Basically I am trying to create a custom TCP Stack. As you might know I cant use eth0 because linux kernel TCP stack uses that, Due to that I need to create a tun/tap interface and use it for my Custom TCP Stack. /etc/network/interfaces: auto lo iface lo inet loopback allow-hotplug eth0 auto eth0 iface eth0 inet static address 192.168.1.152 netmask 255.255.255.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-server 192.168.1.1 allow-hotplug tap0 auto tap0 iface tap0 inet manual pre-up ip tuntap add tap0 mode tap user root pre-up ip addr add 192.168.1.153/24 dev tap0 up ip link set dev tap0 up post-up ip route del 192.168.1.0/24 dev tap0 post-up ip route add 192.168.1.152/32 dev tap0 post-down ip link del dev tap0 ifconfig inet addr:192.168.1.152 bcast:192.168.1.255 netmask 255.255.255.0 lo: inet addr:127.0.0.1 mask 255.0.0.0 tap0: inet addr: 192.168.1.153 bcast:0.0.0.0 mask 255.255.255.0 with following config I can reach wan/lan using eth0 but I cant reach not even my gateway with tap0. I would really appreciate if you could tell me what mistake am I making here?

I have an OpenVPN client connected to an OpenVPN server. The server has the following routes: default via 10.109.185.65 dev eth0 proto dhcp src 10.109.185.84 metric 100 10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 10.109.185.64/27 dev eth0 proto kernel scope link src 10.109.185.84 10.109.185.65 dev eth0 proto dhcp scope link src 10.109.185.84 metric 100 The client has the following address on the tun0 virtual interface created by OpenVPN: 11: tun0: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.8.0.3/24 brd 10.8.0.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::3c55:91d1:e8cf:7c55/64 scope link flags 800 valid_lft forever preferred_lft forever From the server, I can ping the client by doing ping 10.8.0.3 and it works fine. Then I added a second IP address to tun0 on the client by doing ip addr add 10.100.1.2/24 dev tun0. It shows up on the tun0 interface as: inet 10.100.1.2/24 scope global tun0 valid_lft forever preferred_lft forever On the server, I added a route for that subnet by doing ip route add 10.100.1.0/24 dev tun0. It shows up in the route list as: 10.100.1.0/24 dev tun0 scope link But trying a ping 10.100.1.2 on the server failed. Then I noticed that both the server and client had the following iptables FORWARD rule: ACCEPT all -- 10.8.0.0/24 anywhere So I added another FORWARD rule for the 10.100.1.0 subnet by doing iptables -A FORWARD -s 10.100.1.0/24 on both the server and client. But trying a ping 10.100.1.2 on the server still fails. Is there anything else I need to do in order to be able to ping 10.100.1.2 from the server?

Everything on my system (that needs it) supports UTF-8 just fine.
That's all nice when you want output... But what if you want easy **in**put ? At the moment the only non-ASCII chars I can easily type are chars like é by using AtlGr.
But for chars like ₂ ² ≈ √ π 😀 at the moment I have to: 1. Open a browser 2. Surf to https://www.utf8icons.com or a similar site 3. Click, type and search a lot on the site to get to a page that contains the symbol i want 4. Copy it 5. Paste it in the program where I need it 6. (Optionally) close the browser What I'm looking for is a program that can do something like this: - Run in the background in a modern desktop environment (in my case Cinnamon) - Jump to the foreground to show a whole list of reasonably popular UTF-8 symbols after pressing something like F1 - Let me click a symbol after which it will be sent to the program I was last using as if it was a keypress - Give me the option to configure it to either stay visible after this "fake keypress" or jump back to background In short: Are there virtual keyboard programs with support for non-ASCII UTF-8 ? Actually... I am already happy with *any* method that improves mine. **Edit:** *For others ending up here and don't want to read all the answers themselves (or add a answer that's already given):
These are the options already mentioned + links to the answers + pro's and contra's.
Feel free to add extra solutions below (after providing them as detailed answer)*: - ibus (usually with CtrlShiftE) → Can't get it to work on Cinnamon - onboard → *pro*: Seems to do everything I need + has support for snippets, *con*: Only (by default) included non-latin layout is for math, other layouts with popular UTF-8 chars have to be created manually - gucharmap → *pro:* Lots of chars and easy to search *con:* Doesn't easily jump between foreground/background (can probably be handled with a workaround in Cinnamon itself) - kcharselect→ Same pro/con as gucharmap - Solutions from the programs themselves (e.g. Ctrl. for a couple of them) → *pro*: Ideal for that exact program *con*: Most programs, including the ones where it's needed the most, don't have one + it's not uniform - https://www.unicodeit.net/ → *pro*: Good for long math formula's. *con*: Same problem as the one I originally stated + useless for non-math symbols - Keyboard with extra symbols → *pro*: Easy *con*: Small amount of chars + extra keyboard needed for each system - Shortcuts for the most used chars with xcompose → *pro*: Easy *con*: Depending on your memory (as human, not as computer) it only works for a limited amount of chars - HTML entities to compose - *pro/con*: Too much of each, see answer - Use CtrlShiftU, Hexcode,Space : *pro/con*: Same as above

