LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-29-2009, 03:59 PM   #1
techmex
LQ Newbie
 
Registered: Jan 2009
Posts: 4

Rep: Reputation: 0
Question Knowing when a packet is dropped due to a routing decision


Hello,

I am having problems forwarding multicast traffic on a Linux router. I believe that I have added all the routing entries, correctly configured the routing daemon, etc., etc. but yet, I don't see the traffic being forwarded. It is not the first time that I run into a forwarding problem (and won't probably be the last one), so more than asking for a specific solution or insight into this problem, I'd like to know how can I trace the passing of a particular packet thru the kernel. Understood that it is impossible for the kernel to keep record of every packet it processes, but is there a way to know at least if packets matching some criteria are dropped and at what point of the IP stack? For example, if Linux receives a packet destined to another host but there isn't any route to that host or to its network, the packet is dropped. Is there any way to know what component discarded the packet and why? I am fearing that Linux lacks of the capability to answer these kind of questions, but wanted to throw out the question in case somebody has a suggestion for this.

Thanks,

techmex
 
Old 01-29-2009, 04:03 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Use tcpdump(8). Take a close look at the -i option and the 'expr' section in its manpages.
 
Old 01-29-2009, 04:08 PM   #3
techmex
LQ Newbie
 
Registered: Jan 2009
Posts: 4

Original Poster
Rep: Reputation: 0
tcpdump is not enough. Suppose that you have vlan2 and vlan3 in your device and you're forwarding traffic from one to the other. You sniff vlan2 and see packets coming in. Then you sniff vlan3 but see no packet going out. tcpdump only let's you know that the traffic is not being forwarded, not why. Was the packet discarded by the firewall (ip tables)? Was it dropped because there wasn't a proper route to forward it to? These are the kind of questions that I'd like to answer and tcpdump doesn't help at all.
 
Old 01-29-2009, 06:20 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Or sniff both simultaneously (two console windows) and observe the behavior. Packets that are dropped by iptables are still captured by tcpdump, so that eliminates that concern of yours. Even if you need packets to get to another hop, you temporarily disable your firewall while testing.

Learn how to use the tool before complaining that "it doesn't help at all".

Last edited by anomie; 01-29-2009 at 06:21 PM.
 
Old 01-29-2009, 06:27 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Two other things come to mind:

1. I'm assuming that you have taken the very basic step of setting the sysctl MIB:
net.ipv4.ip_forward = 1

2. To help observe iptables activity (if turning it off is not an option) you can add logging rules and review what happened with traffic (whether it was dropped or accepted), and you can watch stateful rules in real-time using iptstate(8).
 
Old 01-30-2009, 08:49 AM   #6
techmex
LQ Newbie
 
Registered: Jan 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Not only net.ipv4.ip_forward but also net/ipv4/conf/all/mc_forwarding is set to 1. I am not using iptables to filter traffic, so this is not a concern (my bad about mentioning the fw in my previous post). Not sure if all routing decisions are taken by iptables, but anyway, will take a look at that iptstate tool to see if can shed some light into my original inquiry. Thanks. And take it easy, man.
 
Old 01-30-2009, 12:32 PM   #7
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Something else on this topic: I had to learn about the iproute2 facility recently to enable source-based routing on a multi-homed RHEL server. The ip(8) utility might be able to shed some more light on what is happening with your routing decisions (I'm not sure). It seems to be a very powerful app.

See the manpages for ip(8) and also:
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Packet getting dropped using iptables gugabaga Linux - Networking 1 02-03-2006 04:44 AM
Packet dropped....while Netfiltering... alwaysrookie Programming 0 12-10-2005 03:30 AM
routing decision and iptables eantoranz Linux - Networking 6 07-21-2005 11:21 AM
Dropped packet logging jonr Linux - Networking 6 11-18-2004 08:25 AM
Unable to share internet from Xp to linux due to packet size. newbie76 Linux - Networking 2 03-16-2004 04:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration