我的 AOSP 设备和主机 PC 之间有以太网连接,一旦我在同一子网上为两者设置了 ipv4,我就可以在它们之间进行连接,但是一旦我在 AOSP 设备上创建桥并使其 NIC 桥接,我就会失去与主机的连接。 PS:对于桥接接口,我给了它与 eth0 相同的 IP,一旦桥接为内核配置端,它就会成为端口,我有以下宏 CONFIG_BRIDGE_NETFILTER=m CONFIG_BRIDGE=y CONFIG_BRIDGE_IGMP_SNOOPING=y 我还通过该桥接接口的 iptable 允许所有流量,但问题是仍然存在,我找不到原因。 PS:我可以 ping 通我的主机,但无法从主机 ping 通
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 3e:7a:bb:c5:3d:6c brd ff:ff:ff:ff:ff:ff
inet6 fe80::3c7a:bbff:fec5:3d6c/64 scope link
valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br4 state UP group default qlen 1000
link/ether e4:5f:01:75:31:59 brd ff:ff:ff:ff:ff:ff
inet6 fe80::f940:85b6:67c4:7698/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
5: ip6_vti0@NONE: <NOARP> mtu 1332 qdisc noop state DOWN group default qlen 1000
link/tunnel6 :: brd ::
6: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
7: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1000
link/tunnel6 :: brd ::
8: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether e4:5f:01:75:31:5a brd ff:ff:ff:ff:ff:ff
10: br4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether e4:5f:01:75:31:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/32 scope global br4
valid_lft forever preferred_lft forever
inet6 fe80::e65f:1ff:fe75:3159/64 scope link
valid_lft forever preferred_lft forever
这是的输出iptables-S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N bw_FORWARD
-N bw_INPUT
-N bw_OUTPUT
-N bw_costly_shared
-N bw_data_saver
-N bw_global_alert
-N bw_happy_box
-N bw_penalty_box
-N fw_FORWARD
-N fw_INPUT
-N fw_OUTPUT
-N oem_fwd
-N oem_out
-N st_OUTPUT
-N st_clear_caught
-N st_clear_detect
-N st_penalty_log
-N st_penalty_reject
-N tetherctrl_FORWARD
-N tetherctrl_counters
-A INPUT -j bw_INPUT
-A INPUT -j fw_INPUT
-A FORWARD -j oem_fwd
-A FORWARD -j fw_FORWARD
-A FORWARD -j bw_FORWARD
-A FORWARD -j tetherctrl_FORWARD
-A OUTPUT -j oem_out
-A OUTPUT -j fw_OUTPUT
-A OUTPUT -j st_OUTPUT
-A OUTPUT -j bw_OUTPUT
-A bw_INPUT -j bw_global_alert
-A bw_INPUT -p esp -j RETURN
-A bw_INPUT -m mark --mark 0x100000/0x100000 -j RETURN
-A bw_INPUT -j MARK --set-xmark 0x100000/0x100000
-A bw_OUTPUT -j bw_global_alert
-A bw_costly_shared -j bw_penalty_box
-A bw_data_saver -j RETURN
-A bw_global_alert -m quota2 ! --name globalAlert --quota 2097152
-A bw_happy_box -m bpf --object-pinned /sys/fs/bpf/prog_netd_skfilter_whitelist_xtbpf -j RETURN
-A bw_happy_box -j bw_data_saver
-A bw_penalty_box -m bpf --object-pinned /sys/fs/bpf/prog_netd_skfilter_blacklist_xtbpf -j REJECT --reject-with icmp-port-unreachable
-A bw_penalty_box -j bw_happy_box
-A st_clear_detect -m connmark --mark 0x2000000/0x2000000 -j REJECT --reject-with icmp-port-unreachable
-A st_clear_detect -m connmark --mark 0x1000000/0x1000000 -j RETURN
-A st_clear_detect -p tcp -m u32 --u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x4&0xff0000=0x10000" -j CONNMARK --set-xmark 0x1000000/0x1000000
-A st_clear_detect -p udp -m u32 --u32 "0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000" -j CONNMARK --set-xmark 0x1000000/0x1000000
-A st_clear_detect -m connmark --mark 0x1000000/0x1000000 -j RETURN
-A st_clear_detect -p tcp -m state --state ESTABLISHED -m u32 --u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0" -j st_clear_caught
-A st_clear_detect -p udp -j st_clear_caught
-A st_penalty_log -j CONNMARK --set-xmark 0x1000000/0x1000000
-A st_penalty_log -j NFLOG
-A st_penalty_reject -j CONNMARK --set-xmark 0x2000000/0x2000000
-A st_penalty_reject -j NFLOG
-A st_penalty_reject -j REJECT --reject-with icmp-port-unreachable
-A tetherctrl_FORWARD -j DROP
提前致谢