if rp_filter is enabled some ICMP messages may get dropped by checking the wrong IP address information.

Setup:
Host - GW1 - GW2 - Server
The host has IP 192.168.1.1/24 and only a single route to 10.1.1.0/24 via its gateway gw1, there is no default route. rp_filter is set to 1.
GW1 links to GW2 on link 172.16.1.0/24
GW2 has IP address 172.16.1.2 pointing to GW1 and 10.1.1.1 pointing to server, MTU on link 10.1.1.1 is 1400.
Server has IP 10.1.1.2

Now the host is sending a packet with MTU 1500 to the server:
192.168.1.1 -> 10.1.1.2
GW1 is passing the packet to GW2
GW2 is checking the packet and reject it because of the MTU of the outgoing link. The generated packet is 172.16.1.2 -> 192.168.1.1 ICMP fragmentation needed with the original packet header in payload.
GW1 is passing the packet to host.
Host is checking the packet and dropping by rp_filter, because the sender IP address is not in the routing table. This is a wrong behavior. The rp_filter routine should in this case check the IP contained in the payload of the ICMP unreach packet because the packet is related caused by the 192.168.1.1 -> 10.1.1.2 packet and relates to this session. If rp_filter drop this ICMP the MTU-path-discovery gets broken. There is no need to route all transfer networks in a provider cloud, but the related ICMP unreachable messages should pass the filter.

Regards
Christian