You are not logged in.

Pages: 1

#1 2022-12-27 05:38:15

zhihuiyuze
Member
Registered: 2022-12-27
Posts: 1

ip rule cannot match based on the source IPv4 address

Hello,

I'm doing some strange routing by using ip rule.

[root@archlinux ~]# ip -4 rule
0:      from all lookup local
32751:  from 134.195.121.118 lookup 101
32752:  from all iif Tanuki_IX lookup 147
32753:  from all iif ens19 lookup 147
32754:  from all iif cu_gre6 lookup 247
32755:  from all iif cu lookup 147
32756:  from all iif openvpn_stuix.5 lookup 247
32757:  from all iif openvpn_stuix lookup 147
32758:  from all iif openvpn_c1v lookup 147
32759:  from all iif openvpn_c1v.5 lookup 247
32760:  from all iif openvpn_Eric.5 lookup 247
32761:  from all iif openvpn_Eric lookup 147
32762:  from all iif ll-ix lookup 147
32763:  from all iif ll-ix_gre6 lookup 247
32764:  from all iif KSKB lookup 147
32765:  from all iif KSKB_gre6 lookup 247
32766:  from all lookup main
32767:  from all lookup default

As you could see, IPv4 from  134.195.121.118/32 will using table 101 which only contain 

[root@archlinux ~]# ip -4 route show table 101
default via 33.0.0.6 dev openvpn_Eric 
[root@archlinux ~]#

When I am mtr to 8.8.8.8, it still uses the main route table NOT table 101 which does not follow the ip rule.

