主机接受 ICMP 但不接受 TCP/UDP

主机接受 ICMP 但不接受 TCP/UDP

我在 Ubuntu 20.04 上运行带有自定义拓扑和 P4 的 Mininet。该问题发生在通过交换机连接的两台主机(h1 和 h11)之间。以下是主机的配置:

h1:IP 10.0.11.1,mac:08:00:00:00:11:01。我已经手动配置了 arparp -i h1-eth0 -s 10.0.11.11 08:00:00:00:11:00

h11:IP 10.0.11.11,MAC:08:00:00:00:11:11。我已经手动配置了 arparp -i h11-eth0 -s 10.0.11.1 08:00:00:00:11:00

交换机运行 P4-Tutorial 中的基本路由程序,该程序将首先交换 mac 地址,然后将正确的目标 mac 放入数据包中。也就是说,从 h1 到 h11 的数据包将被转换为 Ether(src=08:00:00:00:11:00, dst=08:00:00:00:11:11) / IP(src=10.0. 11.1,dst=10.0.11.11)。从 h11 到 h1 的数据包将被转换为 Ether(src=08:00:00:00:11:00, dst=08:00:00:00:11:01) / IP(src=10.0.11.11, dst =10.0.11.1)。这就是我以这种方式配置 arp 的原因。

ping 命令(h1 ping h11h11 ping h1)工作正常,但当涉及到 TCP/UDP 数据包时,h11 总是无法响应(或接受数据包)。

[TCP]当我尝试iperf(h1 -> h11)时,h11不会响应h1发送的SYN数据包,但在h11的接口上我可以捕获SYN数据包,即路由是正确的。相反(h11 -> h1),h11 将发送 SYN 数据包。 h1 将接受并用 SYN+ACK 进行响应。这个SYN+ACK数据包可以在h11的接口处捕获,但是h11既不会响应ACK,h11上的iperf服务器程序也不会显示任何内容。

[UDP]当我traceroute 10.0.11.1在h11上尝试时,它工作正常(h1返回UDP数据包),结果如下:

traceroute to 10.0.11.1 (10.0.11.1), 30 hops max, 60 byte packets
 1  10.0.11.1 (10.0.11.1)  3.292 ms  3.108 ms  3.173 ms

但是当我尝试traceroute 10.0.11.11h1时,结果将无法达到。不过,我可以在 h11 的接口捕获 UDP 数据包。只是 h11 在应用程序级别从不响应也不接受。

两台主机上均未设置防火墙。主机 h11 可能会出现什么问题以及如何使其正常工作?谢谢!

顺便说一句,两台主机上的 iptable 都是

root@machine# iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5849  952K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 5747 packets, 945K bytes)
 pkts bytes target     prot opt in     out     source               destination         

root@machine# iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

我有以下结果:

root@h11# ip neigh show
10.0.11.1 dev h11-eth0 lladdr 08:00:00:00:11:00 PERMANENT
root@h11# arp -i h11-eth0
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.11.1                ether   08:00:00:00:11:00   CM                    h11-eth0
root@h1# ip neigh show
10.0.11.11 dev h1-eth0 lladdr 08:00:00:00:11:00 PERMANENT
root@h1# arp -i h1-eth0
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.11.11               ether   08:00:00:00:11:00   CM                    h1-eth0
root@homer-vm4:/home/yunming/AppStreaming/load_balancer/LB7# 

此外,我运行了 iperf (h11->h1),这是 h11 界面上捕获的内容:

root@h11# tcpdump -i h11-eth0 -e
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on h11-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:57:07.202587 08:00:00:00:11:11 (oui Unknown) > 08:00:00:00:11:00 (oui Unknown), ethertype IPv4 (0x0800), length 74: 10.0.11.11.45938 > 10.0.11.1.5001: Flags [S], seq 3406863775, win 42340, options [mss 1460,sackOK,TS val 2081233344 ecr 0,nop,wscale 9], length 0
16:57:07.203629 08:00:00:00:11:00 (oui Unknown) > 08:00:00:00:11:11 (oui Unknown), ethertype IPv4 (0x0800), length 74: 10.0.11.1.5001 > 10.0.11.11.45938: Flags [S.], seq 3060599012, ack 3406863776, win 43440, options [mss 1460,sackOK,TS val 2061897778 ecr 2081233344,nop,wscale 9], length 0
16:57:08.216329 08:00:00:00:11:11 (oui Unknown) > 08:00:00:00:11:00 (oui Unknown), ethertype IPv4 (0x0800), length 74: 10.0.11.11.45938 > 10.0.11.1.5001: Flags [S], seq 3406863775, win 42340, options [mss 1460,sackOK,TS val 2081234358 ecr 0,nop,wscale 9], length 0
16:57:08.217393 08:00:00:00:11:00 (oui Unknown) > 08:00:00:00:11:11 (oui Unknown), ethertype IPv4 (0x0800), length 74: 10.0.11.1.5001 > 10.0.11.11.45938: Flags [S.], seq 3060599012, ack 3406863776, win 43440, options [mss 1460,sackOK,TS val 2061898791 ecr 2081233344,nop,wscale 9], length 0
16:57:08.217461 08:00:00:00:11:00 (oui Unknown) > 08:00:00:00:11:11 (oui Unknown), ethertype IPv4 (0x0800), length 74: 10.0.11.1.5001 > 10.0.11.11.45938: Flags [S.], seq 3060599012, ack 3406863776, win 43440, options [mss 1460,sackOK,TS val 2061898792 ecr 2081233344,nop,wscale 9], length 0

相关内容