From: Wendy Cheng <wcheng@netapp.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Jeff Layton <jlayton@redhat.com>,
Janne Karhunen <janne.karhunen@gmail.com>,
Peter Staubach <staubach@redhat.com>,
linux-nfs@vger.kernel.org
Subject: Re: [patch] fix statd -n
Date: Mon, 21 Apr 2008 14:28:37 -0400 [thread overview]
Message-ID: <480CDCD5.7030009@netapp.com> (raw)
In-Reply-To: <20080421173227.GE4379@fieldses.org>
J. Bruce Fields wrote:
> On Mon, Apr 21, 2008 at 10:10:03AM -0400, Jeff Layton wrote:
>
>> On Mon, 21 Apr 2008 09:39:40 -0400
>> "J. Bruce Fields" <bfields@fieldses.org> wrote:
>>
>>
>>> On Mon, Apr 21, 2008 at 07:01:07AM -0400, Jeff Layton wrote:
>>>
>>>> On Sun, 20 Apr 2008 22:11:53 -0400
>>>> "J. Bruce Fields" <bfields@fieldses.org> wrote:
>>>>
>>>>
>>>>> On Sun, Apr 20, 2008 at 08:49:52PM -0400, Janne Karhunen wrote:
>>>>>
>>>>>> Yes, but loopback can also be spoofed.
>>>>>>
>>>>> Is that true? I thought the kernel discarded packets from interfaces
>>>>> other than lo claiming to be from 127.*.*.*.
>>>>>
>>>>>
>>>> I think that's the case only if you have rp_filter turned on. It
>>>> usually is these days, but there are some situations where it doesn't
>>>> do what's expected (vlans, for instance), and has to be disabled.
>>>>
>>> Well, if you believe Documentation/filesystems/proc.txt on rp_filter:
>>>
>>> "Integer value determines if a source validation should be made.
>>> 1 means yes, 0 means no. Disabled by default, but
>>> local/broadcast address spoofing is always on."
>>>
>>> But I haven't tested this or looked at the code.
>>>
>>> --b.
>>>
>> I think that's basically correct, but most modern distros turn it on by
>> default. From the default /etc/sysctl.conf on my fedora box:
>>
>> net.ipv4.conf.default.rp_filter = 1
>>
>> ...it's generally a good thing to enable, but there are places where it
>> needs to be disabled. For instance, my Linksys WRT54g is doing firewall
>> duties and has it disabled because the switch ports on it are segmented
>> with VLANs and rp_filter interferes with that.
>>
>
> Actually, the specific question here is: say you have an ethernet
> interface 192.168.0.1. Will the kernel deliver a packet that comes from
> the network and has source address 192.168.0.1?
>
I doubt it will. Remember one of my old patches (patch 3 & 4) ?
https://www.redhat.com/archives/cluster-devel/2007-April/msg00028.html
https://www.redhat.com/archives/cluster-devel/2007-April/msg00032.html
(patch 3)
https://www.redhat.com/archives/cluster-devel/2007-April/msg00031.html
(patch 4)
I think you have to specifically hack the kernel (as I did) but I don't
have linux source code in front of me at this moment.
