* [LARTC] A small correction to LARTC (fwd)
@ 2003-01-16 13:26 Dragan Simic
2003-01-16 15:53 ` Dragan Simic
2003-01-16 21:52 ` Julian Anastasov
0 siblings, 2 replies; 3+ messages in thread
From: Dragan Simic @ 2003-01-16 13:26 UTC (permalink / raw)
To: lartc
First of all, I have to say a big THANKS to all of you, your LARTC
document really sheds some light in a soo dark place as, especially,
Linux TC is.
I found a small error, or typo, in LARTC, on page 85, chapter 13.1.
There is stated that "echo 2 > $i" would turn on RP filtering on actual
interface, but there should be, instead, "echo 1 > $i". Also, in
Documentation/networking/ip-sysctl.txt there are only two options
for rp_filter - 0 (RPF off) or 1 (RPF on).
Also, on page 86, there is a FIXME about conf/{default,all}/* . I tried
that, and it's out that setting only conf/all/rp_filter is enough for
all already configured interfaces, and conf/default/rp_filter is intended
to be used for interfaces that are just going to be configured, or better
saying, link up'ed - for example ppp+ interfaces.
I already pointed this out, and you accepted this note, but in a recent
version of LARTC I can see that the old version remained in the document.
Hope this would help, and keep up the good work !
--
.----------------------------------------------------------------------------.
| Pozdrav / Best Wishes, dsimic@urc.bl.ac.yu | LL The Choice of |
| Dragan Simic RS.BA Hostmaster | LL GNU |
| URC B.Luka / RSKoming.NET System/Network Admin | LLLL i n u x Generation |
`----------------------------------------------------------------------------'
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [LARTC] A small correction to LARTC (fwd)
2003-01-16 13:26 [LARTC] A small correction to LARTC (fwd) Dragan Simic
@ 2003-01-16 15:53 ` Dragan Simic
2003-01-16 21:52 ` Julian Anastasov
1 sibling, 0 replies; 3+ messages in thread
From: Dragan Simic @ 2003-01-16 15:53 UTC (permalink / raw)
To: lartc
I had 2.4.x in mind when I wrote this about rp_filter values. In any case,
in the LARTC should be cleared out what applies to 2.2 branch, and what to
2.4 branch. It's true, in 2.2.23, there are three options (0,1,2); and
there are two options (0,1) in 2.4.20.
On Thu, 16 Jan 2003, Michael T. Babcock wrote:
> Dragan Simic wrote:
>
> >interface, but there should be, instead, "echo 1 > $i". Also, in
> >Documentation/networking/ip-sysctl.txt there are only two options
> >for rp_filter - 0 (RPF off) or 1 (RPF on).
>
> At various points in history there have been values of 0, 1 and 2
> available to mean different things. In my 2.2.14 source I have laying
> around, I see:
>
> rp_filter - INTEGER
> 2 - do source validation by reversed path, as specified in RFC1812
> ...
> 1 - (DEFAULT) Weaker form of RP filtering: drop all the packets
> ...
> 0 - No source validation.
--
.----------------------------------------------------------------------------.
| Pozdrav / Best Wishes, dsimic@urc.bl.ac.yu | LL The Choice of |
| Dragan Simic RS.BA Hostmaster | LL GNU |
| URC B.Luka / RSKoming.NET System/Network Admin | LLLL i n u x Generation |
`----------------------------------------------------------------------------'
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] A small correction to LARTC (fwd)
2003-01-16 13:26 [LARTC] A small correction to LARTC (fwd) Dragan Simic
2003-01-16 15:53 ` Dragan Simic
@ 2003-01-16 21:52 ` Julian Anastasov
1 sibling, 0 replies; 3+ messages in thread
From: Julian Anastasov @ 2003-01-16 21:52 UTC (permalink / raw)
To: lartc
Hello,
On Thu, 16 Jan 2003, Dragan Simic wrote:
> I had 2.4.x in mind when I wrote this about rp_filter values. In any case,
> in the LARTC should be cleared out what applies to 2.2 branch, and what to
> 2.4 branch. It's true, in 2.2.23, there are three options (0,1,2); and
> there are two options (0,1) in 2.4.20.
This is wrong, all kernels (2.2, 2.4, 2.5) treat 2 as 1,
i.e. only 1 and 0 are enough to distinguish the two possible states:
enable/disable source address validation. As for all/rp_filter, it
is only a flag that says "0 disables the spoofing check for all
interfaces". include/linux/inetdevice.h is a good source for
information about whether 0 or 1 as value for all/XXX changes
globally the feature for all interfaces. For rp_filter it is 0,
for send_redirects it is 1.
Regards
--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-01-16 21:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-16 13:26 [LARTC] A small correction to LARTC (fwd) Dragan Simic
2003-01-16 15:53 ` Dragan Simic
2003-01-16 21:52 ` Julian Anastasov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox