Re: RP_FILTER runs too late

Dan Hollis (goemon@anime.net)
Tue, 7 Aug 2001 12:07:48 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard Gooch: "Re: [PATCH] one of $BIGNUM devfs races"
Previous message: Riley Williams: "Re: How does "alias ethX drivername" in modules.conf work?"

On Tue, 7 Aug 2001, David Ford wrote:
> I'd rather see SNAT available in pre-routing and have rp_filter run
> against the packet before it hits the netfilter code.

There is one other problem with rp_filter.... rp_filter violations are
S I L E N T. You never know when traffic is dropped because of it. Packets
just disappear.

If it generated printk's it would make it a lot easier to track down
filtering problems.

-Dan

-- [-] Omae no subete no kichi wa ore no mono da. [-]

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Gooch: "Re: [PATCH] one of $BIGNUM devfs races"
Previous message: Riley Williams: "Re: How does "alias ethX drivername" in modules.conf work?"