Skip to content

Commit 8a39988

Browse files
msunemsune
committed
docker: workaround RPF=0 kernel issue w/ dummy IP
Prior to this commit, some kernels (namely 6.11.0-1015-azure), gives the following error when IP packets ingress via the _seg_pair interface: (pwru trace) ``` 0xffff95c58b7854e8 1 ksoftirqd/1:31 4026533013 0 2 0x0800 1500 60 192.168.254.2:36706->10.244.0.111:8080(tcp) ip_route_input_slow 0xffff95c58b7854e8 1 ksoftirqd/1:31 4026533013 0 2 0x0800 1500 60 192.168.254.2:36706->10.244.0.111:8080(tcp) fib_validate_source 0xffff95c58b7854e8 1 ksoftirqd/1:31 4026533013 0 2 0x0800 1500 60 192.168.254.2:36706->10.244.0.111:8080(tcp) __fib_validate_source 0xffff95c58b7854e8 1 ksoftirqd/1:31 4026533013 0 2 0x0800 1500 60 192.168.254.2:36706->10.244.0.111:8080(tcp) ip_handle_martian_source 0xffff95c58b7854e8 1 ksoftirqd/1:31 4026533013 0 2 0x0800 1500 60 192.168.254.2:36706->10.244.0.111:8080(tcp) sk_skb_reason_drop(SKB_DROP_REASON_IP_RPFILTER) 0xffff95c58b7854e8 1 ksoftirqd/1:31 4026533013 0 2 0x0800 1500 60 192.168.254.2:36706->10.244.0.111:8080(tcp) skb_release_head_state ``` even when rpf=0. This does seem to happen for instance with kernel 6.12.30 (Debian13). This commit assigns a dummy IPv4 address, 203.0.113.1/32 which is part of the reserved Documentation block and should never interfere with any address, to work-around this issue.
1 parent bc516ff commit 8a39988

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

docker/entrypoint.sh

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,8 @@ if [[ "${SEG_DEV_NAME}" != "" ]]; then
138138
SEG_PAIR_DEV_IFINDEX=$(ip link show ${SEG_DEV_NAME}_pair | head -n 1 | awk '{print $1}' | tr -d ':')
139139
SEG_PAIR_DEV_MAC="$(ip -j link show ${SEG_DEV_NAME}_pair | jq -r '.[0].address' | tr -d ':' | sed 's/\(..\)/0x\1, /g' | sed 's/,\s*$$//')"
140140

141+
(ip addr show dev ${SEG_DEV_NAME}_pair | grep -q 'inet ') || ip addr add 203.0.113.1/32 dev ${SEG_DEV_NAME}_pair
142+
141143
sysctl -q net.ipv4.conf.${SEG_DEV_NAME}.rp_filter=0
142144
sysctl -q net.ipv4.conf.${SEG_DEV_NAME}.accept_local=1
143145
sysctl -q net.ipv4.conf.${SEG_DEV_NAME}_pair.rp_filter=0

0 commit comments

Comments
 (0)