Re: ipv4 regression in 2.6.31 ?

[Julian Anastasov]

	Hello,

On Mon, 14 Sep 2009, Stephen Hemminger wrote:

> RP filter did not work correctly in 2.6.30. The code added to to the loose
> mode caused a bug; the rp_filter value was being computed as:
>   rp_filter = interface_value & all_value;
> So in order to get reverse path filter both would have to be set.

	May be we can add IN_DEV_MASKCONF as a better
option (all & dev). All loose-mode fans just need to set
all/rp_filter to 3 to allow both strict and loose mode and then 
DEV/rp_filter will be restricted to the allowed modes. By this way 
compatibility is preserved (all/rp_filter will mean "allowed modes")
and you can add other loose-mode variants as explained in RFC 3704.
Then strict mode will have priority to all loose modes when checking
the sender address. Or if we really want to help asymmetric routing
we should not play with loose modes but with solutions like 
rp_filter_mask:

http://www.ssi.bg/~ja/#rp_filter_mask

where we can use the DEV/medium_id knowledge for rp_filter, not
just for proxy_arp. The drawback is that currently it is
limited to 31 mediums. Still, it serves the main goal of
RFC 3704: 2.3. Feasible Path Reverse Path Forwarding.
Then users can use loose mode to fight against martians
or rp_filter_mask for setups with asymmetric routing.

Regards

--
Julian Anastasov <ja@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/