Hello Pascal,
Thank you for responding. The rp_filter was set to 1 for all my
interfaces. I set them all to 0. It did not help. I still lost a lot
of packets.
Then I enabled the log_martians capability and I noticed a bunch
of invalid addresses being logged by the system. The addresses were
those whose first octet was zero '0'.
However, the number of messages/packets logged is far fewer than
the number of packets being dropped.
Therefore 3 questions:
1. I assume, martian logging is rate limited somehow?
1.1 If so, how can I at least get a count
of the martian packets?
1.2 Can I modify kernel code somewhere to
get this count?
Thank you.
Azeem Khan
Bombay, India.
On Apr 26, 5:51 pm, Pascal Hambourg <boite-a-s...@plouf.fr.eu.org>
wrote:
> Hello,
>
> Azeem a écrit :
>
>
>
>
>
> > I am sending anonymized packets (using a tool called Click) which
> > generates addresses from the entire IPv4 address space to this
> > machine. [...]
> > I keep observing a certain amount of packets being dropped by the
> > router. The number of dropped packets vary each time I run my test
> > script. Some are being dropped by the incoming NIC itself (as observed
> > by the output of ifconfig <interface_name>), but these are very few
> > compared to the ones being dropped by the router itself.
> [...]
> > How do I figure out why these packets are being dropped?
> > How do I count the number of packets being dropped?
>
> > Just an aside:
> > When I send non-anonymized packets to this machine (ie.
> > by using the IP addresses of the subnets attached to the router) no
> > packets are being lost
>
> Check /proc/sys/net/ipv4/conf/*/rp_filter which controls source address
> validation by reversed path.
|
Similar Threads
Linear Mode
