[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a question about firewalls (or whatever else that might cause packet drop)

Matej Kosik a écrit :
>>> I am experiencing some deterministic packet drop:
>>> - when I tcpreplay on "lo" some pcap (0.pcap) file,
>>>   that traffic does not reach listening applications
> I have discovered the following regularity:
> - if source IP address in given pcap is one of "my" IP addresses,
>   then when I try to tcpreplay given pcap, the data is not delivered
>   to applications
> - if I change all source IP addresses to any other non-local
>   IP addresses (e.g.,, ...
>   or if I use whatever other address from local network
>   except for my address), then when I tcpreplay modified pcap file,
>   then data is delivered to applications.

The tcpreplay FAQ (e.g. <http://tcpreplay.synfin.net/wiki/FAQ>) mentions
this issue, but the explanation about layer-2 header sounds dubious, as
just changing the source IP address changes the behaviour.

I may be wrong, but this sounds very much to me like the "martian
source" filtering which discards incoming IP packets with a source
address belonging to the host. Of course this should not happen (and
does not normally happen) on a loopback interface ; but my guess is that
"normally" generated IP packets sent over the loopback interface may
take some kind of "shortcut" in the networking stack and skip this
check, whereas packets injected by tcpreplay may take the full inbound
path as if they had be received on an external interface. You can enable
the log_martians sysctl to check this.

> iptables-save does not print anything so the list of rules might be
> empty, I guess.

Correct. Actually iptables is not even active (loaded), otherwise
iptables-save would at least display the empty built-in chains.

Reply to: