Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/linux/25.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Linux 在veth上接收的UDP数据包,由tcpdump捕获,由iptables接受,但未转发到netcat_Linux_Udp_Iptables_Netcat_Netfilter - Fatal编程技术网
Fatal编程技术网
  • linux/
  • Linux 在veth上接收的UDP数据包,由tcpdump捕获,由iptables接受,但未转发到netcat

Linux 在veth上接收的UDP数据包,由tcpdump捕获,由iptables接受,但未转发到netcat

linux udp

Linux 在veth上接收的UDP数据包,由tcpdump捕获,由iptables接受,但未转发到netcat,linux,udp,iptables,netcat,netfilter,Linux,Udp,Iptables,Netcat,Netfilter,我有两个名称空间srv1和srv2,通过软交换(p4-bmv2)和veth对互连。软交换只做简单的转发。名称空间内的veth接口具有分配给它们的IP地址(分别为192.168.1.1和192.168.1.2)。我可以使用这些IP地址在两个名称空间之间ping: sudo ip netns exec srv1 ping 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data. 64 bytes from 192.168.1.2

我有两个名称空间srv1和srv2,通过软交换(p4-bmv2)和veth对互连。软交换只做简单的转发。名称空间内的veth接口具有分配给它们的IP地址(分别为192.168.1.1和192.168.1.2)。我可以使用这些IP地址在两个名称空间之间ping:

sudo ip netns exec srv1 ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=1.03 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=1.04 ms
但当我尝试netcat时,我不会在服务器端收到消息:

客户:

sudo ip netns exec srv1 netcat 192.168.1.2 80 -u
 hello!

sudo ip netns exec srv1  tcpdump -XXvv -i srv1p
[sudo] password for simo: 
tcpdump: listening on srv1p, link-type EN10MB (Ethernet), capture size 262144 bytes
^C06:09:41.088601 IP (tos 0x0, ttl 64, id 14169, offset 0, flags [DF], proto UDP (17), length 35)
    192.168.1.1.55080 > 192.168.1.2.http: [bad udp cksum 0x8374 -> 0x5710!] UDP, length 7
    0x0000:  00aa bbcc dd02 00aa bbcc dd01 0800 4500  ..............E.
    0x0010:  0023 3759 4000 4011 801d c0a8 0101 c0a8  .#7Y@.@.........
    0x0020:  0102 d728 0050 000f 8374 6865 6c6c 6f21  ...(.P...thello!
    0x0030:  0a                                       .

1 packet captured
1 packet received by filter
0 packets dropped by kernel
服务器:

sudo ip netns exec srv2 netcat -l 80 -u

sudo ip netns exec srv2  tcpdump -XXvv -i srv2p
tcpdump: listening on srv2p, link-type EN10MB (Ethernet), capture size 262144 bytes
^C06:09:41.089232 IP (tos 0x0, ttl 64, id 14169, offset 0, flags [DF], proto UDP (17), length 35)
    192.168.1.1.55080 > 192.168.1.2.http: [bad udp cksum 0x8374 -> 0x5710!] UDP, length 7
    0x0000:  00aa bbcc dd02 00aa bbcc dd01 0800 4500  ..............E.
    0x0010:  0023 3759 4000 4011 801d c0a8 0101 c0a8  .#7Y@.@.........
    0x0020:  0102 d728 0050 000f 8374 6865 6c6c 6f21  ...(.P...thello!
    0x0030:  0a                                       .

1 packet captured
1 packet received by filter
0 packets dropped by kernel
接口接收格式正确的数据包。我在两个名称空间上都使用tcpdump进行了验证,我看到数据包被正确发送和接收:

客户:

sudo ip netns exec srv1 netcat 192.168.1.2 80 -u
 hello!

sudo ip netns exec srv1  tcpdump -XXvv -i srv1p
[sudo] password for simo: 
tcpdump: listening on srv1p, link-type EN10MB (Ethernet), capture size 262144 bytes
^C06:09:41.088601 IP (tos 0x0, ttl 64, id 14169, offset 0, flags [DF], proto UDP (17), length 35)
    192.168.1.1.55080 > 192.168.1.2.http: [bad udp cksum 0x8374 -> 0x5710!] UDP, length 7
    0x0000:  00aa bbcc dd02 00aa bbcc dd01 0800 4500  ..............E.
    0x0010:  0023 3759 4000 4011 801d c0a8 0101 c0a8  .#7Y@.@.........
    0x0020:  0102 d728 0050 000f 8374 6865 6c6c 6f21  ...(.P...thello!
    0x0030:  0a                                       .

1 packet captured
1 packet received by filter
0 packets dropped by kernel
服务器:

sudo ip netns exec srv2 netcat -l 80 -u

sudo ip netns exec srv2  tcpdump -XXvv -i srv2p
tcpdump: listening on srv2p, link-type EN10MB (Ethernet), capture size 262144 bytes
^C06:09:41.089232 IP (tos 0x0, ttl 64, id 14169, offset 0, flags [DF], proto UDP (17), length 35)
    192.168.1.1.55080 > 192.168.1.2.http: [bad udp cksum 0x8374 -> 0x5710!] UDP, length 7
    0x0000:  00aa bbcc dd02 00aa bbcc dd01 0800 4500  ..............E.
    0x0010:  0023 3759 4000 4011 801d c0a8 0101 c0a8  .#7Y@.@.........
    0x0020:  0102 d728 0050 000f 8374 6865 6c6c 6f21  ...(.P...thello!
    0x0030:  0a                                       .

1 packet captured
1 packet received by filter
0 packets dropped by kernel
我添加了srv2 iptable规则,以在端口80上接受udp数据包并记录:

sudo ip netns exec srv2 iptables -t filter -A INPUT -p udp --dport 80 -j ACCEPT
sudo ip netns exec srv2 iptables -I INPUT -p udp --dport 80 -j LOG --log-prefix " IPTABLES " --log-level=debug
我可以看到条目上的统计数据在增加,并且数据包被记录在/var/log/kern.log上,但是消息从未到达netcats侦听socker

sudo ip netns exec srv2 iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1    33 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:80 LOG flags 0 level 7 prefix " IPTABLES "
    4   133 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:80

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
内核日志:

kernel: [581970.306032]  IPTABLES IN=srv2p OUT= MAC=00:aa:bb:cc:dd:02:00:aa:bb:cc:dd:01:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=33 TOS=0x00 PREC=0x00 TTL=64 ID=51034 DF PROTO=UDP SPT=48784 DPT=80 LEN=13
当我用网桥替换软交换时,netcat可以工作。我想可能是软交换把数据包放错了,但是tcpdump显示了正确的格式。UDP校验和不正确,但它是从源服务器生成的,在使用linux网桥时也是如此,但在这种情况下它可以工作。有没有办法知道这些数据包没有到达netcat服务器的原因