From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jay Vosburgh Date: Fri, 13 Jul 2018 16:26:27 +0000 Subject: Re: rp_filter Message-Id: <6814.1531499187@nyx> List-Id: References: <1531495407677.43982@datavoiceint.com> In-Reply-To: <1531495407677.43982@datavoiceint.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Grant Taylor wrote: >On 07/13/2018 09:23 AM, Leroy Tennison wrote: >> Is there a definitive way to tell that rp_filter is dropping traffic (in >> this case echo request) other than disabling it and seeing the expected >> traffic (echo reply)? I tried an iptables packet trace but I either did >> it wrong or it showed nothing. The only indications I have right now >> are: > >Check dmesg. That's the most reliable place I've seen for logs about (so >called) "martian" packets. I believe they're also counted in the "in_martian_src" column of /proc/net/stat/rt_cache. -J >> No firewall rules blocking traffic but no replies either. > >It seems like reverse path filtering operates at a lower layer before >IPTables. > >> The problem is subnet-specific (only occurs on a directly-connected >> subnet). > >Odd. > > > >-- >Grant. . . . >unix || die --- -Jay Vosburgh, jay.vosburgh@canonical.com