderr: /home/runner/work/netbird/netbird/client/cmd/root.go:62 stderr: main.main() stderr: /home/runner/work/netbird/netbird/client/main.go:10 +0

mlsmaycon commented 1 year ago

Hello @aston314 , it seems to be a problem related to the route manager's use of IPtables which is the secondary option as we try to use nftables first.

Is this happening with earlier versions of the client? Have you tested the tag 0.21.11?

To help us troubleshoot, can you share your OS name and version, the docker run command or declaration, and the output of the commands below:

Kernel version:

uname -a

Kernel modules

sudo lsmod
aston314 commented 1 year ago

Linux ARS2 4.9.282+ #0 SMP Thu Mar 17 05:21:06 2022 aarch64 GNU/Linux

act_connmark 2942 0 act_csum 5374 0 act_gact 3198 0 act_ipt 4478 0 act_mirred 4094 0 act_pedit 3966 0 act_police 3838 0 act_simple 2814 0 act_skbedit 3070 0 ah4 5366 0 ah6 5238 0 arp_tables 13690 1 arptable_filter arpt_mangle 1526 0 arptable_filter 1398 0 asix 23356 0 ax88179_178a 13558 0 bonding 98630 0 br_netfilter 13154 0 cdc_eem 2678 0 cdc_ether 5584 1 rndis_host cdc_mbim 5494 0 cdc_ncm 15110 2 cdc_mbim,huawei_cdc_ncm cdc_subset 2678 0 cdc_wdm 9899 3 cdc_mbim,qmi_wwan,huawei_cdc_ncm ch341 4982 0 cls_basic 3958 0 cls_flow 6518 0 cls_flower 8950 0 cls_fw 4470 0 cls_matchall 2934 0 cls_route 5758 0 cls_tcindex 5494 0 compat_xtables 1110 0 cp210x 11510 0 cryptodev 35726 0 deflate 2038 0 dm9601 6134 0 dummy 3062 0 dwc2 115953 0 ebt_802_3 1270 0 ebt_among 3062 0 ebt_limit 1662 0 ebt_mark 1681 0 ebt_mark_m 1809 0 ebt_pkttype 1142 0 ebt_redirect 1526 0 ebt_stp 2294 0 ebt_vlan 1526 0 ebtable_broute 1526 0 ebtable_filter 1782 0 ebtable_nat 1782 0 ebtables 24334 3 ebtable_nat,ebtable_filter,ebtable_broute ehci_platform 5750 0 em_ipset 1782 0 esp6 5622 0 evdev 12561 0 exfat 55811 0 garmin_gps 8054 0 gpio_button_hotplug 7926 0 gpio_fan 6006 0 gre 2801 2 pptp,ip_gre hso 28526 0 huawei_cdc_ncm 2422 0 hwmon 8487 1 gpio_fan ifb 3830 0 input_core 29071 2 evdev,input_polldev input_polldev 3264 0 ip_gre 11171 0 ip_set 23590 17 em_ipset,xt_set,ip_set_list_set,ip_set_hash_netportnet,ip_set_hash_netport,ip_set_hash_netnet,ip_set_hash_netiface,ip_set_hash_net,ip_set_hash_mac,ip_set_hash_ipportnet,ip_set_hash_ipportip,ip_set_hash_ipport,ip_set_hash_ipmark,ip_set_hash_ip,ip_set_bitmap_port,ip_set_bitmap_ipmac,ip_set_bitmap_ip ip_set_bitmap_ip 6518 0 ip_set_bitmap_ipmac 6518 0 ip_set_bitmap_port 5622 0 ip_set_hash_ip 17654 0 ip_set_hash_ipmark 17654 0 ip_set_hash_ipport 18422 0 ip_set_hash_ipportip 19190 0 ip_set_hash_ipportnet 23286 