What are the reasons for UDP packets to be dropped

2019-06-06 12:22发布

问题:

I see UDP packets arriving on my Linux box (via tcpdump) with destination port set to 25555. However:

nc -l -u 25555

shows no traffic.

I've already checked:

  1. iptables is off
  2. destination MAC address matches the incoming interface
  3. destination IP address matches the incoming interface
  4. IP checksum is OK
  5. UDP checksum is OK

Also, all the packets are being dropped, thus it's not a problem with overlowing rx buffers.

Any ideas what else may cause the pakcets to be dropped?

回答1:

You have another process on your machine which is reading the datagrams arriving on port 25555. We can see it from your /proc/net/udp:

sl   local_address rem_address   st tx_queue rx_queue tr rexmits  tm->when uid timeout inode ref pointer   drops
104: 00000000:63D3 00000000:0000 07 00000000:00000000 00:00000000 00000000 0   0       1779298 2 fff810266fe0c 0

So the process which is "stealing" the datagrams you want is owned by root (uid=0). And the inode of the socket is 1779298, which you can search for under /proc/PID/fd for the PIDs owned by root. Once you figure out what process is listening there, you'll need to decide whether to terminate it so nc can listen instead.

Unicast UDP datagrams will only end up going to a single process on a Linux system, even if there are multiple processes trying to read from that same address.



回答2:

In the end it turned out that the packets were dropped by RPF filtering. See net.ipv4.all.rp_filter setting in Linux.