From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Wang Jian <larkwang@gmail.com>,
WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: soft lockup - may be related to wireguard (backported)
Date: Mon, 4 May 2020 16:28:46 -0600 [thread overview]
Message-ID: <a0985c12-6360-b192-1884-1d58db763a78@zx2c4.com> (raw)
In-Reply-To: <CAF75rJBKTbaK6CEQcmto=YcgA5NGrG85jSvSrYZpQV-L1xFMww@mail.gmail.com>
On 5/4/20 6:49 AM, Wang Jian wrote:
> Jason A. Donenfeld <Jason@zx2c4.com> 于2020年5月4日周一 下午1:26写道:
>>
>> Are you routing wireguard over wireguard, or something interesting
like that?
>>
>> Is ipsec being used?
>
> I don't think I have any fancy use cases. But wireguard over pppoe?
>
> Other details are
> - nftable's iptables compatible mode is used, along with ipset
> - pppoe link is default route, and wg-quick is configured to install
> additional default route into new created routing table (2000)
> - ipset matches are used to MARK traffic to specific destinations in
> mangle table, PREROUTING & OUTPUT, for both v4 and v6
> - ip rules are added to match the fwmark and lookup new routing table
> (2000, so go out via wireguard interface) for forwarded traffic and
> output traffic
Can you send full networking configuration in enough detail that I'll be
able to reliably reproduce this problem? If I can't reproduce it, it's
unlikely I'll be able to fix it.
Meanwhile, it really really looks from your stacktrace that you have one
wireguard interface going over another wireguard interface:
[27929.506367] wg_packet_send_staged_packets+0x320/0x5d0 [wireguard]
[27929.506426] wg_xmit+0x324/0x490 [wireguard]
[27929.506469] dev_hard_start_xmit+0x8d/0x1e0
[27929.506508] __dev_queue_xmit+0x721/0x8e0
[27929.506549] ip_finish_output2+0x19b/0x590
[27929.506604] ? nf_confirm+0xcb/0xf0 [nf_conntrack]
[27929.506648] ip_output+0x76/0xf0
[27929.506681] ? __ip_finish_output+0x1c0/0x1c0
[27929.506720] iptunnel_xmit+0x174/0x210
[27929.506761] send4+0x120/0x390 [wireguard]
[27929.506806] wg_socket_send_skb_to_peer+0x98/0xb0 [wireguard]
[27929.506860] wg_packet_tx_worker+0xa9/0x210 [wireguard]
Here, a wireguard encrypted udp packet is being sent to an endpoint that
then is being routed to a wireguard interface. What in your network
config would make that possible?
Jason
next prev parent reply other threads:[~2020-05-04 22:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-04 3:55 Wang Jian
2020-05-04 5:26 ` Jason A. Donenfeld
2020-05-04 12:49 ` Wang Jian
2020-05-04 13:49 ` Alex Xu (Hello71)
2020-05-04 16:51 ` Wang Jian
2020-05-04 10:47 ` Serge Belyshev
2020-05-04 22:55 ` Jason A. Donenfeld
2020-05-04 22:28 ` Jason A. Donenfeld [this message]
2020-05-05 6:54 ` Wang Jian
2020-05-05 0:05 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0985c12-6360-b192-1884-1d58db763a78@zx2c4.com \
--to=jason@zx2c4.com \
--cc=larkwang@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).