0 ip_set_hash_mac 9462 0 ip_set_hash_net 20854 3 ip_set_hash_netiface 22902 0 ip_set_hash_netnet 23158 0 ip_set_hash_netport 22134 0 ip_set_hash_netportnet 24310 0 ip_set_list_set 6646 0 ip_tables 15782 5 iptable_nat,iptable_raw,iptable_mangle,iptable_filter ip6t_MASQUERADE 1142 1 ip6t_NPT 2166 0 ip6t_REJECT 1526 2 ip6t_ah 1398 0 ip6t_eui64 1398 0 ip6t_frag 1398 0 ip6t_hbh 1910 0 ip6t_ipv6header 1654 0 ip6t_mh 1270 0 ip6t_rt 2038 0 ip6table_filter 1526 1 ip6table_mangle 1654 1 ip6table_nat 1782 1 ipcomp 2166 0 ipcomp6 2294 0 ipheth 6262 0 ipt_ECN 1910 0 ipt_MASQUERADE 1270 51 ipt_REJECT 1526 3 ipt_ah 1270 0 iptable_filter 1654 1 iptable_mangle 1654 1 iptable_nat 1782 1 iptable_raw 1398 1 kalmia 3318 0 kaweth 10230 0 l2tp_ppp 16025 0 ledtrig_gpio 2678 0 ledtrig_usbport 2814 0 libphy 29899 1 asix mcs7830 5238 0 mii 4347 8 sr9700,smsc95xx,mcs7830,dm9601,ax88179_178a,asix,usbnet,pegasus nat46 24829 0 nf_conntrack_amanda 2550 2 nf_nat_amanda nf_conntrack_broadcast 1384 1 nf_conntrack_snmp nf_conntrack_ftp 6547 2 nf_nat_ftp nf_conntrack_h323 40016 3 nf_nat_h323 nf_conntrack_ipv4 6417 26 nf_conntrack_ipv6 6801 7 nf_conntrack_irc 3867 2 nf_nat_irc nf_conntrack_netlink 22553 0 nf_conntrack_pptp 3993 2 nf_nat_pptp nf_conntrack_proto_gre 3412 1 nf_conntrack_pptp nf_conntrack_rtcache 3062 0 nf_conntrack_sip 20504 3 nf_nat_sip nf_conntrack_snmp 1406 2 nf_nat_snmp_basic nf_conntrack_tftp 3955 2 nf_nat_tftp nf_defrag_ipv4 1444 3 xt_socket,xt_TPROXY,nf_conntrack_ipv4 nf_defrag_ipv6 5831 3 xt_socket,xt_TPROXY,nf_conntrack_ipv6 nf_log_common 3125 2 nf_log_ipv4,nf_log_ipv6 nf_log_ipv4 4086 0 nf_log_ipv6 4214 0 nf_nat 11609 16 xt_FULLCONENAT,nf_nat_pptp,xt_nat,xt_NETMAP,nf_nat_tftp,nf_nat_sip,nf_nat_redirect,nf_nat_proto_gre,nf_nat_masquerade_ipv4,nf_nat_irc,nf_nat_ipv4,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_nat_ipv6,nf_nat_masquerade_ipv6 nf_nat_amanda 1398 0 nf_nat_ftp 1910 0 nf_nat_h323 5622 0 nf_nat_ipv4 4594 1 iptable_nat nf_nat_ipv6 4980 1 ip6table_nat nf_nat_irc 1654 0 nf_nat_masquerade_ipv4 2031 1 ipt_MASQUERADE nf_nat_masquerade_ipv6 2551 1 ip6t_MASQUERADE nf_nat_pptp 2038 0 nf_nat_proto_gre 1446 1 nf_nat_pptp nf_nat_redirect 1678 1 xt_REDIRECT nf_nat_sip 7926 0 nf_nat_snmp_basic 6689 0 nf_nat_tftp 1142 0 nf_reject_ipv4 2702 1 ipt_REJECT nf_reject_ipv6 2963 1 ip6t_REJECT nfnetlink 5389 3 nf_conntrack_netlink,ip_set ntfs3 174605 0 pegasus 16014 0 pl2303 8566 0 plusb 1654 0 ppp_async 7833 0 ppp_generic 25227 10 pppoe,ppp_async,l2tp_ppp,pptp,pppox,ppp_mppe ppp_mppe 6014 0 pppoe 9489 2 pppox 2198 3 pppoe,l2tp_ppp,pptp