-- Wendy
next prev parent reply other threads:[~2008-04-21 18:26 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-17 16:38 [patch] fix statd -n Janne Karhunen
[not found] ` <24c1515f0804170938s23fe3ea3pfe77355ed01d8bbf-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-04-18 17:36 ` J. Bruce Fields
2008-04-18 18:11 ` Janne Karhunen
[not found] ` <24c1515f0804181111x465d7083o4b78e1ba36b51cb-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-04-18 18:25 ` J. Bruce Fields
2008-04-18 18:31 ` Janne Karhunen
[not found] ` <24c1515f0804181131i238a50a7v85ef80299ec2216f-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-04-18 18:34 ` J. Bruce Fields
2008-04-18 18:55 ` Janne Karhunen
2008-04-18 19:46 ` Janne Karhunen
2008-04-18 20:22 ` Peter Staubach
2008-04-18 20:39 ` Janne Karhunen
2008-04-18 18:20 ` Wendy Cheng
2008-04-18 20:21 ` Peter Staubach
2008-04-18 20:23 ` Peter Staubach
2008-04-18 20:32 ` J. Bruce Fields
2008-04-18 20:46 ` Janne Karhunen
[not found] ` <24c1515f0804181346g5867fa1fqfbbcd13af25027cb-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-04-21 0:02 ` J. Bruce Fields
2008-04-21 0:49 ` Janne Karhunen
[not found] ` <24c1515f0804201749x47bee916y9970fe1102bfb5-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-04-21 2:11 ` J. Bruce Fields
2008-04-21 11:01 ` Jeff Layton
[not found] ` <20080421070107.454cfad2-RtJpwOs3+0O+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2008-04-21 13:39 ` J. Bruce Fields
2008-04-21 14:10 ` Jeff Layton
[not found] ` <20080421101003.4e9d85a6-RtJpwOs3+0O+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2008-04-21 17:32 ` J. Bruce Fields
2008-04-21 17:55 ` Jeff Layton
2008-04-21 18:28 ` Wendy Cheng [this message]
2008-04-21 15:01 ` Chuck Lever
2008-04-21 15:40 ` Janne Karhunen
2008-04-21 14:46 ` Janne Karhunen
[not found] ` <24c1515f0804210746t2d392b8ct6575f09dc7254b07-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-04-21 16:59 ` J. Bruce Fields
2008-04-21 17:25 ` Janne Karhunen
2008-04-28 20:52 ` Janne Karhunen
[not found] ` <24c1515f0804281352u2d04ac89i820dc6807dde39f1-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-04-29 14:45 ` Wendy Cheng
2008-04-29 16:16 ` J. Bruce Fields
2008-05-01 12:57 ` Janne Karhunen
[not found] ` <24c1515f0805010557o5daf72f7hc3db5bf85354898e-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-01 13:28 ` Janne Karhunen
[not found] ` <24c1515f0805010628k6b57598btb27116c719b99fad-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-01 13:50 ` Wendy Cheng
2008-05-01 13:58 ` Janne Karhunen
2008-05-02 15:21 ` Wendy Cheng
2008-05-02 15:24 ` Wendy Cheng
2008-05-02 21:13 ` Janne Karhunen
[not found] ` <24c1515f0805021413u450d8bbcr806a90c327b287a1-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-02 21:15 ` Janne Karhunen
2008-05-02 22:33 ` Wendy Cheng
2008-05-02 22:54 ` Janne Karhunen
[not found] ` <24c1515f0805021554u483c471bm61cf3a6d8d434b45-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-03 15:29 ` Wendy Cheng
2008-05-03 17:31 ` Janne Karhunen
2008-05-03 0:24 ` Janne Karhunen
[not found] ` <24c1515f0805021724q7dfe5294r702a9c8ffde01129-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-05 14:45 ` J. Bruce Fields
2008-05-05 14:59 ` Wendy Cheng
2008-05-05 15:01 ` Janne Karhunen
[not found] ` <24c1515f0805050801m66cce68k94073914ba26511e-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-05 15:21 ` Wendy Cheng
2008-05-05 15:23 ` Janne Karhunen
[not found] ` <24c1515f0805050823s14f4caf7s3a4ff06a70c220be-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-05 15:25 ` J. Bruce Fields
2008-05-05 15:28 ` Janne Karhunen
[not found] ` <24c1515f0805050828o3aa5b33aod2a6e4e0b5b6c9dc-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-05 15:58 ` J. Bruce Fields
2008-05-05 16:42 ` Janne Karhunen
[not found] ` <24c1515f0805050942h26a0aaefi471216482fbabef5-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-05-05 17:02 ` J. Bruce Fields
2008-05-05 17:10 ` Janne Karhunen
2008-05-05 16:00 ` Wendy Cheng
2008-05-05 16:14 ` Janne Karhunen
2008-05-05 15:25 ` Janne Karhunen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=480CDCD5.7030009@netapp.com \
--to=wcheng@netapp.com \
--cc=bfields@fieldses.org \
--cc=janne.karhunen@gmail.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=staubach@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.