I have a virtual machine with one NIC and one network interface accordingly. I created TAP virtual interface to test my local app and setted IP to it:

dtap0: flags=4419  mtu 1500
        inet 10.49.243.168  netmask 255.255.255.0  broadcast 0.0.0.0
        ether d2:28:8d:59:9e:68  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens192: flags=4163  mtu 1500
        inet 10.49.243.167  netmask 255.255.254.0  broadcast 10.49.243.255
        ether 00:50:56:b3:f5:a1  txqueuelen 1000  (Ethernet)
        RX packets 60405  bytes 4427551 (4.2 MiB)
        RX errors 0  dropped 94  overruns 0  frame 0
        TX packets 13460  bytes 8583604 (8.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2597  bytes 4149581 (3.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2597  bytes 4149581 (3.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I want to ping dtap0 locally from my real interface ens192. If I try to ping *10.49.243.168* but RX packets on dtap0 doesn't increase. How to set up the interface correctly so that I can send ping to it locally?

I have two different modems from the same vendor: Quectel EC25 and Quectel RM500Q. The problem arises when the PC box where they are plugged starts. Sometimes the Quectel EC25 takes the wwan0 which implies taking the ttyUSB0/1/2/3 and the QuectelRM500Q the wwan1 which implies taking the ttyUSB4/5/6/7 and other times it is just the opposite: QuectelEC25 with wwan1 and ttyUSB4/5/6/7 and QuectelRM500Q with wwan0 and ttyUSB0/1/2/3. Being the starting different it is not possible to configure each modem due to one modem has a SIM from one network operator and th e other one another. I tried to match the wireless interface and the modem with a rule of udev (/etc/udev/rules.d/70-persistent-net.rules): SUBSYSTEM=="net", ACTION=="add", ATTRS{idVendor}=="2c7c", ATTRS{idProduct}=="0800", NAME="wwan0" SUBSYSTEM=="net", ACTION=="add", ATTRS{idVendor}=="2c7c", ATTRS{idProduct}=="0125", NAME="wwan1" But it didn't work.

**Background** I want to understand the relationships between docker container networks and iptables, and generally understand how packets flow from the eth0 interface (in a container), through the default bridge docker0 interface, and to the network interface on the host computer. At the moment, I am having trouble understanding the filter iptables rules and chains for default docker container networks. Without running any containers, the command sudo iptables -t filter -L -v -n shows

$ sudo iptables -t filter -L -v -n
Chain INPUT (policy ACCEPT 108K packets, 12M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 183K  304M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 183K  304M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 107K  301M ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
76705 3634K ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 98618 packets, 14M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
76705 3634K DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
 183K  304M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
76705 3634K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 183K  304M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

