From: "Ming-Ching Tiew" <mingching.tiew@xxxxxxxxxxx>
>
> I did not go through your post carefully enough to know what you are talking
> about. But my question was why do we have to turn off reverse filter path
> checking to get multipath routing to work ? The original idea of reverse
> filter path checking is to improve security by doing reverse path checking,
> ie by checking the source IP address of all packets coming in via an interface
> against the networks known to be behind that interface, the firewall/router
> can simply drop packets that aren't supposed to come from there. In the
> multipath routing case, the packets are INDEED supposed to be from the
> interface where it is coming from, why they are dropped ?
>
Perhaps this is what this patch is all about ?
http://www.ssi.bg/~ja/#rp_filter_mask
I have noticed that Julian Anastasov's patch has existed long long time ago
but it is never included into the standard kernel. I really wonder why.
Cheers.
