From 5f5e8a8ac566042b4e9ca3358dd44a1534603e6d Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Thu, 14 Sep 2017 17:11:35 +0200 Subject: [PATCH] mxrouter: add option disable_ipv4_rp_filter for interface When we have unsymmetrical routing, we need to accept foreing packets. Make ipv4_rp_filter optional. --- mxrouter/mxrouterctl | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/mxrouter/mxrouterctl b/mxrouter/mxrouterctl index 9cd229a..f912d24 100755 --- a/mxrouter/mxrouterctl +++ b/mxrouter/mxrouterctl @@ -350,6 +350,13 @@ sync=1 __EOF__ } +our %disable_ipv4_rp_filter = ('all' => 1); # this is AND ( https://marc.info/?l=linux-kernel&m=123606366021995&w=2 ) + +sub disable_ipv4_rp_filter { + my ($if)=@_; + $disable_ipv4_rp_filter{$if}=1; +} + sub start { -d "/var/run/mxrouter/$NETNS" or sys ('mkdir','-p',"/var/run/mxrouter/$NETNS"); @@ -479,9 +486,11 @@ sub start { warn "disable IPV4 send redirects on $dev\n" unless $opt_quiet; set_ipv4_send_redirects($dev,0); } - if (get_ipv4_rp_filter($dev)==0) { - warn "enable reverse path filter on $dev\n" unless $opt_quiet; - set_ipv4_rp_filter($dev,1); + + my $ipv4_rp_filter = $disable_ipv4_rp_filter{$dev} ? 0 : 1; + if (get_ipv4_rp_filter($dev)!=$ipv4_rp_filter) { + warn (($ipv4_rp_filter ? "enable" : "disable")." ipv4_rp_filter on $dev\n") unless $opt_quiet; + set_ipv4_rp_filter($dev,$ipv4_rp_filter); } # if (get_ipv4_log_martians($dev)==0) { # warn "enable martians log on $dev\n" unless $opt_quiet;