工作中曾遇到一个很奇怪的问题,我奉命调查。事情是这样的,有一台双网卡的机器,上面装有Fedora8,运行一个程序。该程序分别在两个网口上都接收多播数据,程序运行是正常的。但是,后来升级系统到Fedora13,发现就出问题了:在运行几秒钟后,第2个网口上就接收不到多播数据了。
例如:
A: 192.168.8.100
B: (IGMP Query) 10.0.0.1 来自路由器
查找路由表
网卡1为默认路由: 172.17.5.100
网卡2
系统根据路由表,认为10.0.0.1这个IP应该在第一个网卡172.17.5.100上收到,现实的情况是在第二张网卡192.168.8.100上收到了。认为这是不合理的,丢弃该包。致命的问题的,该包是来自路由器的IGMP Query包。
The rp_filter can reject incoming packets if their source address doesn’t match the network interface that they’re arriving on, which helps to prevent IP spoofing. Turning this on, however, has its consequences: If your host has several IP addresses on different interfaces, or if your single interface has multiple IP addresses on it, you’ll find that your kernel may end up rejecting valid traffic. It’s also important to note that even if you do not enable the rp_filter, protection against broadcast spoofing is always on. Also, the protection it provides is only against spoofed internal addresses; external addresses can still be spoofed.. By default, it is disabled.
解决方法:
系统配置文件
1. /etc/sysctl.conf
把 net.ipv4.conf.all.rp_filter和 net.ipv4.conf.default.rp_filter设为0即可
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
系统启动后,会自动加载这个配置文件,内核会使用这个变量
2. 命令行
显示一个内核变量 sysctl net.ipv4.conf.all.rp_filter
设置一个内核变量 sysctl -w net.ipv4.conf.all.rp_filter=0
设置完后,会更新内核(实时的内存)中的变量的值,但不会修改sysctl.conf的值
3. 使用/proc文件系统
查看 cat /proc/sys/net/ipv4/conf/all/rp_filter
设置 echo "0" >/proc/sys/net/ipv4/conf/all/rp_filter