According to the [docs](https://docs.docker.com/network/iptables/) , Docker adds two custom iptables chains named DOCKER-USER and DOCKER, and it ensures that incoming packets are always checked by these two chains first. But it never mentions DOCKER-ISOLATION-STAGE-1. I am having trouble understanding the packet flow through these defined chains and rules. This is my understanding so far. 1. In Chain FORWARD, the first rule states that all traffic from any source and destination is sent to the DOCKER-USER chain. 2. In the DOCKER-USER chain, there is only one rule that all traffic from any source to any destination has a target RETURN, returning to the FORWARD chain. 3. Then, the second rule in Chain FORWARD states that all traffic from any source and destination is sent to the DOCKER-ISOLATION-STAGE-1 chain. 4. The DOCKER-ISOLATION-STAGE-1 chain has two rules. 1. Rule 1: All traffic from the docker0 interface to any interface except itself (!docker0) is sent to the DOCKER-ISOLATION-STAGE-2 chain. 2. Rule 2: All other traffic is returned to its originating chain (e.g., FORWARD or INPUT). 5. The DOCKER-ISOLATION-STAGE-2 chain also has two rules. 1. Rule 1: All traffic from any interface to the docker0 interface is dropped. 2. Rule 2: All other traffic is returned to its originating chain. **Question** I am having trouble understanding the first rule of chain DOCKER-ISOLATION-STAGE-1. What does it mean when we say "All traffic from the docker0 interface to any interface except itself (!docker0) is sent to the DOCKER-ISOLATION-STAGE-2 chain"? More precisely, I would like to know, 1. What exactly does it mean by "docker0 interface"? 2. What kind of packet flow scenario would it end up dropping a packet due to the first rule in DOCKER-ISOLATION-STAGE-2? **Follow Up** Based on my understanding of the iptables the rules of DOCKER-ISOLATION-STAGE-1 and DOCKER-ISOLATION-STAGE-2, matches and therefore drops any outgoing traffic from a Docker container on the docker0 network that is not intended for another container on the same network. This includes traffic destined for other interfaces on the Docker host or external networks. Is my understanding of docker container networks and ip tables correct? P.S However, after running two docker containers with open ports at 3000, 3001, the DOCKER chain has changed

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !docker0 docker0  0.0.0.0/0            172.17.0.2           tcp dpt:3000
    0     0 ACCEPT     tcp  --  !docker0 docker0  0.0.0.0/0            172.17.0.3           tcp dpt:3001

Both containers can ping eachother as well as the host. **Edit** Perhaps nat iptable will also help

sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 2 packets, 168 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    5   340 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 47 packets, 3607 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 49 packets, 3775 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  110  6860 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:3000
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.3           172.17.0.3           tcp dpt:3001

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    84 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3000 to:172.17.0.2:3000
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3001 to:172.17.0.3:3001

Open-Vswitch creates virtual interfaces, they all have this pattern: s[digit]-eth[digit] For example: s1-eth1, s1-eth2, s12-eth3, s2-eth3 ... I want to show information of *-for example-* all interfaces starting with s1 (in our example, it must give s1-eth1 and s1-eth2). I tried this command, but it shows only the first line of information: --------------------------------------- I am more interested about information like RX packets, TX packets, erros, HWaddr.. like this:

I'd like to do some experiments to test the ping and fping commands (see: https://unix.stackexchange.com/questions/678045/equivalent-of-ping-o-on-linux) , but I need a local virtual Ethernet interface to test this. I'd like to have a scenario where I can run ping 10.0.0.1 (or any other IP) and have it fail. Then, while ping is still running, I run some commands that bring up the interface and have it pass. In other words, the output of ping will change _while it is running_, as the virtual device comes "alive". I don't want to have to use physical hardware. How can I do this? I've already tried following my own instructions here (https://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad/593142#593142) , but unfortunately even after running sudo ip link set eth10 down, pinging eth10 via ping 10.0.0.1 still succeeds. After running sudo ip link delete eth10 type dummy to delete the dummy virtual device, ping 10.0.0.1 also still succeeds. --- ## Summary of functional answers so far: (as of 22 Nov. 2021) 3 answers received (my own included), and **all 3 answers work**!: 1. [by Stephen Harris](https://unix.stackexchange.com/a/678208/114401) - use loopback sub-interfaces (probably the best answer so far) 1. [by Hauke Laging](https://unix.stackexchange.com/a/678181/114401) - use iptables 1. [my own answer](https://unix.stackexchange.com/a/678180/114401) - use virtual interfaces

