What is martian source / martian packets

Martian source / Martian packets

In Linux, by default, packets are considered individually for routing purposes. Thus, all the routing algorithm determines where to send a packet based on that packet itself, without taking into consideration that the packet may be a response packet of sorts.

In a typical setup, this means that all outgoing traffic is going out over one interface, say, eth0 even if the incoming packet was sent to interface eth1.

One typical side effect of this algorithm is creation of so called "martian packets". A martian packet is an IP packet which specifies a source or destination address that is either reserved for special-use by Internet Assigned Numbers Authority (IANA) or does not belong to the subnet on which this interface exists, and that makes no sense. [RFC 1812]. For example, if two interfaces are connected to two subnets of 10 network, and default router is configured for eth0, then without expisit routing statement you can‘t respond to the packet send  to eth1, which is not on the local segment for this network.

In other words, a martian packet header source IP address is usually a IP address that iether:

  • should not be routable
  • came from a wrong subnet.

For example, a 127.0.0.0/8 IP address coming through a router, would be labeled as being martian, as such packets should be local only and should not travel via the network.

RFC 1812 defines the term a martian source the following way:

"An IP source address is invalid if it is a special IP address, as defined in 4.2.2.11 or 5.3.7, or is not a unicast address.

"An IP destination address is invalid if it is among those defined as illegal destinations in 4.2.3.1, or is a Class E address (except 255.255.255.255).

"A router SHOULD NOT forward any packet that has an invalid IP source address or a source address on network 0. A router SHOULD NOT forward, except over a loop-back interface, any packet that has a source address on network 127. A router MAY have a switch that allows the network manager to disable these checks. If such a switch is provided, it MUST default to performing the checks.

"A router SHOULD NOT forward any packet that has an invalid IP destination address or a destination address on network 0. A router SHOULD NOT forward, except over a loop-back interface, any packet that has a destination address on network 127. A router MAY have a switch that allows the network manager to disable these checks. If such a switch is provided, it MUST default to performing the checks.

"If a router discards a packet because of these rules, it SHOULD log at least the IP source address, the IP destination address, and, if the problem was with the source address, the physical interface on which the packet was received and the link Layer address of the hostor router from which the packet was received."

Martian source is network traffic from the wrong subnet appearing on an interface. For example if:

eth0 has IP 192.168.0.1 on subnet 255.255.255.0
eth1 has IP 192.168.1.1 on subnet 255.255.255.0

This means that eth0 should only see IP traffic from IP addresses from its subnet (192.168.0.x) and eth1 should only see traffic from its subnet (192.168.1.x)

If an IP on the network is still configured with a previous network address (202.167.2.34) and is seen on eth1 it will be seen as martian source.

If one of the machines on the network 192.168.0.x is plugged into the wrong switch and is effectively on the same network segment (physical) as eth1, then you will see martian source from that IP address (or you have multiple networks that the Linux box is not aware of)

Martian source is not a major thing, but such messages help making you aware of the fact that something in your network setup is either setup incorrectly, or not configured optimally.

This behavior is controlled by setting in /etc/sysctl.conf

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

There is a other situation you can see the martian source.

Server 1 Server 2

eth0: 10.249.111.10   netmask 255.255.255.0

eth2: 192.168.111.10 netmask 255.255.255.0

eth2:1: 10.249.111.161 netmask 255.255.255.0


eth0: 10.249.111.11   netmask 255.255.255.0

eth2: 192.168.111.11 netmask 255.255.255.0

eth2:1: 10.249.111.162 netmask 255.255.255.0

Generally connect from Server 1 eth0 to server 2 eth2:1 should be ok vice versa. But the kernel on server 2 will report :

IPv4: martian source 10.249.111.162 from 10.249.111.10, on dev eth2
ll header: 00000000: ff ff ff ff ff ff 02 13 02 00 28 7f 08 06 ..........(...

It looks like the kernel will compare with the source address with the eth2 address (192.168.111.xx) then it will find this is a martian source address.

Kernel just printk the source address and the actually destion address "martian source 10.249.111.162 from 10.249.111.10", is this a bug ? I think It should printk the eth2‘s address, that we know what happen.

