Hello.
This is the slowpoke post.
To check the rp filter you can use the ip route get command:
ip route get <ds-tip> from <src-ip> iif <input-interface>
In the recent kernels you will see either valid route or 'invalid
cross-device link' error. In the older kernels you won't see a valid
route if the rp_filter prevents forwarding.
Also, use command 'nstat -z TcpExtIPReversePathFilter' to check the rp
filtered packet drops counter.
Notice, the max value from conf/{all,interface}/rp_filter is used when
doing source validation on the {interface}.
On Fri, 13 Jul 2018 at 18:42, Leroy Tennison <leroy@xxxxxxxxxxxxxxxx> wrote:
>
> Is there a definitive way to tell that rp_filter is dropping traffic (in this case echo request) other than disabling it and seeing the expected traffic (echo reply)? I tried an iptables packet trace but I either did it wrong or it showed nothing. The only indications I have right now are:
>
> No firewall rules blocking traffic but no replies either.
> The problem is subnet-specific (only occurs on a directly-connected subnet).
>
> Early
> Bird Extended! Save now until July 20 on the 2018 Momentum User
> Conference!
> Register
> here
> Leroy Tennison
> Network Information/Cyber Security Specialist
> E: leroy@xxxxxxxxxxxxxxxx
> 2220 Bush Dr
> McKinney, Texas
> 75070
> www.datavoiceint.com
> TThis message has been sent on behalf
> of a company that is part of the Harris Operating Group of
> Constellation Software Inc. These companies are listed
> here
> .
> If you prefer not to be contacted by Harris
> Operating Group
> please notify us
> .
> This message is intended exclusively for the
> individual or entity to which it is addressed. This communication
> may contain information that is proprietary, privileged or
> confidential or otherwise legally exempt from disclosure. If you are
> not the named addressee, you are not authorized to read, print,
> retain, copy or disseminate this message or any part of it. If you
> have received this message in error, please notify the sender
> immediately by e-mail and delete all copies of the
> message.
>
--
Anton.