If I have a VM (using VirtualBox, for instance) running inside my main OS; how can I identify the virtual interface and IP address (of the VM) from within the original (host) OS? I thought I could just use ifconfig, ip a, or similar; but no information related to the connected VM is displayed. Although it shows the main (host) OS has been assigned 192.168.1.104 via wlan0. However, if I run one of those commands from inside the VM, I can confirm that it's currently active @ 10.0.2.15 via eth0.

I see this problem on my laptop: when I docker run a Docker container, then after a few seconds my WiFi internet stops working. I don't have an Ethernet connection to test that side of things. I don't know how to troubleshoot this, I see I have 2 network interfaces relevant to this issue: - the wifi interface wlp2s0 - the docker interface docker0 As soon as the network I/O starts on the network interface docker0, then it stops on the network interface wlp2s0. I can check this with a web browser because when a Docker container is running, then I am not able to reach any web page via the browser. I see this networking configuration in Docker:

docker network list
NETWORK ID     NAME      DRIVER    SCOPE
5d408693425d   bridge    bridge    local
2eba59b04a5f   host      host      local
f22b30d7782a   none      null      local

When using ifconfig I see this:

docker0: flags=4099  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:e5ff:fe8a:b85c  prefixlen 64  scopeid 0x20
        ether 02:42:e5:8a:b8:5c  txqueuelen 0  (Ethernet)
        RX packets 9034  bytes 1228570 (1.2 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9945  bytes 94278580 (94.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

...

wlp2s0: flags=-28605  mtu 1500
        inet 192.168.1.54  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2001:b07:6477:ebfa:e46f:631e:206c:8a9e  prefixlen 64  scopeid 0x0
        ether 04:d3:b0:ee:2f:b9  txqueuelen 1000  (Ethernet)
        RX packets 3771571  bytes 3664198427 (3.6 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2460874  bytes 1439515295 (1.4 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I don't need to do sudo ifconfig wlp2s0 up or anything after I stop the running docker containers. Internet just starts working again. In /etc/docker I only see a file named key.json which doesn't look like it's related to networking settings (like e.g. /etc/docker/daemon.json for DNS entries, which is not there). In this file ~/.docker/config.json I only see some authorizations to some private Docker registry, nothing related to networking. There are some other tocken related files which I believe are not relevant:

$ ls -a ~/.docker/
.  ..  .buildNodeID  config.json  .token_seed  .token_seed.lock

If I restart NetworkManager with sudo systemctl restart network-manager.service after running the docker container, then I still cannot reach the internet with either my browser or e.g. ping 8.8.8.8 (but ping localhost keeps working regardless the fact that I am running or not a Docker container). I've also tried to change the NetworkManager configuration (see here ) at /etc/NetworkManager/NetworkManager.conf by adding:

[keyfile]
unmanaged-devices=interface-name:docker0

Then restarting the service with sudo systemctl restart network-manager.service. But the effect is the same: after a few seconds from when the Docker container starts, then the internet is not on reach via WiFi. However this might be related to a bug or mis-configuration with Network Manager because when I check the logs of the service with service network-manager status then I see this:

