防止在创建 gre 隧道时生成 ipv6 数据包

防止在创建 gre 隧道时生成 ipv6 数据包

我有一个 veth 设备,它的每一端都位于同一台机器上的不同网络命名空间中。我正在通过这个 veth 创建一个 gretap 隧道。当将 gretap 设备设置为启动状态时,我可以看到在 veth 上生成了很多这样的数据包:

21:18:46.307865 b6:03:1e:12:cb:75 > 92:41:07:b8:1c:69, IPv4, length 132: (tos 0x0, ttl 1, id 43062, offset 0, flags [DF], proto GRE (47), length 118)
    10.254.1.6 > 10.254.3.0: GREv0, Flags [key present], key=0x96040000, proto TEB (0x6558), length 98
    02:6e:4f:c6:17:0f > 33:33:00:00:00:16, IPv6, length 90: (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ffc6:170f to_ex { }]
21:18:46.559784 b6:03:1e:12:cb:75 > 92:41:07:b8:1c:69, IPv4, length 132: (tos 0x0, ttl 1, id 43118, offset 0, flags [DF], proto GRE (47), length 118)
    10.254.1.6 > 10.254.3.0: GREv0, Flags [key present], key=0x96040000, proto TEB (0x6558), length 98
    02:6e:4f:c6:17:0f > 33:33:00:00:00:16, IPv6, length 90: (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ffc6:170f to_ex { }]
21:18:47.115803 b6:03:1e:12:cb:75 > 92:41:07:b8:1c:69, IPv4, length 128: (tos 0x0, ttl 255, id 43220, offset 0, flags [DF], proto GRE (47), length 114)
    10.254.1.6 > 10.254.3.0: GREv0, Flags [key present], key=0x96040000, proto TEB (0x6558), length 94
    02:6e:4f:c6:17:0f > 33:33:ff:c6:17:0f, IPv6, length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ffc6:170f: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::6e:4fff:fec6:170f
      unknown option (14), length 8 (1): 
        0x0000:  c0c3 b5ce 75ba
21:18:48.139899 b6:03:1e:12:cb:75 > 92:41:07:b8:1c:69, IPv4, length 132: (tos 0x0, ttl 1, id 43452, offset 0, flags [DF], proto GRE (47), length 118)
    10.254.1.6 > 10.254.3.0: GREv0, Flags [key present], key=0x96040000, proto TEB (0x6558), length 98
    02:6e:4f:c6:17:0f > 33:33:00:00:00:16, IPv6, length 90: (hlim 1, next-header Options (0) payload length: 36) fe80::6e:4fff:fec6:170f > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ffc6:170f to_ex { }]
21:18:48.139930 b6:03:1e:12:cb:75 > 92:41:07:b8:1c:69, IPv4, length 112: (tos 0x0, ttl 255, id 43453, offset 0, flags [DF], proto GRE (47), length 98)
    10.254.1.6 > 10.254.3.0: GREv0, Flags [key present], key=0x96040000, proto TEB (0x6558), length 78
    02:6e:4f:c6:17:0f > 33:33:00:00:00:02, IPv6, length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::6e:4fff:fec6:170f > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
      source link-address option (1), length 8 (1): 02:6e:4f:c6:17:0f
        0x0000:  026e 4fc6 170f
21:18:49.131777 b6:03:1e:12:cb:75 > 92:41:07:b8:1c:69, IPv4, length 132: (tos 0x0, ttl 1, id 43685, offset 0, flags [DF], proto GRE (47), length 118)
    10.254.1.6 > 10.254.3.0: GREv0, Flags [key present], key=0x96040000, proto TEB (0x6558), length 98
    02:6e:4f:c6:17:0f > 33:33:00:00:00:16, IPv6, length 90: (hlim 1, next-header Options (0) payload length: 36) fe80::6e:4fff:fec6:170f > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ffc6:170f to_ex { }]
21:18:52.459788 b6:03:1e:12:cb:75 > 92:41:07:b8:1c:69, IPv4, length 112: (tos 0x0, ttl 255, id 43975, offset 0, flags [DF], proto GRE (47), length 98)
    10.254.1.6 > 10.254.3.0: GREv0, Flags [key present], key=0x96040000, proto TEB (0x6558), length 78
    02:6e:4f:c6:17:0f > 33:33:00:00:00:02, IPv6, length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::6e:4fff:fec6:170f > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
      source link-address option (1), length 8 (1): 02:6e:4f:c6:17:0f
        0x0000:  026e 4fc6 170f
21:19:01.679749 b6:03:1e:12:cb:75 > 92:41:07:b8:1c:69, IPv4, length 112: (tos 0x0, ttl 255, id 45984, offset 0, flags [DF], proto GRE (47), length 98)
    10.254.1.6 > 10.254.3.0: GREv0, Flags [key present], key=0x96040000, proto TEB (0x6558), length 78
    02:6e:4f:c6:17:0f > 33:33:00:00:00:02, IPv6, length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::6e:4fff:fec6:170f > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
      source link-address option (1), length 8 (1): 02:6e:4f:c6:17:0f
        0x0000:  026e 4fc6 170f

我该如何防止这种情况发生?我尝试删除 avahi 守护程序并将 ipv6 autoconf 设置为 0,但没有帮助。

答案1

您可以尝试通过编辑来更改 IPv6 的首选项/etc/gai.confhttps://serverfault.com/a/93782/30946在进行任何更改之前,请备份文件。如果文件丢失,只需创建它即可。另请参阅RFC 3484

相关内容