[root@archlinux ~]# mtr -a 134.195.121.118 8.8.8.8
[root@archlinux ~]# tcpdump -i any host 134.195.121.118
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
13:30:11.991460 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33008, length 44
13:30:11.998947 openvpn_Eric Out IP archlinux.palace-2 > 172.17.0.1.palace-2: UDP, length 28
13:30:11.999059 openvpn_Eric Out IP archlinux.33915 > 172.17.0.1.palace-2: UDP, length 28
13:30:11.999384 openvpn_Eric Out IP archlinux.27004 > 172.17.0.1.palace-2: UDP, length 28
13:30:12.006020 openvpn_Eric Out IP archlinux.palace-2 > 59.200.0.1.palace-2: UDP, length 28
13:30:12.006096 openvpn_Eric Out IP archlinux.33915 > 59.200.0.1.palace-2: UDP, length 28
13:30:12.006136 openvpn_Eric Out IP archlinux.27004 > 59.200.0.1.palace-2: UDP, length 28
13:30:12.017489 openvpn_Eric Out IP archlinux.palace-2 > 208.99.49.1.palace-2: UDP, length 28
13:30:12.017628 openvpn_Eric Out IP archlinux.33915 > 208.99.49.1.palace-2: UDP, length 28
13:30:12.017650 openvpn_Eric Out IP archlinux.27004 > 208.99.49.1.palace-2: UDP, length 28
13:30:12.023034 openvpn_Eric Out IP archlinux.palace-2 > 172.23.89.1.palace-2: UDP, length 28
13:30:12.023147 openvpn_Eric Out IP archlinux.33915 > 172.23.89.1.palace-2: UDP, length 28
13:30:12.023202 openvpn_Eric Out IP archlinux.27004 > 172.23.89.1.palace-2: UDP, length 28
13:30:12.027182 openvpn_Eric Out IP archlinux.palace-2 > 172.17.0.1.24452: UDP, length 28
13:30:12.027203 openvpn_Eric Out IP archlinux.33915 > 172.17.0.1.24452: UDP, length 28
13:30:12.027212 openvpn_Eric Out IP archlinux.27004 > 172.17.0.1.24452: UDP, length 28
13:30:12.031218 openvpn_Eric Out IP archlinux.palace-2 > 59.200.0.1.24452: UDP, length 28
13:30:12.031235 openvpn_Eric Out IP archlinux.33915 > 59.200.0.1.24452: UDP, length 28
13:30:12.031243 openvpn_Eric Out IP archlinux.27004 > 59.200.0.1.24452: UDP, length 28
13:30:12.036170 openvpn_Eric Out IP archlinux.palace-2 > 208.99.49.1.24452: UDP, length 28
13:30:12.036192 openvpn_Eric Out IP archlinux.33915 > 208.99.49.1.24452: UDP, length 28
13:30:12.036200 openvpn_Eric Out IP archlinux.27004 > 208.99.49.1.24452: UDP, length 28
13:30:12.040852 openvpn_Eric Out IP archlinux.palace-2 > 172.23.89.1.24452: UDP, length 28
13:30:12.040873 openvpn_Eric Out IP archlinux.33915 > 172.23.89.1.24452: UDP, length 28
13:30:12.040881 openvpn_Eric Out IP archlinux.27004 > 172.23.89.1.24452: UDP, length 28
13:30:12.046089 openvpn_Eric Out IP archlinux.palace-2 > 172.17.0.1.24453: UDP, length 28
13:30:12.046119 openvpn_Eric Out IP archlinux.33915 > 172.17.0.1.24453: UDP, length 28
13:30:12.046138 openvpn_Eric Out IP archlinux.27004 > 172.17.0.1.24453: UDP, length 28
13:30:12.051427 openvpn_Eric Out IP archlinux.palace-2 > 59.200.0.1.24453: UDP, length 28
13:30:12.051453 openvpn_Eric Out IP archlinux.33915 > 59.200.0.1.24453: UDP, length 28
13:30:12.051467 openvpn_Eric Out IP archlinux.27004 > 59.200.0.1.24453: UDP, length 28
13:30:12.055046 openvpn_Eric Out IP archlinux.palace-2 > 208.99.49.1.24453: UDP, length 28
13:30:12.055075 openvpn_Eric Out IP archlinux.33915 > 208.99.49.1.24453: UDP, length 28
13:30:12.055085 openvpn_Eric Out IP archlinux.27004 > 208.99.49.1.24453: UDP, length 28
13:30:12.058847 openvpn_Eric Out IP archlinux.palace-2 > 172.23.89.1.24453: UDP, length 28
13:30:12.058874 openvpn_Eric Out IP archlinux.33915 > 172.23.89.1.24453: UDP, length 28
13:30:12.058886 openvpn_Eric Out IP archlinux.27004 > 172.23.89.1.24453: UDP, length 28
13:30:12.091913 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33009, length 44
13:30:12.096047 openvpn_Eric Out IP archlinux.palace-2 > 7.254.0.1.palace-2: UDP, length 28
13:30:12.096081 openvpn_Eric Out IP archlinux.33915 > 7.254.0.1.palace-2: UDP, length 28
13:30:12.096092 openvpn_Eric Out IP archlinux.27004 > 7.254.0.1.palace-2: UDP, length 28
13:30:12.101389 openvpn_Eric Out IP archlinux.palace-2 > 7.254.0.1.24452: UDP, length 28
13:30:12.101409 openvpn_Eric Out IP archlinux.33915 > 7.254.0.1.24452: UDP, length 28
13:30:12.101422 openvpn_Eric Out IP archlinux.27004 > 7.254.0.1.24452: UDP, length 28
13:30:12.192666 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33010, length 44
13:30:12.293006 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33011, length 44
13:30:12.393416 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33012, length 44
13:30:12.494029 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33013, length 44
13:30:12.607660 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33014, length 44
13:30:12.679414 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33015, length 44
13:30:12.966665 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33019, length 44
13:30:13.039053 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33020, length 44
13:30:14.045371 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33034, length 44
13:30:14.116878 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33035, length 44
13:30:14.188702 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33036, length 44
13:30:14.260455 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33037, length 44
13:30:14.332277 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33038, length 44
13:30:14.404019 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33039, length 44
13:30:14.475861 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33040, length 44
13:30:14.547705 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33041, length 44
13:30:14.619529 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33042, length 44
13:30:14.691361 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33043, length 44
13:30:14.763157 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33044, length 44
13:30:14.834959 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33045, length 44
13:30:14.906978 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33046, length 44
13:30:14.978577 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33047, length 44
13:30:15.050371 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33048, length 44
13:30:15.122227 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33049, length 44
13:30:15.193915 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33050, length 44
13:30:15.265629 ens18 Out IP archlinux > dns.google: ICMP echo request, id 65299, seq 33051, length 44
13:30:15.325557 openvpn_Eric Out IP archlinux.palace-2 > root-mia-01.zerotier.com.palace-2: UDP, length 137
13:30:15.325578 openvpn_Eric Out IP archlinux.33915 > root-mia-01.zerotier.com.palace-2: UDP, length 137
13:30:15.325586 openvpn_Eric Out IP archlinux.27004 > root-mia-01.zerotier.com.palace-2: UDP, length 137
13:30:15.328638 openvpn_Eric Out IP archlinux.palace-2 > root-zrh-01.zerotier.com.palace-2: UDP, length 137
13:30:15.328657 openvpn_Eric Out IP archlinux.33915 > root-zrh-01.zerotier.com.palace-2: UDP, length 137
13:30:15.328667 openvpn_Eric Out IP archlinux.27004 > root-zrh-01.zerotier.com.palace-2: UDP, length 137
13:30:15.329981 openvpn_Eric Out IP archlinux.palace-2 > root-sgp-01.zerotier.com.palace-2: UDP, length 137
13:30:15.329998 openvpn_Eric Out IP archlinux.33915 > root-sgp-01.zerotier.com.palace-2: UDP, length 137
13:30:15.330007 openvpn_Eric Out IP archlinux.27004 > root-sgp-01.zerotier.com.palace-2: UDP, length 137
13:30:15.332916 openvpn_Eric Out IP archlinux.palace-2 > 104.194.8.134.palace-2: UDP, length 137
13:30:15.332934 openvpn_Eric Out IP archlinux.33915 > 104.194.8.134.palace-2: UDP, length 137
13:30:15.332941 openvpn_Eric Out IP archlinux.27004 > 104.194.8.134.palace-2: UDP, length 137

As you could see, the package still using the default route table not table 101.

This happens on Debian at the same time, and I think it's a problem about Linux, not just ArchLinux. I also tested passing ip -6 rule add from some ipv6 address table 101. It can work normally, that is to say, there is a matching problem with ipv4 in ip rule, but this phenomenon does not exist in ipv6.

Offline

Pages: 1

Board footer

Powered by FluxBB