May 05 08:49:05 my-host NetworkManager:   [1620200945.9900] dhcp6 (wlp2s0): option dhcp6_name_servers   => '2001:b07:6477:ebfa:aa2b>
May 05 08:49:05 my-host NetworkManager:   [1620200945.9900] dhcp6 (wlp2s0): state changed unknown -> bound
May 05 08:49:06 my-host NetworkManager:   [1620200946.2184] manager: startup complete
May 05 08:53:43 my-host NetworkManager:   [1620201223.6347] manager: (veth90dd212): new Veth device (/org/freedesktop/NetworkManage>
May 05 08:53:43 my-host NetworkManager:   [1620201223.6358] manager: (veth9cfce50): new Veth device (/org/freedesktop/NetworkManage>
May 05 08:53:43 my-host NetworkManager:   [1620201223.6374] device (veth90dd212): carrier: link connected
May 05 08:53:43 my-host NetworkManager:   [1620201223.6389] device (veth9cfce50): carrier: link connected
May 05 08:53:43 my-host NetworkManager:   [1620201223.6394] device (docker0): carrier: link connected
May 05 08:55:29 my-host NetworkManager:   [1620201329.0433] manager: (veth90dd212): new Veth device (/org/freedesktop/NetworkManage>
May 05 08:55:29 my-host NetworkManager:   [1620201329.0777] device (veth9cfce50): released from master device docker0

1. until 08:53 all good: the WiFi works and no Docker containers run 2. at 08:53:43 I start a Docker container and Network Manager links to both docker0 and some other transient network interfaces that appear because I run a new Docker container. **The internet is not on reach**. 3. at 08:55:29 I stop the Docker container, then Network Manager releases resources from docker0. **The internet is back to normal: I can see web pages again**. This issue happens to me with a variety of Linux Ubuntu/Debian versions and Docker versions, anyway my current setup is: Ubuntu:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.2 LTS
Release:        20.04
Codename:       focal

Docker:

$ docker --version
Docker version 20.10.6, build 370c289

Network Manager:

$ /usr/sbin/NetworkManager --version
1.22.10
$ nmcli --version
nmcli tool, version 1.22.10

I read this page a few times https://docs.docker.com/network/bridge/ and I think my Docker Bridge is working, because when I run these Docker containers on my laptop they are able to reach the Internet. However that documentation on the Docker website is a bit dry and I am not sure how to deeply troubleshoot these networking issues. - What's wrong with the docker configuration? - Is there any mis-configuration with Network Manager? - What do I have to do to make the 2 network interfaces to work together simultaneously? **EDIT**: Before running Docker containers:

$ ip route get 1.1.1.1
1.1.1.1 via 192.168.1.254 dev wlp2s0 src 192.168.1.54 uid 1000 
    cache

After running the Docker container:

$ ip route get 1.1.1.1
1.1.1.1 dev vethf6c1790 src 169.254.198.92 uid 1000 
    cache
$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 169.254.198.92 icmp_seq=1 Destination Host Unreachable
^C

That vethf6c1790 always appears as a new network interface when I run a new Docker container.

As we know, We can create virtual wireless interface using iw dev (1) . Also, We can change it's MAC address using ifconfig hw ether . Then We can Set two different access points (SSIDs) to each of these inetrfaces using Network Manager. For example: (Real) wlan0: 00:16:b6:ab:cd:e7 -> AP(1) (Virtual) wlan1: 00:16:b6:ab:cd:e8 -> AP(2) But whenever wlan0 is connected to AP(1), And I try to connect to AP(2), First the wlan0 disconnects and then wlan1 connects to it's own AP. I need to connect both of them simultaneously. Is it possible? How? Edit: My specific card is a Lisco/Linksys RTL8191SEvB. I run Linux 4.4.38.

