Howto debug macvlan network IFs

tomp · February 14, 2020, 4:36pm

Sorry ignore my previous post, I’m getting confused with the IP scheme.

So to summarise:

host ens6f0: 10.50.1.129/25 - you can see packets arriving from 10.50.1.10 on this nic to 10.50.5.1.
host ens6f1: 10.50.1.1/25 - you can see packets arriving from 10.50.1.10 on this nic to 10.50.5.129.
ct data0: 10.50.5.1/16 (parent ens6f0)
ct data1: 10.50.5.129/16 (parent ens6f1)
target *: 10.50.1.10

Because you can see streams arriving to the host on both NICs to the IPs of the container’s macvlan interfaces, this suggests to me that MACVLAN is working OK (at least inbound), because if it wasn’t then ARP resolution wouldn’t have taken place and those packets wouldn’t arrive at the host.

You should be able to get tcpdump or tshark working inside the containers.

zotan · February 14, 2020, 4:59pm

I’m impressed with tshark it works in the container. I can see both streams of data, so definitely not a macvlan problem. I now need to work out why I can’t listen to the stream on data0, I can only listen on data1.

zotan · February 14, 2020, 5:09pm

Netstat shows the data isn’t being dropped:

Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
data0     9600   202320      0      0 0            29      0      0      0 BMRU
data1     9600   203600      0      0 0            31      0      0      0 BMRU

So where is it going?

tomp · February 14, 2020, 5:19pm

Can you show the output of netstat -ulpn please

zotan · February 14, 2020, 5:27pm

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
udp        0      0 127.0.0.53:53           0.0.0.0:*                           173/systemd-resolve 
udp        0      0 192.168.20.71:68        0.0.0.0:*                           170/systemd-network 
udp        0      0 10.50.5.1:5000          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5000        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5001          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5001        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5002          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5002        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5003          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5003        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5004          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5004        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5005          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5005        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5006          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5006        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5007          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5007        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5008          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5008        0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.1:5009          0.0.0.0:*                           3001/ringBuffer     
udp        0      0 10.50.5.129:5009        0.0.0.0:*                           3001/ringBuffer

tomp · February 18, 2020, 9:09am

So it is listening on data0 interface (10.50.5.1) on port 5000. Is the application dropping the data perhaps?

zotan · February 18, 2020, 11:03am

I finally found the answer. By default Ubuntu enables a reverse packet filter which drops all packets from a remote host that the machine has no reverse route to. This is to mitigate against denial of service attacks. In my case the problem can be solved by either disabling the filter or creating a valid reverse route. The full details are here:

tomp · February 18, 2020, 11:28am

Ah of course, I wasn’t aware that Ubuntu enabled rp_filter = 1, noted for the future
Glad you got it working.