Hi Steffen, Thank's for the tip.
>You can check if my assumption is valid with the following command:
>tail /proc/sys/net/ipv4/conf/*/rp_filter
>If it contains 1 for strict rp_filter on all eth{0,1,2} with SLES11SP1
>but not with SLES10 then that may be the difference.
I did try that, it says 1 for /conf/all/rp_filter
and 0 for eth0, eth1 and eth2
for both SLES10 and SLES11.
>Do you really need multiple interfaces in the same subnet?
No I need three IPaddresses, so now I have three IP:s on eth0 instead.
And as you say, it's somewhere in the IP-config that causes this, and it
obviously differs between SLES10 and SLES11.
But now I'm happy with three IP:s on same eth0 :)
___________________________________________
Tore Agblad
Volvo Information Technology
Infrastructure Mainframe Design & Development, Linux servers
Dept 4352 DA1S
SE-405 08, Gothenburg Sweden
Telephone: +46-31-3233569
E-mail: [email protected]
http://www.volvo.com/volvoit/global/en-gb/
-----Original Message-----
From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Steffen
Maier
Sent: den 15 juli 2010 13:16
To: [email protected]
Subject: Re: Strange problems adding network adapter no 2 (eth1) in SLES11 SP1
On 07/15/2010 11:39 AM, Agblad Tore wrote:
> Ok, I have tried that now, had to be sure how to turn of
> firewall first via VM console in case of no net at all.
>
> No change, but now I get messages in the log (messages file)
> with 'kernel: martian source <my login ip not working> from <my PC ip
> address>, on dev eth0' (or 1)
>
> martian source means a source IP that is not possible together with other
> ipconfig
> ( I have done some googling here ), so the kernel just refuse it.
>
> But I don't get the reason here, it is not an 'impossible' source IP here.
Since you have multiple interfaces on the same subnet, things may be a
bit complicated.
The kernel message you get is from ip_handle_martian_source
[http://lxr.linux.no/#linux+v2.6.32/net/ipv4/route.c#L1915].
In your case I suspect it to be called by __mkroute_input
[http://lxr.linux.no/#linux+v2.6.32/net/ipv4/route.c#L1945]
after having checked the source IP address with fib_validate_source
[http://lxr.linux.no/#linux+v2.6.32/net/ipv4/fib_frontend.c#L223].
The latter does a reverse path filtering check among other things.
Having multiple interface on the same subnet, with strict reverse
path filtering, only packets are allowed that have:
destination IP of packet == source IP of route table lookup with
source IP of packet as destination IP key for table lookup.
Depending on which of your eth{0,1,2} ends up having the first
routing table entry for the subnet, only traffic sent to this IP is
allowed but all other traffic from the same subnet ends up giving you
the above kernel message and the packets are dropped.
You can check if my assumption is valid with the following command:
tail /proc/sys/net/ipv4/conf/*/rp_filter
If it contains 1 for strict rp_filter on all eth{0,1,2} with SLES11SP1
but not with SLES10 then that may be the difference.
Do you really need multiple interfaces in the same subnet?
If so, you may configure loose rp_filter by writing "2" into the above
sysctl files (persistent config may be done with /etc/sysctl.conf)
[http://lxr.linux.no/#linux+v2.6.32/Documentation/networking/ip-sysctl.txt#L726].
Steffen
Linux on System z Development
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