I'm having trouble connecting a vm to the IPv6 internet through a virtual tap device on the host. I.e., I cannot ping ipv6.google.com or the public IPv6 host global primary interface address. Ex: -bash-4.2$ ping6 ipv6.google.com PING ipv6.google.com(sea15s11-in-x0e.1e100.net) 56 data bytes From 2600:1f14:680:xxxx:66a3:79d5:6c1d:14c icmp_seq=1 Destination unreachable: Address unreachable From 2600:1f14:680:xxxx:66a3:79d5:6c1d:14c icmp_seq=2 Destination unreachable: Address unreachable From 2600:1f14:680:xxxx:66a3:79d5:6c1d:14c icmp_seq=3 Destination unreachable: Address unreachable ^C --- ipv6.google.com ping statistics --- 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3082ms or to the host's global ipv6 address, I get the same error. Simple topology: router -----(eth0)----- host ----(tap device)---- vm It appears there is some issue with neighbor discovery on the host, when I tcpdump the tap interface from the host's tap endpoint I receive the solicitation messages but nothing is returned: [user ~]$ sudo tcpdump ip6 -vv -i tp-0gn-0000go-0 tcpdump: listening on tp-0gn-0000go-0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:45:16.596378 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2600:1f14:680:xxxx:66a3:79d5:6c1d:14c > ff02::1:ff00:200e: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has sea15s11-in-x0e.1e100.net source link-address option (1), length 8 (1): 02:fc:80:d4:52:b6 0x0000: 02fc 80d4 52b6 01:45:17.610410 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2600:1f14:680:xxxx:66a3:79d5:6c1d:14c > ff02::1:ff00:200e: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has sea15s11-in-x0e.1e100.net source link-address option (1), length 8 (1): 02:fc:80:d4:52:b6 0x0000: 02fc 80d4 52b6 01:45:18.634402 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2600:1f14:680:xxxx:66a3:79d5:6c1d:14c > ff02::1:ff00:200e: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has sea15s11-in-x0e.1e100.net source link-address option (1), length 8 (1): 02:fc:80:d4:52:b6 0x0000: 02fc 80d4 52b6 Note: I'm able to ping ipv6.google.com from the host: [user ~]$ ping6 ipv6.google.com PING ipv6.google.com(sea15s11-in-x0e.1e100.net (2607:f8b0:400a:808::200e)) 56 data bytes 64 bytes from sea15s11-in-x0e.1e100.net (2607:f8b0:400a:808::200e): icmp_seq=1 ttl=39 time=9.93 ms 64 bytes from sea15s11-in-x0e.1e100.net (2607:f8b0:400a:808::200e): icmp_seq=2 ttl=39 time=10.1 ms 64 bytes from sea15s11-in-x0e.1e100.net (2607:f8b0:400a:808::200e): icmp_seq=3 ttl=39 time=10.1 ms It looks like there's an issue with the neighbor discovery. I'm not sure if I'm facing issues with DAD, NUD, or something else, or potentially not a neighbor discovery issue at all? I currently only have the router in ip -6 neigh show, but my impression of the neighbor discovery cache was just to be a cache, and that the routes should still be intact and discoverable otherwise (though this is my very limited understanding). Maybe I'm missing some neighbor discovery/advertisement kernel parameters? [user ~]$ ip -6 neigh show fe80::460:a1ff:fec3:9cb6 dev eth0 lladdr 06:60:a1:c3:9c:b6 router STALE I have a hunch that I'm missing some net.ipv6 kernel parameters here, but I'm not really sure where to start with modifying them. Any suggestions are much appreciated. Full network setup information can be found below. Note that I manually configured the vm global address so it is very similar to the host, one is :XXXb/128 and one is :XXXc/128. VM endpoint - interface: -bash-4.2$ ip a s eth0 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 02:fc:80:d4:52:b6 brd ff:ff:ff:ff:ff:ff inet 169.254.18.177/30 brd 169.254.18.179 scope global eth0 valid_lft forever preferred_lft forever inet6 