Re: Kernel drops UDP datagrams between interface and process



On Fri, 16 Apr 2010, phil-news-nospam@xxxxxxxx wrote:

OSPF just updates the routing tables when you have a bunch of machines on the same network. But the route tables are already correct, so OSPF in this simple case is pointless. OSPF solves the problem of getting packets to the correct machine. That isn't a problem that needs a solution because packets already get to the correct machine.

The problem is that AFTER the packet gets to the correct machine, the kernel network stack decides to discard some of them merely because of which interface they arrived on, even though both interfaces are configured exactly the same way. The route table is irrelevant because this problem involves INCOMING packets (being handled incorrectly).

[snip]

On Fri, 16 Apr 2010 07:19:41 -0700 (PDT) David Schwartz <davids@xxxxxxxxxxxxx> wrote:

| Sounds like you have some configuration problems. Did you leave
| rp_filter on or something silly like that? Is IP forwarding on?

I don't know about rp_filter. I will check that when I get a chance.

"rp" stands for "reverse path", and AFAICT it does something like this:

For each incoming internet protocol packet with src addr REMOTE_IP and dst addr ONE_OF_YOUR_IPS, arriving over iface IFACE, check whether an outgoing packet with src addr SAME_IP_OF_YOURS and dst addr REMOTE_IP would be routed through the same iface IFACE.

Thus it very much depends on your routing table.

http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.rpf.html

(David, sorry if I completely missed the point.)

Cheers,
lacos
.



Relevant Pages

  • Re: Redundant links between subnets
    ... protocol doesnt get events like interface state changes instantly using ... protocol to react quickly to outages. ... thought OSPF will help. ... does, and hello packets are frequent enough, my problem is solved. ...
    (comp.dcom.sys.cisco)
  • Re: Getting OSPF Routes on ISA 2004 RRAS
    ... The live log does not show any OSPF packets when I ran a query. ... Understanding the ISA 2004 Access Rule Processing ... Deployment Guidelines for ISA Server 2004 Enterprise Edition ...
    (microsoft.public.isa)
  • Re: A question about ospf
    ... does it work like point --point (non broadcast neighborship)? ... Since this is a waste of LSA database resources, you can force OSPF to treat ... Some books and Cisco training books usually use two routers to explain ... Second question is that all relate to OSPF packets use multicast ...
    (comp.dcom.sys.cisco)
  • Re: Possible hi-jacking of ospf chain.
    ... intrusion detection system for network architectures. ... Here are some of them with some information regarding OSPF issues ... Create the fake LSA packets, ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)