From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jay Vosburgh Date: Tue, 09 Feb 2021 01:47:25 +0000 Subject: Re: Multiple link, policy routing and link not in defaut route... Message-Id: <1822.1612835245@famine> List-Id: References: <20210203181530.GO3370@lilliput.linux.it> In-Reply-To: <20210203181530.GO3370@lilliput.linux.it> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Marco Gaiarin wrote: >> Why the interface need to be in 'default route'? Thanks. > >As sugested by a private reply, i've disabled 'rp_filter' and packet >flow correctly. > >AFAI've understood, packet get routed correctly to the intended >interface, but when reply come back the reverse path filter interpret >it as 'impossible' (because there's no a forward route, and this is >true indeed), and filter it away. > > >There's some 'smarter' way, or fine-grained way, or i have to disable >rp_filter as the only option? Another possibility is that, because you're using fwmark in the routing, you're running afoul of the src_valid_mark sysctl. By default (src_valid_mark = 0), fwmark is not checked when performing rp_filter reverse path route lookups. Enabling net.ipv4.conf.*.src_valid_mark will cause the fwmark to be utilized for the reverse path lookup. -J --- -Jay Vosburgh, jay.vosburgh@canonical.com