我在 2 台机器上创建了 ip xfrm 规则并尝试通过 ipsec 隧道传递流量。数据包进入另一端,加密后消失。
我通过 iptables 跟踪它们,这是跟踪。
2015-11-27T14:50:21.442638+04:30 cfae kernel: [70234.667488] TRACE: raw:PREROUTING:policy:2 IN=eth0 OUT= MAC=00:0c:29:b7:97:49:00:0c:29:42:5b:e1:08:00 SRC=172.24.1.178 DST=10.60.60.31 LEN=128 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=UDP SPT=4500 DPT=4500 LEN=108
2015-11-27T14:50:21.442665+04:30 cfae kernel: [70234.667513] TRACE: mangle:PREROUTING:rule:2 IN=eth0 OUT= MAC=00:0c:29:b7:97:49:00:0c:29:42:5b:e1:08:00 SRC=172.24.1.178 DST=10.60.60.31 LEN=128 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=UDP SPT=4500 DPT=4500 LEN=108
2015-11-27T14:50:21.442672+04:30 cfae kernel: [70234.667580] TRACE: mangle:INPUT:policy:1 IN=eth0 OUT= MAC=00:0c:29:b7:97:49:00:0c:29:42:5b:e1:08:00 SRC=172.24.1.178 DST=10.60.60.31 LEN=128 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=UDP SPT=4500 DPT=4500 LEN=108
2015-11-27T14:50:21.442674+04:30 cfae kernel: [70234.667589] TRACE: filter:INPUT:policy:1 …ipsec ×1