时间: 2024-11-10 11:18:42

What is martian source / martian packets的相关文章

hadoop2.6.0 + hbase-1.0.0 伪分布配置

1 基本配置 主机名: 192.168.145.154 hadoop2 ======= 2 etc/hadoop下文件配置 1)core-site.xml <configuration> <property> <name>fs.defaultFS</name> <value>hdfs://hadoop2:8020</value> </property> <property> <name>io.fil

[转]rp_filter 的一个例子

我们都知道 Linux 反向路由查询,它的原理很简单,检查流入本机的 IP 地址是否合法,是否可能路由进来,是否是最佳路由.但是像多数网络问题,理论很简单,代码你看了也能懂,可实际情况往往比较复杂.之前一直没有碰到过实际中的例子,最近总算碰到一个. 情况是这样的,我有两个 vlan 设备,eth0.7 和 eth0.9,都是经过 vconfig 创建的虚拟网卡,eth0 硬件本身不能处理 vlan tag.现在的问题是,我给这两个网卡配置了同一个 IP 地址,192.168.122.74.你也许

经典好用anti-DDos的iptables shell脚本

#!/bin/bash # Description: This script applies to both RHEL and CentOS systems.This is # a powerful firewall, anti DDOS attacks, and not limitedto this, you can # make your Linux server as router, http/ftp server etc. ,but also as # required to open

20步打造最安全的Nginx Web服务器

转自:http://www.open-open.com/solution/view/1319455592515 Nginx是一个轻量级的,高性能的Web服务器以及反向代理和邮箱 (IMAP/POP3)代理服务器.它运行在UNIX,GNU /linux,BSD 各种版本,Mac OS X,Solaris和Windows.根据调查统计,6%的网站使用Nginx Web服务器.Nginx是少数能处理C10K问题的服务器之一.跟传统的服务器不同,Nginx不依赖线程来处理请求.相反,它使用了更多的可扩展

实现最安全的Nginx Web服务器

原文地址:http://www.phpthinking.com/archives/414 Nginx是一个轻量级的,高性能的Web服务器以及反向代理和邮箱(IMAP/POP3)代理服务器.它运行在UNIX,GNU/Linux,BSD各种版本,Mac OS X,Solaris和Windows.根据调查统计,6%的网站使用Nginx Web服务器.Nginx是少数能处理C10K问题的服务器之一.跟传统的服务器不同,Nginx不依赖线程来处理请求.相反,它使用了更多的可扩展的事件驱动(异步)架构.Ng

linux内核参数优化

from: http://apps.hi.baidu.com/share/detail/15652067 http://keyknight.blog.163.com/blog/static/3663784020104152407759/ http://blog.sina.com.cn/s/blog_6e2aeba30100uve3.html sysctl.conf 优化 The sysctl.conf of a server is something that is seldom optimiz

Linux sysctl.conf参数

Linux sysctl.conf优化常见问题 包括网络参数优化.文件数优化.内存优化等等. 1.网络参数优化: 这部分主要参照张宴大师 <Nginx 0.8.x + PHP 5.2.13(FastCGI)搭建胜过Apache十倍的Web服务器(第6版)[原创]>其中 五.优化Linux内核参数的内容: vi /etc/sysctl.conf #编辑sysctl.conf文件#在/etc/sysctl.conf中添加如下内容# 网络参数优化开始net.ipv4.tcp_max_syn_back

sysctl

to be add... ----------------------------------------------------------------------------------- 原来sysctl 这么强大,前辈文章地址 http://blog.csdn.net/21aspnet/article/details/6584792 Sysctl是一个允许您改变正在运行中的Linux系统的接口.它包含一些 TCP/IP 堆栈和虚拟内存系统的高级选项, 这可以让有经验的管理员提高引人注目的

设置Sysctl.conf用以提高Linux的性能(最完整的sysctl.conf优化方案)

Sysctl是一个允许您改变正在运行中的Linux系统的接口.它包含一些 TCP/IP 堆栈和虚拟内存系统的高级选项, 这可以让有经验的管理员提高引人注目的系统性能.用sysctl可以读取设置超过五百个系统变量.基于这点,sysctl(8) 提供两个功能:读取和修改系统设置. 查看所有可读变量: % sysctl -a 读一个指定的变量,例如 kern.maxproc: % sysctl kern.maxproc kern.maxproc: 1044 要设置一个指定的变量,直接用 variabl