Portál AbcLinuxu, 5. května 2025 16:48

Dotaz: Aplikace nemuze resolvnout IP na tun0

14.7.2012 15:37 Jiri
Aplikace nemuze resolvnout IP na tun0
Přečteno: 254×
Odpovědět | Admin
Ahoj.

Neporadil by mi nekdo zpusob jakym zjistit proc aplikace (napr. ping) nemuze resolvnout IP u VPN interface tun0?

Pouzivam Citrix VPN. Na Fedore to vypada, ze vse funguje, takze bych rekl, ale u Debianu Wheezy je najaky problem. trace: 
7	10.009420000	192.168.0.1	10.40.1.101	DNS	67	Standard query 0x7836  A sydwjirik.local.net

9	10.211560000	10.40.1.101	192.168.0.1	DNS	83	Standard query response 0x7836  A 10.41.81.84

12	15.322985000	10.40.1.101	192.168.0.1	DNS	83	Standard query response 0x7836  A 10.41.81.84
Je videt, ze DNS response se vraci zpatky, ale nechapu, proc se to nepreda te aplikaci.

strace ping sydwjirik.local.net 
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.40.1.101")}, 16) = 0
poll([{fd=4, events=POLLOUT}], 1, 0)    = 1 ([{fd=4, revents=POLLOUT}])
sendto(4, "y\232\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 53, MSG_NOSIGNAL, NULL, 0) = 53
poll([{fd=4, events=POLLIN}], 1, 5000)  = 1 ([{fd=4, revents=POLLIN}])
ioctl(4, FIONREAD, [0])                 = 0
recvfrom(4, 0x7fffe0b35a40, 1024, 0, 0x7fffe0b34e40, 0x7fffe0b34e84) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=4, events=POLLIN}], 1, 4974)  = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 5
connect(5, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.40.1.102")}, 16) = 0
poll([{fd=5, events=POLLOUT}], 1, 0)    = 1 ([{fd=5, revents=POLLOUT}])
sendto(5, "y\232\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 53, MSG_NOSIGNAL, NULL, 0) = 53
poll([{fd=5, events=POLLIN}], 1, 3000)  = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.30.10")}, 16) = 0
poll([{fd=6, events=POLLOUT}], 1, 0)    = 1 ([{fd=6, revents=POLLOUT}])
sendto(6, "y\232\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 53, MSG_NOSIGNAL, NULL, 0) = 53
poll([{fd=6, events=POLLIN}], 1, 6000)  = 1 ([{fd=6, revents=POLLIN}])
ioctl(6, FIONREAD, [107])               = 0
recvfrom(6, "y\232\201\203\0\1\0\0\0\1\0\0\tsydwjirik\7local\3n"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.30.10")}, [16]) = 107
close(4)                                = 0
close(5)                                = 0
close(6)                                = 0
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.40.1.101")}, 16) = 0
poll([{fd=4, events=POLLOUT}], 1, 0)    = 1 ([{fd=4, revents=POLLOUT}])
sendto(4, "f&\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 53, MSG_NOSIGNAL, NULL, 0) = 53
poll([{fd=4, events=POLLIN}], 1, 5000)  = 1 ([{fd=4, revents=POLLIN}])
ioctl(4, FIONREAD, [0])                 = 0
recvfrom(4, 0x7fffe0b35a40, 1024, 0, 0x7fffe0b34e40, 0x7fffe0b34e84) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=4, events=POLLIN}], 1, 4975)  = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 5
connect(5, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.40.1.102")}, 16) = 0
poll([{fd=5, events=POLLOUT}], 1, 0)    = 1 ([{fd=5, revents=POLLOUT}])
sendto(5, "f&\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 53, MSG_NOSIGNAL, NULL, 0) = 53
poll([{fd=5, events=POLLIN}], 1, 3000)  = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.30.10")}, 16) = 0
poll([{fd=6, events=POLLOUT}], 1, 0)    = 1 ([{fd=6, revents=POLLOUT}])
sendto(6, "f&\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 53, MSG_NOSIGNAL, NULL, 0) = 53
poll([{fd=6, events=POLLIN}], 1, 6000)  = 1 ([{fd=6, revents=POLLIN}])
ioctl(6, FIONREAD, [117])               = 0
recvfrom(6, "f&\201\203\0\1\0\0\0\1\0\0\tsydwjirik\7local\3n"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.30.10")}, [16]) = 117
close(4)                                = 0
close(5)                                = 0
close(6)                                = 0
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.40.1.101")}, 16) = 0
poll([{fd=4, events=POLLOUT}], 1, 0)    = 1 ([{fd=4, revents=POLLOUT}])
sendto(4, "\226\326\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 52, MSG_NOSIGNAL, NULL, 0) = 52
poll([{fd=4, events=POLLIN}], 1, 5000)  = 1 ([{fd=4, revents=POLLIN}])
ioctl(4, FIONREAD, [0])                 = 0
recvfrom(4, 0x7fffe0b35a40, 1024, 0, 0x7fffe0b34e40, 0x7fffe0b34e84) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=4, events=POLLIN}], 1, 4745)  = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 5
connect(5, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.40.1.102")}, 16) = 0
poll([{fd=5, events=POLLOUT}], 1, 0)    = 1 ([{fd=5, revents=POLLOUT}])
sendto(5, "\226\326\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 52, MSG_NOSIGNAL, NULL, 0) = 52
poll([{fd=5, events=POLLIN}], 1, 3000)  = 0 (Timeout)
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 6
connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.30.10")}, 16) = 0
poll([{fd=6, events=POLLOUT}], 1, 0)    = 1 ([{fd=6, revents=POLLOUT}])
sendto(6, "\226\326\1\0\0\1\0\0\0\0\0\0\tsydwjirik\7local\3n"..., 52, MSG_NOSIGNAL, NULL, 0) = 52
poll([{fd=6, events=POLLIN}], 1, 6000)  = 1 ([{fd=6, revents=POLLIN}])
ioctl(6, FIONREAD, [117])               = 0
recvfrom(6, "\226\326\205\203\0\1\0\0\0\1\0\0\tsydwjirik\7local\3n"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.30.10")}, [16]) = 117
close(4)                                = 0
close(5)                                = 0
close(6)                                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=89660, ...}) = 0
mmap(NULL, 89660, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f9e258d2000
close(4)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libnss_mdns4.so.2", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\v\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=10880, ...}) = 0
mmap(NULL, 2106096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f9e24917000
mprotect(0x7f9e24919000, 2097152, PROT_NONE) = 0
mmap(0x7f9e24b19000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0x7f9e24b19000
close(4)                                = 0
munmap(0x7f9e258d2000, 89660)           = 0
open("/etc/mdns.allow", O_RDONLY)       = -1 ENOENT (No such file or directory)
write(2, "ping: unknown host sydwjirik.loc"..., 41ping: unknown host sydwjirik.local.net
) = 41
exit_group(2)                           = ?
Diky za rady.

