On Fri, 15 Sep 2000, Rainer Link wrote:
Hi how well does "Source Address Verification" work by making the following setting.
echo 1 > /proc/sys/net/ipv4/conf/*/rp_filter
What does the rp_filter do & how does it work. Quote from net/ipv4/fib_frontend.c
/* Given (packet source, input interface) and optional (dst, oif, tos): - (main) check, that source is valid i.e. not broadcast or our local address. - figure out what "logical" interface this packet arrived and calculate "specific destination" address. - check, that packet arrived from expected physical interface. */
int fib_validate_source(u32 src, u32 dst, u8 tos, int oif, struct device *dev, u32 *spec_dst, u32 *itag) Sorry, I forgot to mention Documentation/networking/ip-sysctl.txt. :-)
best regards, Rainer Link -- Rainer Link, SuSE GmbH, eMail: link@suse.de, Web: www.suse.de Developer of A Mail Virus Scanner (AMaViS): http://amavis.org/ Founder of Linux AntiVirus Project: http://lavp.sourceforge.net/