Spoof protection with redundant routes

• Next message: Robert Love: "Re: user-mode port 0.56-2.4.18-15"
• Previous message: Graham Cobb: "[PATCH] PCI fixup for old NCR 53C810 SCSI chips, kernel 2.4.18 [not wrapped]"
• Next in thread: Andi Kleen: "Re: Spoof protection with redundant routes"
• Maybe reply: Andi Kleen: "Re: Spoof protection with redundant routes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a box with two redundant CIPE tunnels to a
remote network 10.36.x.x.

Routing table:

Destination Gateway Genmask ... Iface
...
10.36.1.12 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb3
10.36.1.11 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb1
10.36.0.0 10.36.1.12 255.255.0.0 UG 0 0 0 cipcb3
10.36.0.0 10.36.1.11 255.255.0.0 UG 0 0 0 cipcb1
...

Now when a packet comes in from 10.36.2.2 on cipcb1, the
spoof protection kills it, since the outgoing packet would
take the route via cipcb3 which is first. I didn't quite
expect that initially.

- Is that known and by design?
- Is that the desired behaviour?
- Is there some possibility to change that?
- Do I have a choice other than to turn off rp_filter?

Claus

-- 
Claus Fischer <claus.fischer@clausfischer.com>
http://www.clausfischer.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Robert Love: "Re: user-mode port 0.56-2.4.18-15"
• Previous message: Graham Cobb: "[PATCH] PCI fixup for old NCR 53C810 SCSI chips, kernel 2.4.18 [not wrapped]"
• Next in thread: Andi Kleen: "Re: Spoof protection with redundant routes"
• Maybe reply: Andi Kleen: "Re: Spoof protection with redundant routes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Apr 15 2002 - 22:00:11 EST