pptp 14505 0 qmi_wwan 16758 0 rndis_host 5855 0 rpcsec_gss_krb5 20661 0 rtk_crypto 13916 0 rtl8150 8950 0 sch_cake 24638 0 sch_codel 4982 0 sch_dsmark 4854 0 sch_fq 6854 0 sch_gred 6774 0 sch_hfsc 10742 0 sch_ingress 2038 0 sch_mqprio 4214 0 sch_multiq 3958 0 sch_pie 4470 0 sch_prio 3830 0 sch_red 4982 0 sch_sfq 8950 0 sch_tbf 5494 0 sch_teql 4470 0 sctp 213710 40 sha512_generic 5583 0 sierra_net 7294 0 sit 14225 0 slhc 5390 1 ppp_generic smsc95xx 17142 0 sr9700 5494 0 tunnel4 2388 2 sit,xfrm4_tunnel tunnel6 2516 1 xfrm6_tunnel ums_alauda 9022 0 ums_cypress 3134 0 ums_datafab 5694 0 ums_freecom 2878 0 ums_isd200 7286 0 ums_jumpshot 4542 0 ums_karma 2494 0 ums_sddr09 9926 0 ums_sddr55 6206 0 ums_usbat 8262 0 usbip_core 5819 2 vhci_hcd,usbip_host usbip_host 14366 0 usblp 10230 0 usbnet 18908 17 cdc_mbim,sr9700,smsc95xx,sierra_net,rndis_host,qmi_wwan,plusb,mcs7830,kalmia,huawei_cdc_ncm,dm9601,cdc_subset,cdc_ncm,cdc_ether,cdc_eem,ax88179_178a,asix usbserial 20871 4 pl2303,garmin_gps,cp210x,ch341 vhci_hcd 16025 0 vxlan 30639 0 wireguard 95638 0 xfrm_ipcomp 3936 2 ipcomp6,ipcomp xfrm4_mode_beet 2038 0 xfrm4_mode_transport 1270 0 xfrm4_mode_tunnel 1910 0 xfrm4_tunnel 1782 0 xfrm6_mode_beet 1782 0 xfrm6_mode_transport 1398 0 xfrm6_mode_tunnel 1782 0 xfrm6_tunnel 2909 1 ipcomp6 xt_CLASSIFY 1270 0 xt_CT 3446 10 xt_DSCP 2422 0 xt_FULLCONENAT 43027 2 xt_HL 1910 0 xt_IPMARK 1526 0 xt_LOG 1398 0 xt_NETMAP 1755 0 xt_REDIRECT 1398 5 xt_TCPMSS 3318 8 xt_TPROXY 4854 1 xt_addrtype 2934 2 xt_bpf 1910 0 xt_comment 1142190 xt_connbytes 1782 0 xt_connlimit 5118 0 xt_connmark 1782 0 xt_conntrack 2934 21 xt_dscp 1782 0 xt_ecn 1910 0 xt_esp 1398 0 xt_helper 1398 0 xt_hl 1526 0 xt_iface 1526 0 xt_iprange 1782 0 xt_length 1398 0 xt_limit 2046 20 xt_mac 1270 0 xt_mark 1270 6 xt_multiport 1782 0 xt_nat 1910 71 xt_owner 1782 0 xt_physdev 1782 0 xt_pkttype 1270 0 xt_policy 2422 0 xt_quota 1398 0 xt_recent 7934 0 xt_set 7414 7 xt_socket 4704 0 xt_state 1398 0 xt_statistic 1398 0 xt_string 1398 0 xt_tcpmss 1654 0 xt_time 2294 0

gigovich commented 1 year ago

@aston314 could you please install nftables package on the host machine and restart the container?

aston314 commented 1 year ago

I don’t know what nftables is.

aston314 commented 1 year ago

0.21.8 docker works fine.

gigovich commented 1 year ago

@aston314 if you try to run the docker container with NB_WG_KERNEL_DISABLED=true it could help.

To do this please use -e NB_WG_KERNEL_DISABLED=true command line argument for the docker run command.

aston314 commented 1 year ago

Not work.