当我运行时,cat /proc/net/arp我看到两个条目*绑定到:
IP address HW type Flags HW address Mask Device
35.224.99.156 0x1 0x0 00:00:00:00:00:00 * docker0
35.222.85.5 0x1 0x0 00:00:00:00:00:00 * docker0
即使之后这些条目ip -s -s neigh flush all又 arp -n回来了。上面的结果意味着什么?
为什么 ARP 将 docker0 设备绑定到带有 mac 的 IP(35.224.99.156)和(35.222.85.5)00:00:00:00:00:00,我无法识别它们,尽管它们来自 Google Cloud/Google 或被欺骗为这样的。
这是预料之中的事吗?是错误、损坏,还是其他更险恶的事情?
*最初使用 OSQuery 检测
SELECT address, mac, COUNT(mac) AS mac_count
FROM arp_cache GROUP BY mac
HAVING count(mac) > 1;
docker network inspect bridge是
[
{
"Name": "bridge",
"Id": "REDACTED",
"Created": "2019-02-09T17:38:43.817882245Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
答案1
这些是 NetworkManager 进行的连接检查的结果。
# nslookup connectivity-check.ubuntu.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: connectivity-check.ubuntu.com
Address: 35.224.99.156
Name: connectivity-check.ubuntu.com
Address: 35.222.85.5
存在错误,导致 arp 请求发出错误的接口。请参阅:https://bugzilla.redhat.com/show_bug.cgi?id=1634286
您可以通过删除包来防止这种情况网络管理器配置连接性
apt purge network-manager-config-connectivity-ubuntu