ip Rule show 命令中的数字是什么意思

tag-icon tag-icon networking ip iproute
ip Rule show 命令中的数字是什么意思

如果我ip rule show在我的机器中输入命令,我得到的输出为,

0:  from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

数字有什么作用0,3276632767意思是?

我确实理解这些是一些优先事项并且0具有特殊优先级,无法删除。

另外,如果我添加一个新策略,它将以优先级创建32765。我的理解正确吗?

另外,我看到一些有关ip rule addfrom 的优先级的信息这里

实际上,由于历史原因 ip Rule add 不需要优先级值并允许它们不唯一。如果用户没有提供优先级,则由内核选择。如果用户创建的规则的优先级值已存在,则内核不会拒绝该请求。它将新规则添加到具有相同优先级的所有旧规则之前。这是设计上的错误,不再是了。而且有一天它会被修复,所以不要依赖这个功能。使用明确的优先级。

答案1

从手册页ip-rule:

在启动时,内核配置默认的 RPDB,其中包含三个规则:

   1.  Priority: 0, Selector: match anything, Action: lookup routing 
       table local (ID 255).  The local table is a special routing table 
       containing high priority control routes for local and broadcast 
       addresses.

       Rule 0 is special. It cannot be deleted or overridden.

   2.  Priority: 32766, Selector: match anything, Action: lookup routing 
       table main (ID 254).  The main table is the normal routing table 
       containing all non-policy routes. This rule may be deleted and/or 
       overridden with other ones by the administrator.

   3.  Priority: 32767, Selector: match anything, Action: lookup routing 
       table default (ID 253).  The default table is empty.  It is 
       reserved for some post-processing if no previous default rules 
       selected the packet.  This rule may also be deleted.

  Each RPDB entry has additional attributes.  F.e. each rule has a pointer 
  to some routing table.  NAT and masquerading rules have an attribute to 
  select new IP address to translate/masquerade.  Besides that, rules have 
  some optional attributes, which routes have, namely realms.  These 
  values do not override those contained in the routing tables.  They are 
  only used if the route did not select any attributes.

因此,这些数字 0、32766 和 32767 是应用规则的优先级。

笔记:上面提到的其他数字:255、254 和 253 对应于此文件中描述的路由表:

$ more /etc/iproute2/rt_tables 
#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
#1  inr.ruhep

然后可以在查询路由表时使用上面的名称,如下所示:

$ ip route show table local
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 172.17.0.0 dev docker0  proto kernel  scope link  src 172.17.42.1 
local 172.17.42.1 dev docker0  proto kernel  scope host  src 172.17.42.1 
broadcast 172.17.255.255 dev docker0  proto kernel  scope link  src 172.17.42.1 
broadcast 192.168.1.0 dev wlp1s0  proto kernel  scope link  src 192.168.1.80 
local 192.168.1.80 dev wlp1s0  proto kernel  scope host  src 192.168.1.80 
broadcast 192.168.1.255 dev wlp1s0  proto kernel  scope link  src 192.168.1.80

参考

相关内容