2600:1f14:680:xxxx:66a3:79d5:6c1d:14c/128 scope global valid_lft forever preferred_lft forever inet6 fe80::fc:80ff:fed4:52b6/64 scope link valid_lft forever preferred_lft forever and relevant VM routes: -bash-4.2$ ip -6 r s 2600:1f14:680:6f00:66a3:79d5:6c1d:14c dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default dev eth0 metric 1024 pref medium Host - the tap and primary interfaces look like: [user ~]$ ip a s tp-0gn-0000go-0 2393: tp-0gn-0000go-0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether d2:d5:4e:f3:de:ab brd ff:ff:ff:ff:ff:ff inet 169.254.18.178/30 scope global tp-0gn-0000go-0 valid_lft forever preferred_lft forever inet6 fe80::d0d5:4eff:fef3:deab/64 scope link valid_lft forever preferred_lft forever [user ~]$ ip a s eth0 2: eth0: mtu 9001 qdisc mq state UP group default qlen 1000 link/ether 06:b6:f7:16:ac:04 brd ff:ff:ff:ff:ff:ff inet 172.30.255.4/28 brd 172.30.255.15 scope global dynamic eth0 valid_lft 2994sec preferred_lft 2994sec inet6 2600:1f14:680:6f00:66a3:79d5:6c1d:14b/128 scope global dynamic valid_lft 405sec preferred_lft 105sec inet6 fe80::4b6:f7ff:fe16:ac04/64 scope link valid_lft forever preferred_lft forever and the relevant routes: [user ~]$ ip -6 r s 2600:1f14:680:6f00:66a3:79d5:6c1d:14b dev eth0 proto kernel metric 256 expires 389sec pref medium 2600:1f14:680:6f00:66a3:79d5:6c1d:14c dev tp-0gn-0000go-0 metric 1024 pref medium 2600:1f14:680:6f00::/64 dev eth0 proto kernel metric 256 pref medium unreachable 3ffe:ffff::/32 dev lo metric 1024 error 4294967183 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::460:a1ff:fec3:9cb6 dev eth0 proto ra metric 1024 expires 1798sec hoplimit 64 pref medium ip6tables filter is allowing everything [user ~]$ sudo ip6tables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination and host is amazon-linux, similar to centos/rhel/fedora, cat /etc/os-release: NAME ="Amazon Linux" VERSION="2" ID_LIKE="centos rhel fedora" Any suggestions are much appreciated. Let me know if I'm missing any necessary information or anything conceptually. Thanks in advance. ---------- Update: Also I should note that I don't get any tcpdump packets when listening on eth0 of the host and trying to ping ipv6.google.com from the vm. As can be seen in the first tcpdump, the packets are first being sent to the all node solicitation multicast address which should be routed through eth0 (based off the local routing table), but I never see the packets go through eth0 via tcpdump. I currently have net.ipv6.conf.all.forwarding=1, net.ipv6.conf.all.accept_ra=2, and net.ipv6.conf.all.accept_ra_from_local=1. ---------- Update #2: I came across this article. I added net.ipv6.conf.all.proxy_ndp=1 and added a proxy neighbor, ip -6 neigh add proxy dev which allows me to ping the host's eth0 global address from the vm. Still no luck connecting to ipv6.google.com from the vm though I feel I'm getting closer. ---------- Update #2.5: I think the previous update is irrelevant. I think the core of the issue is that the vm isn't aware of any router and so it's sending out neighbor solicitations for a global ipv6 address. Which I believe shouldn't be the case, but this is just my hunch. I've yet to come across a good resource that explicitly states when neighbor solicitations vs router solicitations vs echo requests should be sent. ---------- Update #3: I axed the manual assigning of addresses and am trying to get the vm to communicate with the DHCP server (this is in an EC2 vpc btw) for it's address. I added a DHCPv6 relay in the host, however it seems the relay message are being sent to the DHCPv6 server and never coming back. I'd be happy to post more information/tcpdumps regarding this if others are interested.

