-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/netutil: add function to check rp_filter value #5703
Conversation
This is what it looks like on my local machine:
|
I'm no expert on this, but I think this may not be sufficient; we may want to actually run this on all calls to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got an example of a network setup where RPF breaks exit nodes? It's one of the few configurations I can think of where RPF strictness shouldn't matter.
b434c0b
to
48ea0c4
Compare
@danderson - I think this is me being bad at reading comprehension; strict |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for cc'ing me on this PR. I'm not familiar enough with this to give a proper review, but I've left some minor comments.
This would also need to check for an iptables or nftables rule invoking the There is hope of fixing the underlying problem so that we don't need a warning though, see discussions in #3310 (comment) and #4432. |
48ea0c4
to
3e1b3b2
Compare
Force-pushed over this to just implement the "check for |
3e1b3b2
to
56f2ef6
Compare
Updates #4432 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ifc332a5747fc1feffdbb87437308cf8ecb21b0b0
56f2ef6
to
39ce933
Compare
Updates #4432
Signed-off-by: Andrew Dunham andrew@du.nham.ca
Change-Id: Ifc332a5747fc1feffdbb87437308cf8ecb21b0b0