I have a Linux machine with kernel 3.2.0-23-generic and it has rule with priority 220 in RPDB which points to routing table named "220":
T42:~# ip rule show
0: from all lookup local
220: from all lookup 220
220: from all lookup 220
32766: from all lookup main
32767: from all lookup default
T42:~# ip route show table 220
T42:~#
Is it possible to see Where did this rule come from? What is the point of empty routing table? Last but not least, how can there be multiple rules with same priority?
Best Answer
Not in the sense "where can I look up the source of this rule". There are several ways to investigate the issue: the most evident is to
grep
all startup scripts on your system to see which usesip rule
at all, and then start reading them. Or you could start your system in single-user mode, and start services one-by-one, from command-line, usingstrace
. Or you might start your system withbash
as init (kernel command line:init=/bin/bash
), and then you can exec the real/sbin/init
withstrace
. These are rather advanced ways to trace the startup activities, it may not be trivial to know which scripts to run...There is no way to know where the specific rule came from if it was an administrator or a hacker entering it manually, and not a script present on the system.
Nothing - until someone starts populating that table. This could be a daemon, initially entering the rule for its own table, and then dynamically changing the contents of its own routing table.
IPROUTE2 Utility Suite Howto