I have two veth pairs (veth1, veth1_0) and (veth2, veth2_0). veth1_0 and veth2_0 are in the default namespace ns0, veth1 is in namespace ns1 and veth2 in namespace ns2. I want to communicate between different namespaces. So I use veth1_0 to send an ethernet frame to veth2_0(use pcap_sendpacket), hoping I can capture the packet at veth2. And in my output, I can capture the packet in namespace 1 at veth1; but fail to do in namespace 2 at veth2. I wonder if it's possible to accomplish the communication in this way; or maybe there are other methods.

How to configure the veth interface on CentOS 7 in such a way to make it state persistent after system reboot? For example: veth configuration: # create veth pair and assing IP address. ip link add veth0 type veth peer name veth1 ip addr add 10.1.0.1/24 dev veth0 ip addr add 10.1.0.2/24 dev veth1 # bring up the interfaces ip link set veth0 up ip link set veth1 up These settings are saved after network service restart but are not saved after system restart. In the RedHat documentation does not mention now to write ifcfg-vethX interface configuration file or ifup-veth and ifdown-veth scripts for the veth interfaces that should be in /etc/sysconfig/network-scripts.

I have /sbin/ifup-local set to execute and it works but my virutal interface eth0.2 (vlan2) is the one that gets the IP address I need to run the script . How can i run a bash script when eth0.2 is up ? I renamed /sbin/ifup-local to /sbin/ifup-eth0.2 and it not work Using Centos6

I am trying to understand the difference between different types of (virtual) interfaces (e.g. TUN/TAP, veth etc.) and was studying some of these types within the context of containers. Is it possible to send packets between a container (in its own network namespace) to the host's network namespace using only TUN/TAP interfaces or is a veth pair (one end in each namespace) required to do this? From my understanding, TUN/TAP interfaces can only be used to send/receive packets to/from userspace from/to the network stack corresponding to the network namespace of that interface and not send packets between network namespaces. Is this correct?

I did try to initialize a dummy interface in shell manually without no problem. In order to bring up this interface at every boot up process, then i tried to add it to /etc/bashrc or /etc/profile as below: ip link set name eth0 dev dummy0 ip link set eth0 address d0:17:c2:a9:a5:5e ifconfig eth0 hw ether d0:17:c2:a9:a5:5e ‌I also added below config to /etc/modules-load.d/dummy.conf but it did not worked as well. /sbin/ip link set name eth0 dev dummy0

I would like to detect whether a network interface is "physical" or "virtual", where "physical" means that the interface has hardware attached, even if that "hardware" is virtualized by a hypervisor. "Virtual" then means that it's one of the Linux kernel elements, such as bridges, veths, macvlans, et cetera. I'm aware that by using /sys/class/net/[nif]/... I can follow the device link and thus differentiate between (virtual) physical and "real" (sic!) virtual network interfaces, based on the device path containing the "virtual" sub directory or not. However, when dealing with network namespaces, this requires a properly remounted sysfs in order to be able to see the correct /sys/class/net/... entries. So a simpler method relying solely on RTNETLINK data might be more suitable. When using RTNETLINK to discover the available network interfaces is there some property/attribute which allows me to differentiate without the need to check /sys/class/net/[nif]?

The solution to non-virtual network interfaces is here: https://unix.stackexchange.com/a/210992 But the problem is I have multiple IPs on one network interface and I'd like to be able to assign each IP to a different application. For example, I have eth0:0, eth0:1, etc. When I do command(note the virtual interface): ip link set eth0:0 netns test_ns It takes eth0 ip and not eth0:0.. it also takes away the entire interface and I can't connect to it from a public source. Is there a way to use virtual network interface for different processes while having the server accessible from a public source?

To Create a Fake Ethernet dummy Interface On Linux we First initialize the dummy interface driver using the below command: **/sbin/modprobe dummy**. Then we Assign Ethernet Interface alias To Dummy Driver we just initialized above. But it gives the following Fatal error saying: **FATAL: Module dummy not found.** Also, at the path **cd /sys/devices/virtual/net#** , we can see that there are virtual interfaces present by the following names: dummy0/ lo/ sit0/ tunl0/ **ifconfig -a** dummy0: Link encap:Ethernet HWaddr aa:3a:a6:cd:91:2b BROADCAST NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo: Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:111 errors:0 dropped:0 overruns:0 frame:0 TX packets:111 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8303 (8.1 KiB) TX bytes:8303 (8.1 KiB) sit0: Link encap:UNSPEC HWaddr 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) tunl0: Link encap:IPIP Tunnel HWaddr NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) So, the modprobe command is not able to load the kernel module. How can we load a kernel module using **modprobe** or insmod to initialize a dummy interface driver? Can we create multiple dummy interfaces on a single loaded module?