On Sat, 2 Mar 2002, Alan Cox wrote:
> > behavior causes some problems for setups with rp_filter protection
> > and interfaces attached to same hub. If you want to find the reason
> > for this, here it is:
>
> rp_filter is an add on - not exactly default standards behaviour. If you
> want to make the case that rp_filter = 2 means apply a both way rule then
> I've personally no problem with that argument
The rp_filter value of 2 is not support from Linux and
after reading the "5.3.8 Source Address Validation" paragraph
from rfc1812 it seems rp_filter 1 covers it. What exactly do
you mean by value of 2? Note that the remote box does not want to
spoof, it was directed from BOX1 to a wrong MAC where the traffic is
spoofed, the remote hosts are not guilty. They connect to the MAC we
provide by broadcasts.
To Erich, rfc1812, 5.3.8 Source Address Validation:
If this feature is implemented, it MUST be disabled by default
Regards
-- Julian Anastasov <ja@ssi.bg>- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/