Re: RP_FILTER runs too late

From: Dan Hollis (goemon@anime.net)
Date: Tue Aug 07 2001 - 14:07:48 EST

Next message: Richard Gooch: "Re: [PATCH] one of $BIGNUM devfs races"
Previous message: Riley Williams: "Re: How does "alias ethX drivername" in modules.conf work?"
In reply to: David Ford: "Re: RP_FILTER runs too late"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 7 Aug 2001, David Ford wrote:
> I'd rather see SNAT available in pre-routing and have rp_filter run
> against the packet before it hits the netfilter code.

There is one other problem with rp_filter.... rp_filter violations are
S I L E N T. You never know when traffic is dropped because of it. Packets
just disappear.

If it generated printk's it would make it a lot easier to track down
filtering problems.

-Dan

-- [-] Omae no subete no kichi wa ore no mono da. [-]

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Gooch: "Re: [PATCH] one of $BIGNUM devfs races"
Previous message: Riley Williams: "Re: How does "alias ethX drivername" in modules.conf work?"
In reply to: David Ford: "Re: RP_FILTER runs too late"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Aug 07 2001 - 21:00:46 EST