ip Rule show 指令中的數字是什麼意思

tag-icon tag-icon networking ip iproute
ip Rule show 指令中的數字是什麼意思

如果我ip rule show在我的機器中輸入命令,我得到的輸出為,

0:  from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

數字有什麼作用0,3276632767意思是?

我確實理解這些是一些優先事項並且0具有特殊優先級,無法刪除。

另外,如果我添加一個新策略,它將以優先順序創建32765。我的理解正確嗎?

另外,我看到一些有關ip rule addfrom 的優先順序的信息這裡

實際上,由於歷史原因 ip Rule add 不需要優先值並允許它們不唯一。如果使用者沒有提供優先級,則由核心選擇。如果使用者建立的規則的優先權值已存在,則核心不會拒絕該請求。它將新規則新增到具有相同優先權的所有舊規則之前。這是設計上的錯誤,不再是了。而且有一天它會被修復,所以不要依賴這個功能。使用明確的優先權。

答案1

從手冊頁ip-rule:

在啟動時,核心配置預設的 RPDB,其中包含三個規則:

   1.  Priority: 0, Selector: match anything, Action: lookup routing 
       table local (ID 255).  The local table is a special routing table 
       containing high priority control routes for local and broadcast 
       addresses.

       Rule 0 is special. It cannot be deleted or overridden.

   2.  Priority: 32766, Selector: match anything, Action: lookup routing 
       table main (ID 254).  The main table is the normal routing table 
       containing all non-policy routes. This rule may be deleted and/or 
       overridden with other ones by the administrator.

   3.  Priority: 32767, Selector: match anything, Action: lookup routing 
       table default (ID 253).  The default table is empty.  It is 
       reserved for some post-processing if no previous default rules 
       selected the packet.  This rule may also be deleted.

  Each RPDB entry has additional attributes.  F.e. each rule has a pointer 
  to some routing table.  NAT and masquerading rules have an attribute to 
  select new IP address to translate/masquerade.  Besides that, rules have 
  some optional attributes, which routes have, namely realms.  These 
  values do not override those contained in the routing tables.  They are 
  only used if the route did not select any attributes.

因此,這些數字 0、32766 和 32767 是應用規則的優先順序。

筆記:上面提到的其他數字:255、254 和 253 對應於此文件中所述的路由表:

$ more /etc/iproute2/rt_tables 
#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
#1  inr.ruhep

然後可以在查詢路由表時使用上面的名稱,如下所示:

$ ip route show table local
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 172.17.0.0 dev docker0  proto kernel  scope link  src 172.17.42.1 
local 172.17.42.1 dev docker0  proto kernel  scope host  src 172.17.42.1 
broadcast 172.17.255.255 dev docker0  proto kernel  scope link  src 172.17.42.1 
broadcast 192.168.1.0 dev wlp1s0  proto kernel  scope link  src 192.168.1.80 
local 192.168.1.80 dev wlp1s0  proto kernel  scope host  src 192.168.1.80 
broadcast 192.168.1.255 dev wlp1s0  proto kernel  scope link  src 192.168.1.80

參考

相關內容