Samveen's questions

我正在尝试让树莓派 Pi3 通过 将进入wlan0更上游的流量转发到上游eth0，但由于某种我看不到的原因它失败了。希望其他人可以发现问题。

Pi3 状态：

# Interfaces
samveen@pi3:~$ ip -o -4 a
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: eth0    inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0\       valid_lft forever preferred_lft forever
3: wlan0    inet 192.168.0.124/24 brd 192.168.0.255 scope global dynamic wlan0\       valid_lft 166572sec preferred_lft 166572sec

# Routes
samveen@pi3:~$ ip r
default via 10.0.0.5 dev eth0 proto static 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1 
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.124 
192.168.0.1 dev wlan0 proto dhcp scope link src 192.168.0.124 metric 600 

# iptables rules
samveen@pi3:~$ cat routing.sh 
#!/bin/bash -x
# Setup forwarding (with NAT) from wlan0 towards eth0
# https://raspberrypi.stackexchange.com/a/50073/124471
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT  
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT  

# Internet test
samveen@pi3:~$ curl --silent -I network-test.debian.org |egrep  '^H|X-Cl'
HTTP/1.1 200 OK
X-Clacks-Overhead: GNU Terry Pratchett

# add iptables tracing
samveen@pi3:~$ sudo iptables -t raw -A PREROUTING -p tcp --source 192.168.0.0/24 --dport 80 -j TRACE
samveen@pi3:~$ sudo iptables -t raw -A OUTPUT -p tcp --source 192.168.0.0/24 --dport 80 -j TRACE

为了检查出了什么问题，我wget -4 -O - http://google.com在下游主机 ( 192.168.0.1) 上运行以尝试跟踪数据包。

• tcpdump问题主机上的传入数据包（未转发）：

# tcpdump of incoming packets
samveen@pi3:~$ sudo tcpdump -nvvvi wlan0 tcp and src host 192.168.0.1 and dst port 80
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:44:12.492367 IP (tos 0x0, ttl 64, id 49906, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.0.1.53814 > 216.58.200.206.80: Flags [S], cksum 0x86c5 (correct), seq 925105116, win 29200, options [mss 1460,sackOK,TS val 1182572917 ecr 0,nop,wscale 6], length 0
15:44:13.536363 IP (tos 0x0, ttl 64, id 49907, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.0.1.53814 > 216.58.200.206.80: Flags [S], cksum 0x82b7 (correct), seq 925105116, win 29200, options [mss 1460,sackOK,TS val 1182573955 ecr 0,nop,wscale 6], length 0
15:44:15.615949 IP (tos 0x0, ttl 64, id 49908, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.0.1.53814 > 216.58.200.206.80: Flags [S], cksum 0x7a97 (correct), seq 925105116, win 29200, options [mss 1460,sackOK,TS val 1182576035 ecr 0,nop,wscale 6], length 0
15:44:19.697021 IP (tos 0x0, ttl 64, id 49909, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.0.1.53814 > 216.58.200.206.80: Flags [S], cksum 0x6aa7 (correct), seq 925105116, win 29200, options [mss 1460,sackOK,TS val 1182580115 ecr 0,nop,wscale 6], length 0
15:44:27.935601 IP (tos 0x0, ttl 64, id 49910, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.0.1.53814 > 216.58.200.206.80: Flags [S], cksum 0x4a77 (correct), seq 925105116, win 29200, options [mss 1460,sackOK,TS val 1182588355 ecr 0,nop,wscale 6], length 0
^C
5 packets captured
5 packets received by filter
0 packets dropped by kernel

• 同时tcpdump在问题主机的输出接口上没有给我任何数据包（我希望在这里看到传出的数据包）

samveen@pi3:~$ sudo tcpdump -nvvvi eth0 tcp and  dst port 80
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel

