On Tue, Dec 08, 1998 at 11:02:29PM +0300, Alexey Kuznetsov wrote:
> > Plus, I finally figured out that you can disable it with the
> > /proc/sys/net/ipv4/conf/tap0/rp_filter sysctl.
>
> rp_filter IS DISABLED by default!!! Look at dark corners,
> apparently you have some virus, which enabled it. 8)
Ah, upon closer inspection, it seems that my Debian network startup scripts
enable this sysctl automatically.
> The second, namely the fact, that sending spoofed packet to network is not
> allowed, has nothing to do with policy. It is provides stack
> self-consistency. BTW if superuser really wants to make it, he marks them
> with MSG_PROXY flag or sends spoofed packets as raw packets.
Hmm, the routing system doesn't need to pay any attention to the source
address, does it?
MSG_PROXY sounds interesting, but I can't find documentation for it
anywhere. send(2) man page only shows MSG_OOB and MSG_DONTROUTE.
I can't use send() anyway with an ethertap, which uses /dev/tap0 (a file,
not a socket).
If I send using a raw socket, is it possible for the kernel to process the
message locally if ipdst is local?
Thanks,
Avery
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
