Hi Urs, On ti, 2015-05-12 at 09:34 +0000, Urs Ritzmann wrote: > Hi connman devs, > > We're running connman on a system using PTP (IEEE1588). The problem is that > connman is fiddling with the rp_filter settings and activating loose mode > routing (value 2) if two or more services are present. We cannot have > ip_filter activated because it blocks certain PTP frames. According to this I > have two questions: > > > 1) I currently do not understand the following: Rp_filter is just a > recommended security practice (RFC3704). But the connman commit message > sounds like rp_filter is needed to ensure proper functionality with two or > more interfaces. > > commit cb3e78500a2539a61d73ecb9708a2b06ea1f356d > Author: Jukka Rissanen > <[email protected]<mailto:[email protected]>> > Date: Fri Oct 21 11:16:55 2011 +0300 > > service: Activate loose mode routing > > If more than one service is connected at the same time, > then activate loose mode routing by setting the > /proc/sys/net/ipv4/conf/all/rp_filter to value 2 > If the loose mode routing is not activated, then packets > are not routed properly if services are connected to same > subnet. > > The original value of rp_filter is restored when the other > services are disconnected and only one service is connected. > > For details of rp_filter setting, see Linux kernel file > Documentation/networking/ip-sysctl.txt > > Fixes BMC#23606 > > What means "not routed properly"? Can we run into any problems when disabling > rp_filter but having multiple interfaces/services (e.g. Ethernet and WiFi)? > Is the actual reason that connman sets rp_filter because of security or are > there any other reasons?
See these two bug reports for details for this change: https://01.org/jira/browse/CM-360 https://01.org/jira/browse/CM-375 > > 2) What is your opinion about a submitting patch which introduces a config > option to never change rp_filter settings? Are there good changes to have > this integrated in the main sources. > > Thanks, > Urs > > Cheers, Jukka _______________________________________________ connman mailing list [email protected] https://lists.connman.net/mailman/listinfo/connman
