search

systemd / systemd

The systemd System and Service Manager
https://systemd.io
GNU General Public License v2.0
13.16k stars 3.76k forks source link

networkd: unclear error log when IP masquerading module missing #33311

Open smopucilowski opened 3 months ago

smopucilowski commented 3 months ago

systemd version the issue has been seen with

255

Used distribution

archlinux

Linux kernel version used

6.9.4-arch1-1

CPU architectures issue was seen on

x86_64

Component

systemd-networkd

Expected behaviour you didn't see

When a kernel version is bumped by the package manager --- in this case pacman --- the module path changes. Consequently, modules that are dynamically loaded on-demand are reported as missing.

In this particular case, the package manager upgraded my kernel prior to be spawning a container. The container is unable to talk to the outside world, and the following message is logged:

Jun 14 16:43:10 lappie systemd-networkd[688]: ve-container: Could not enable IP masquerading: No such file or directory

In isolation this error message is puzzling. Perhaps it might be nice to say nft_masq is missing or not compiled in.

Unexpected behaviour you saw

Puzzling log message as above.

Steps to reproduce the problem

Spawn a container with the kernel module nft_masq unloaded available but not present.

Additional program output to the terminal or log subsystem illustrating the issue

No response

yuwata commented 3 months ago

Could you elaborate more what you did? Did you remove kernel modules for running kernel??

smopucilowski commented 3 months ago

Sure.

On a fresh boot in the mornings, I like to run an update on my multi-boot machine. I typically boot into arch and run the usual pacman -Syu. I would then update the local gentoo install by not reboot into it, but systemd-nspawning it as a container and running emerge --sync && emerge -DuqN @world.

Under arch, if there is a kernel update, prior to spawning the local gentoo container, the path to modules gets removed. For example, if 6.9.4.arch1-1 gets version bumped to 6.9.5.arch1-1, the module path /lib/modules/6.9.4.arch1-1 ceases to exist and is replaced with /lib/modules/6.9.5.arch1-1.

If I then spawn the local gentoo container, with a basic default configuration the transient link veth-gentoo is created and assigned an address. However, masquerading fails to be enabled, as the kernel masquerade modules are dynamically loaded on-demand, however they aren't in the expected old /lib/modules/6.9.4.arch1-1 path.

This gives rise to the journal message:

Jun 14 16:43:10 lappie systemd-networkd[688]: ve-container: Could not enable IP masquerading: No such file or directory

I resolve it by rebooting, and in the future spawn local containers prior to updating kernels.