我正在尝试为 Geneve 协议添加 tc 花过滤器,但收到此错误:
% sudo tc filter add dev gnv0 protocol ip parent ffff: \
flower geneve_opts 0108:01:020000000000000000/FFFF:FF:FF0000000000000000,0108:02:020000000000000000/FFFF:FF:FF0000000000000000,0108:03:0100000000/FFFF:FF:FF00000000 \
action tunnel_key unset
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
我正在使用亚马逊Linux:
% uname -a
Linux ip-10-0-40-230.ec2.internal 4.14.311-233.529.amzn2.x86_64 #1 SMP Thu Mar 23 09:54:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
我想终止来自镜像流量的 AWS 网关负载均衡器的 GENEVE UDP 隧道。这个想法是将数据包开盖成其原始形式。请注意,我也尝试过vxlan_opts但没有成功,因此在我看来,问题更具体地针对 tc 而不是针对过滤器。
我已经加载了一些网上建议的内核模块(不确定它们是否必要或充分);
% lsmod | grep sch
sch_htb 24576 0
sch_netem 20480 0
sch_ingress 16384 1
完整示例:
sudo yum install tc
sudo modprobe sch_netem
sudo modprobe sch_htb
sudo ip link add name gnv0 type geneve dstport 6081 external
sudo ip link set gnv0 up
sudo tc qdisc add dev gnv0 ingress
sudo tc filter add dev gnv0 protocol ip parent ffff: \
flower geneve_opts 0108:01:020000000000000000/FFFF:FF:FF0000000000000000,0108:02:020000000000000000/FFFF:FF:FF0000000000000000,0108:03:0100000000/FFFF:FF:FF00000000 \
action tunnel_key unset
我在 AL2023 上尝试过并出现类似错误;
sudo ip link add name gnv0 type geneve dstport 6081 external
sudo ip link set gnv0 up
sudo tc qdisc add dev gnv0 ingress
sudo tc filter add dev gnv0 protocol ip parent ffff: \
flower geneve_opts 0108:01:020000000000000000/FFFF:FF:FF0000000000000000,0108:02:020000000000000000/FFFF:FF:FF0000000000000000,0108:03:0100000000/FFFF:FF:FF00000000 \
action tunnel_key unset
Error: Failed to load TC action module.
We have an error talking to the kernel