Despite 212317 i am "now" seeing another problem which i am pretty sure was not there "a few weeks ago". In a box started via ip netns exec secweb /usr/bin/env -i TERM=screen-256color /usr/bin/unshare --ipc --uts --pid --fork --mount --mount-proc --kill-child --root=/tmp/ports-2BiE7A/root /init where secweb is a namespaced with routes default dev wgsewe scope link 10.4.0.8/30 dev secweb_peer proto kernel scope link src 10.4.0.10 10.4.0.9 dev secweb_peer scope link 10.5.4.0/22 dev wgsewe proto kernel scope link src 10.5.4.2 (where 10.4.0.9 is veth to main namespace, and a local dnsmasq cache is listening to provide DNS, nothing else is possible) aka 11: secweb_peer@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 2e:5d:78:06:bf:94 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.4.0.10/30 brd 10.4.0.11 scope global secweb_peer valid_lft forever preferred_lft forever inet6 fe80::2c5d:78ff:fe06:bf94/64 scope link valid_lft forever preferred_lft forever 13: wgsewe: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.5.4.2/22 scope global wgsewe valid_lft forever preferred_lft forever the /proc/net/dev counters of secweb no longer count any traffic routed via wgsewe, only the DNS traffic via 10.4.0.9: secweb: 29157 382 0 0 0 0 0 0 42301 308 0 0 0 0 0 0 whereas we see === WG wgsewe@secweb === interface: wgsewe ... allowed ips: 0.0.0.0/0 latest handshake: 7 seconds ago transfer: 218.64 MiB received, 7.50 MiB sent
Well with 5.10.41 i again see the netns counter increasing even with wireguard default route. Thanks!!