* rp_filter backward compatibility
@ 2010-08-30 15:25 Nicolas Dichtel
2010-08-30 16:47 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Nicolas Dichtel @ 2010-08-30 15:25 UTC (permalink / raw)
To: netdev; +Cc: David Miller, Stephen Hemminger
I'm surprised by the commit 27fed4175acf81ddd91d9a4ee2fd298981f60295 (ip: fix
logic of reverse path filter sysctl). This commit breaks backward compatibility.
I know that logic was wrong, but for years it was mandatory to set both
all.rp_filter and <device>.rp_filter to enable it, ie setting only all.rp_filter
had no consequences. Now, when all.rp_filter is enabled, RPF is enabled for all
interfaces.
Help of Kconfig explains:
"To turn
rp_filter on use:
echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
*and*
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
At least, one of this action should be done:
- fixing help (Documentation/networking/ip-sysctl.txt is up to date)
- reverting the patch (this will force to set all.rp_filter to 3 if some
interfaces use loose mode and some others strict mode)
What is your opinion?
Regards,
Nicolas
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: rp_filter backward compatibility
2010-08-30 15:25 rp_filter backward compatibility Nicolas Dichtel
@ 2010-08-30 16:47 ` David Miller
2010-08-31 15:50 ` Nicolas Dichtel
0 siblings, 1 reply; 4+ messages in thread
From: David Miller @ 2010-08-30 16:47 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: netdev, shemminger
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Mon, 30 Aug 2010 17:25:22 +0200
> At least, one of this action should be done:
> - fixing help (Documentation/networking/ip-sysctl.txt is up to date)
This is the only option.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: rp_filter backward compatibility
2010-08-30 16:47 ` David Miller
@ 2010-08-31 15:50 ` Nicolas Dichtel
2010-09-01 21:30 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Nicolas Dichtel @ 2010-08-31 15:50 UTC (permalink / raw)
To: David Miller; +Cc: netdev, shemminger
[-- Attachment #1: Type: text/plain, Size: 312 bytes --]
Here is the (small) patch.
Regards,
Nicolas
David Miller wrote:
> From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> Date: Mon, 30 Aug 2010 17:25:22 +0200
>
>> At least, one of this action should be done:
>> - fixing help (Documentation/networking/ip-sysctl.txt is up to date)
>
> This is the only option.
[-- Attachment #2: 0002-ipv4-minor-fix-about-RPF-in-help-of-Kconfig.patch --]
[-- Type: text/x-diff, Size: 760 bytes --]
>From a2ea92449b7bfe3952d4714e13df00f5b8595c86 Mon Sep 17 00:00:00 2001
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Tue, 31 Aug 2010 17:47:42 +0200
Subject: [PATCH] ipv4: minor fix about RPF in help of Kconfig
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
net/ipv4/Kconfig | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 7c3a7d1..571f895 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -46,7 +46,7 @@ config IP_ADVANCED_ROUTER
rp_filter on use:
echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
- and
+ or
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
Note that some distributions enable it in startup scripts.
--
1.5.6.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: rp_filter backward compatibility
2010-08-31 15:50 ` Nicolas Dichtel
@ 2010-09-01 21:30 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2010-09-01 21:30 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: netdev, shemminger
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Tue, 31 Aug 2010 17:50:43 +0200
> Here is the (small) patch.
Applied.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-09-01 21:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-30 15:25 rp_filter backward compatibility Nicolas Dichtel
2010-08-30 16:47 ` David Miller
2010-08-31 15:50 ` Nicolas Dichtel
2010-09-01 21:30 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).