Nástroje: Začni sledovat (0) ?Zašle upozornění na váš email při vložení nového komentáře.

Odpovědi

15.7.2012 10:25 NN
Rozbalit Rozbalit vše Re: Aplikace nemuze resolvnout IP na tun0
Odpovědět | | Sbalit | Link | Blokovat | Admin
tcpdump by nepomohl ?

NN
16.7.2012 17:00 Jiri
Rozbalit Rozbalit vše Re: Aplikace nemuze resolvnout IP na tun0
Ahoj,

Jak jsem zminil vyse, DNS response se vraci na tun0 s IP, ale ta aplikace tu IP nedostane. Nevim z jakeho duvodu. Neco to musi blokovat mezi tou aplikaci a tun0.

Problem v siti nevidim, protoze packety normalne chodi. Musi to byt neco uvnitr systemu.
16.7.2012 19:48 Michal Kubeček | skóre: 72 | Luštěnice
Rozbalit Rozbalit vše Re: Aplikace nemuze resolvnout IP na tun0
Odpovědět | | Sbalit | Link | Blokovat | Admin

Tohle vypadá na nějaký hlubší problém: funkce poll() signalizuje, že je možné ze socketu číst data, ale už následný FIONREAD ioctl() hlásí, že je k dispozici 0 bytů, a podobně i recvfrom() skončí chybou (žádná data k dispozici). Následně pak opakovaný poll() po (necelých) pěti sekundách vytimeoutuje. Celé to na mne působí, jako kdyby tam byl ještě někdo jiný, kdo ta data přečte, takže resolver už je nedostane.

Běží na tom stroji nscd? Pokud ano, pomůže, když se vypne?

Založit nové vláknoNahoru

Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.