• 来自 dmesg 的跟踪日志：

[468794.617195] device eth0 entered promiscuous mode
[468798.441177] device wlan0 entered promiscuous mode
[468890.193285] TRACE: raw:PREROUTING:policy:2 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49906 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CA1750000000001030306) 
[468890.193395] TRACE: nat:PREROUTING:policy:1 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49906 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CA1750000000001030306) 
[468891.237300] TRACE: raw:PREROUTING:policy:2 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49907 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CA5830000000001030306) 
[468891.237413] TRACE: nat:PREROUTING:policy:1 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49907 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CA5830000000001030306) 
[468893.316857] TRACE: raw:PREROUTING:policy:2 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49908 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CADA30000000001030306) 
[468893.316958] TRACE: nat:PREROUTING:policy:1 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49908 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CADA30000000001030306) 
[468897.397941] TRACE: raw:PREROUTING:policy:2 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49909 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CBD930000000001030306) 
[468897.398056] TRACE: nat:PREROUTING:policy:1 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49909 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CBD930000000001030306) 
[468905.636557] TRACE: raw:PREROUTING:policy:2 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49910 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CDDC30000000001030306) 
[468905.636659] TRACE: nat:PREROUTING:policy:1 IN=wlan0 OUT= MAC=b8:27:eb:2b:84:0c:b8:27:eb:5d:a5:46:08:00 SRC=192.168.0.1 DST=216.58.200.206 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49910 DF PROTO=TCP SPT=53814 DPT=80 SEQ=925105116 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A467CDDC30000000001030306) 
[468939.580532] device eth0 left promiscuous mode
[468941.338008] device wlan0 left promiscuous mode

在跟踪中，我希望看到一些日志行，FORWARD但OUT=eth0我什么也没看到。我在这里做错了什么？

我创建了一个新的 md RAID10（在 Synology DS416slim 上，除此之外），它处于初始同步过程中：

root@ds416slim:~# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4]
md2 : active raid10 sdd3[3] sdc3[2] sdb3[1] sda3[0]
      1943881088 blocks super 1.2 64K chunks 2 near-copies [4/4] [UUUU]
      [===>.................]  resync = 19.8% (386172736/1943881088) finish=2613.6min speed=9932K/sec

md1 : active raid1 sdc2[1] sdb2[2] sda2[0] sdd2[3]
      2097088 blocks [4/4] [UUUU]

md0 : active raid1 sdc1[1] sdb1[2] sda1[0] sdd1[3]
      2490176 blocks [4/4] [UUUU]

unused devices: <none>

注意到它的同步速度真的很糟糕（它应该比 10M 更接近 100M），我决定pause使用同步echo idle > /sys/block/md2/md/sync_action

在测试之后（其中hdparm显示/dev/sdd性能很糟糕），我尝试使用echo resync > /sys/block/md2/md/sync_action. 但是同步没有恢复并保持空闲状态：

root@ds416slim:~# echo resync > /sys/block/md2/md/sync_action
root@ds416slim:~# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4]
md2 : active raid10 sdd3[3] sdc3[2] sdb3[1] sda3[0]
      1943881088 blocks super 1.2 64K chunks 2 near-copies [4/4] [UUUU]

md1 : active raid1 sdc2[1] sdb2[2] sda2[0] sdd2[3]
      2097088 blocks [4/4] [UUUU]

md0 : active raid1 sdc1[1] sdb1[2] sda1[0] sdd1[3]
      2490176 blocks [4/4] [UUUU]

unused devices: <none>
root@ds416slim:~# cat  /sys/block/md2/md/sync_action
idle

我检查了有关如何恢复同步的可能选项，因为sysfskernel.org 上的 MD 文档部分中给出的选项提供了一个没有resume选项的列表。阅读列出的选项似乎都意味着resync正确的操作，但它并没有恢复如上所示的初始同步。

我的问题是：

• 这会影响突袭吗？如何影响？
• 如何恢复初始同步？
• 忽略整个事情并开始使用突袭是否安全？

作为项目的一部分，我需要从非常方便的Remi Yum repo(Source RPMS)重建源 RPM 。

寻找某种方法来有效地获取这些包并不是一个非常成功的冒险（常见的关键字会导致非常污染的结果Google）。reposync可以这样做，但只能作为克隆 repo 的 RPM 部分的附加组件。我需要的是只为来源做这件事的东西。

有什么可以有效地做到这一点吗？

注意：已应用低效解决方案：

extractXPathAttr.pl 'http://rpms.famillecollet.com/SRPMS/'  '//tr/td[2]/a[1]' 'href'  |\
    grep src.rpm |\
    xargs -I{} wget 'http://rpms.famillecollet.com/SRPMS/{}'

（从给定的 URL 中提取由 XPath 指定的元素的必需属性。一旦它被清理和记录，extractXPathAttr.pl我会将它放在github上。）