摘自:http://www.cnblogs.com/aHuner/archive/2013/03/11/2954639.html
一、现象:tcpdump有包,协议栈收不到。即select超时返回0。
系统:
[root@ahuner /]# cat /etc/issue
CentOS release 6.3 (Final)
Kernel \r on an \m
[root@ahuner /]# cat /proc/version
Linux version 2.6.32-279.el6.x86_64
二、原因:reverse-path filtering,反向路径过滤技术,系统在接收到一个IP包后,检查该IP是不是合乎要求,不合要求的IP包会被系统丢弃。该技术就称为rp filter.
The rp_filter can reject incoming packets if their source address doesn’t match the network interface that they’re arriving on, which helps to prevent IP spoofing. Turning this on, however, has its consequences: If your host has several IP addresses on different interfaces, or if your single interface has multiple IP addresses on it, you’ll find that your kernel may end up rejecting valid traffic. It’s also important to note that even if you do not enable the