Hello all, I'm moving an application from 2.6.23 (yes, it's ancient; that's why we are moving) to 3.18LTS. The application monitors multiple network links to the same target with ping packets. The different links are selected either by their next hop router (Ethernet) or the network interface (Point-to-Point links, aka cellular data). To force different routes to the same target, the outgoing packets are tagged with different firewall marks. Then I'm using routing rules to select different routing tables with different routes for the same target. The outgoing path works perfectly fine in both, 2.6.23 and 3.18. However, the same is not true for the incoming ICMP replies. They are incoming; I see them with tcpdump. But some packets do not get delivered to user space in 3.18. I'm not 100% sure, but I think this happens if there is no "normal" route to the ping target, e.g. the source address of the ICMP replies. This looks like some kind of misguided ingress filtering that keeps packets out if a normal routing lookup fails.
Am I on the right track? If so, is there a way to disable this filtering? If not, what could cause this changed behaviour? Thanks in adavance and kind regards Joerg -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
