| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Feb 2015 16:16:21 -0500 From: Sowmini Varadhan <sowmini05@...il.com> To: Toerless Eckert <tte@...fau.de> Cc: Bill Fink <billfink@...dspring.com>, Cong Wang <cwang@...pensource.com>, netdev <netdev@...r.kernel.org> Subject: Re: vnet problem (bug? feature?) On Sun, Feb 15, 2015 at 2:00 PM, Toerless Eckert <tte@...fau.de> wrote: > *Bingo* rp_filter did the trick. > > nstat is fairly useless to figrue this out, no RPF counters. > > Quite strange to see rp_filter. Especilly for multicast. But i haven't > followed linux for many years in this level of detail. I thought > Linux was always weak host model. But even for strong host model, > i can't remember that RPF checking was done in the past (for hosts, > not routers obviously). RPF != strong/weak ES models defined in Section 3.3.4.2 of rfc1122. RPF is about ingress filtering (rfc 3704) and verifying that the return path to the src addr of the packet would go out on the same interface it came on. The wiki page on Reverse_path_forwarding has some detail. --Sowmini -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists