Reverse Path Filtering check in ip_input.c
Yann Berthier
yb at bashibuzuk.net
Tue Jan 3 06:32:10 PST 2006
On Tue, 03 Jan 2006, at 14:58, ?ukasz Bromirski wrote:
> Yann Berthier wrote:
>
> > If this yet to be found wiser guy would not forget the loose check
> > too (verrevpath in ipfw speaking), where packets matching the default
> > route are ok ... :)
>
> Actually it does that and will until we'll have option to have two
> or more default routes.
>
> Presently, if packets comes via interface and reply for it should be
> sent on the same interface (because default route points to it and
> there are no other routes pointing for the same destination to
> another interface) it will work.
>
> Check fails if there's either interface mismatch, or source is present
> in routing table but marked as RTF_REJECT/BLACKHOLE one.
My bad, i didn't looked at your patch, I was misleaded by the
verrevpath / versrcreach description.
> OpenBSD imported KAME mroute extension that enables them to have
> more than one route for given destination simultaneously in routing
> table. I'm looking into it now, as it's very attractive thing,
> however as Andre is doing rework of network code I'm sure we'll have
> it sooner or later and then maybe someone will revise old checks
> already marked as 'XXX' in the code ;)
Amen
- yann
More information about the freebsd-net
mailing list