Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change veth pair ip #7459

Merged
merged 5 commits into from
Sep 12, 2024
Merged

Change veth pair ip #7459

merged 5 commits into from
Sep 12, 2024

Conversation

Nino-K
Copy link
Member

@Nino-K Nino-K commented Sep 11, 2024

Changes the IP Addresses for the veth pair to reduce collision with users' existing network.

Fixes: #7383

Copy link
Contributor

@mook-as mook-as left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not quite sure this is correct; going to run in and poke at the live environment then approve if everything works fine.

@@ -37,7 +37,7 @@ var (
const (
defaultLogPath = "/var/log/wsl-proxy.log"
defaultSocket = "/run/wsl-proxy.sock"
bridgeIPAddr = "192.168.1.2"
bridgeIPAddr = "192.168.143.2"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So if I understand this correctly, it used to talk to the namespace veth, but it now talks to the WSL veth?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this is the wrong address; it needs to talk to the namespace veth instead.

time="2024-09-12T12:16:30-07:00" level=debug msg="received the following port: [80] from portMapping: {Remove:false Ports:map[80/tcp:[{HostIP:0.0.0.0 HostPort:80}]] ConnectAddrs:[]}"
time="2024-09-12T12:16:56-07:00" level=debug msg="port proxy accepted connection from 127.0.0.1:53706"
time="2024-09-12T12:16:56-07:00" level=error msg="Failed to dial upstream 192.168.143.2:80: dial tcp 192.168.143.2:80: connect: connection refused"
# curl --head 192.168.143.1
HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Thu, 12 Sep 2024 19:18:38 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Mon, 12 Aug 2024 14:28:31 GMT
Connection: keep-alive
ETag: "66ba1c0f-267"
Accept-Ranges: bytes

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I missed the last octet.

Copy link
Contributor

@mook-as mook-as left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just realized that at a minimum we still have to edit the PR for missing some instances of the IP address:


- **upstreamAddress**: This is the IP address associated with the upstream server to use. It corresponds to the address of the veth pair connecting the default namespace to the network namespace, specifically `veth-rd1`. The default value is `192.168.1.2`.

k3sConf.ADDITIONAL_ARGS += ' --tls-san 192.168.1.2';

And since we inverted veth-rd0 and veth-rd0, we need to update the docs:


@Nino-K
Copy link
Member Author

Nino-K commented Sep 12, 2024

Not quite sure this is correct; going to run in and poke at the live environment then approve if everything works fine.

I toggled the veth pair around, I will rename it for clarity.

Copy link
Contributor

@mook-as mook-as left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now we need to update even more docs ;)

  • Additionally, it calls unshare with provided arguments through [---unshare-args](https://github.com/rancher-sandbox/rancher-desktop/blob/6abacdc804d6414f17439a97f22e0c9c87f6249d/cmd/network/setup_linux.go#L272). The process also establishes a Virtual Ethernet pair consisting of two endpoints: `veth-rd0` and `veth-rd1`. `veth-rd0` resides within the default namespace and is configured to listen on the IP address `192.168.1.1`. Conversely, `veth-rd1` is located within a network namespace and is assigned the IP address `192.168.1.2`. The virtual Ethernet pair allows accessibility from the default network into the network namespace, which is particularly useful when WSL integration is enabled.

    (veth-* and 192.168.1.*)
  • Once the network-setup starts the `vm-switch` process in the new namespace, the `vm-switch` creates a tap device (`eth0`) and a loopback device (`lo`). When the `eth0` tap device is successfully created, it uses the `DHCP` client to acquire an IP address within the defined range from the `DHCP` server. Once the `eth0` tap device is up and running, the kernel forwards all raw Ethernet frames originating from the network namespace to the tap device. In addition to the traffic from the network namespace, the kernel also forwards all the traffic that arrives at `veth-rd1` from its pair, `veth-rd0`, in the default namespace.

    (veth-*)

@@ -47,7 +47,7 @@ portForwarding["Port Forwarding"]
`host-switch` runs on the Windows host and acts as a receiver for all traffic originating from the network namespace within the WSL VM. It performs a handshake to find the right VM to talk to over `AF_VSOCK`. Once a correct VM is found, it then listens for the incoming traffic from that VM. In addition to this, it can provide a DNS resolver that runs in the user space network along with an API that allows for dynamic port forwarding.

## network-setup
Its main responsibility is to respond to the handshake request from the `host-switch.exe`, create a network namespace and start the `vm-switch` subprocess in the newly created network namespace. In addition, it also calls unshare with provided arguments through `--unshare-args`. Below is a sequence diagram demonstrating the process. The process also establishes a Virtual Ethernet pair consisting of two endpoints: `veth-rd0` and `veth-rd1`. `veth-rd0` resides within the default namespace and is configured to listen on the IP address `192.168.1.1`. Conversely, `veth-rd1` is located within a network namespace and is assigned the IP address `192.168.1.2`.
Its main responsibility is to respond to the handshake request from the `host-switch.exe`, create a network namespace and start the `vm-switch` subprocess in the newly created network namespace. In addition, it also calls unshare with provided arguments through `--unshare-args`. Below is a sequence diagram demonstrating the process. The process also establishes a Virtual Ethernet pair consisting of two endpoints: `veth-rd0` and `veth-rd1`. `veth-rd1` resides within the WSL's default namespace and is configured to listen on the IP address `192.168.143.2`. Conversely, `veth-rd0` is located within a network namespace and is assigned the IP address `192.168.143.1`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

veth-* names need to be changed here.

Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
mook-as
mook-as previously approved these changes Sep 12, 2024
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
@Nino-K Nino-K merged commit bcac1f4 into main Sep 12, 2024
27 checks passed
@Nino-K Nino-K deleted the change-veth-pair-ip branch September 12, 2024 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bridge network IP addresses collides with users' network.
2 participants