Bug 6998 - rp_filter missing for ipv6
Summary: rp_filter missing for ipv6
Status: REJECTED INSUFFICIENT_DATA
Alias: None
Product: Networking
Classification: Unclassified
Component: IPV6 (show other bugs)
Hardware: i386 Linux
: P2 normal
Assignee: Hideaki YOSHIFUJI
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-08-13 05:57 UTC by Hadmut Danisch
Modified: 2012-08-14 13:31 UTC (History)
3 users (show)

See Also:
Kernel Version: 2.6.17
Subsystem:
Regression: ---
Bisected commit-id:


Attachments

Description Hadmut Danisch 2006-08-13 05:57:10 UTC
Hi,

ipv4 has a feature rp_filter, where packets are rejected if their sender address
wouldn't be routed to the interface the packet came in on.

ipv6 still lacks this feature. 

It is possible to mimic that feature through iptables, but due to the fact that
ipv6 has a significantly more complicated address structure, it is not trivial
to write the iptable rules.

regards
Hadmut
Comment 1 Natalie Protasevich 2007-10-03 23:02:06 UTC
Hadmut,
Is this still a problem?
Thanks.
Comment 2 Timo Weingärtner 2011-02-24 13:46:53 UTC
It is still a problem.

Ip6tables can only serve as a replacement if it gets a current copy of the routing table(s) and it's extra work to manage both places.
Comment 3 Florian Weimer 2012-08-14 13:31:57 UTC
This has been implemented with the rpfilter match in Linux 3.3 (needs iptables 1.4.14 in userspace).

Note You need to log in before you can comment on or make changes to this bug.