Closed jschwinger233 closed 1 month ago
Community gives feedback that traffic could be dropped due to martian source check:
ffff8e6d930b40e8 mark=0 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 __netif_rx ffff8e6d930b40e8 mark=0 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 netif_rx_internal ffff8e6d930b40e8 mark=0 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 enqueue_to_backlog ffff8e6d930b40e8 mark=0 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 __netif_receive_skb ffff8e6d930b40e8 mark=0 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 __netif_receive_skb_one_core ffff8e6d930b40e8 mark=0 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 tc_run ffff8e6d930b40e8 mark=0 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 tcf_classify ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 tcp_wfree ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 ip_rcv ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 ip_rcv_core ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 ip_route_input_noref ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 ip_route_input_slow ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 fib_validate_source ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 __fib_validate_source ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 ip_handle_martian_source ffff8e6d930b40e8 mark=8000000 netns=4026532432 if=83(dae0peer) proc=124410(curl) 10.0.8.9:35964 > 1.1.1.2:80 tcp_flags=S payload_len=0 kfree_skb_reason(SKB_DROP_REASON_NOT_SPECIFIED)
Let's set sysctl net.ipv4.conf.dae0peer.accept_local=1 inside daens. It's safe to change sysctl inside daens as systemd-sysctl or whatever daemon watching sysctl on host shouldn't have any chance to revert our change.
sysctl net.ipv4.conf.dae0peer.accept_local=1
Closes #[issue number]
Cool!
Let me mark it "ready for review" and go for PR build. Don't merge until community confirms.
可以正常工作了
Background
Community gives feedback that traffic could be dropped due to martian source check:
Let's set
sysctl net.ipv4.conf.dae0peer.accept_local=1
inside daens. It's safe to change sysctl inside daens as systemd-sysctl or whatever daemon watching sysctl on host shouldn't have any chance to revert our change.Checklist
Full Changelogs
Issue Reference
Closes #[issue number]
Test Result