From patchwork Tue Feb 9 01:37:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jay Vosburgh X-Patchwork-Id: 379875 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2AEBC433E0 for ; Tue, 9 Feb 2021 01:38:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 77B0664E66 for ; Tue, 9 Feb 2021 01:38:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230187AbhBIBiM convert rfc822-to-8bit (ORCPT ); Mon, 8 Feb 2021 20:38:12 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:46379 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229777AbhBIBhw (ORCPT ); Mon, 8 Feb 2021 20:37:52 -0500 Received: from 1.general.jvosburgh.us.vpn ([10.172.68.206] helo=famine.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1l9Hxf-0001fO-On; Tue, 09 Feb 2021 01:37:03 +0000 Received: by famine.localdomain (Postfix, from userid 1000) id 0FA445FEE7; Mon, 8 Feb 2021 17:37:02 -0800 (PST) Received: from famine (localhost [127.0.0.1]) by famine.localdomain (Postfix) with ESMTP id 07F41A0411; Mon, 8 Feb 2021 17:37:02 -0800 (PST) From: Jay Vosburgh To: netdev@vger.kernel.org Cc: "David S. Miller" , Jakub Kicinski , Jonathan Corbet , linux-doc@vger.kernel.org Subject: [PATCH net] Documentation: networking: ip-sysctl: Document src_valid_mark sysctl X-Mailer: MH-E 8.6+git; nmh 1.6; GNU Emacs 27.0.50 MIME-Version: 1.0 Content-ID: <1394.1612834621.1@famine> Date: Mon, 08 Feb 2021 17:37:01 -0800 Message-ID: <1396.1612834621@famine> Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Provide documentation for src_valid_mark sysctl, which was added in commit 28f6aeea3f12 ("net: restore ip source validation"). Signed-off-by: Jay Vosburgh --- Documentation/networking/ip-sysctl.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index fa544e9037b9..0fb39c895c95 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -1425,6 +1425,25 @@ rp_filter - INTEGER Default value is 0. Note that some distributions enable it in startup scripts. +src_valid_mark - BOOLEAN + - 0 - The fwmark of the packet is not included in reverse path + route lookup. This allows for asymmetric routing configurations + utilizing the fwmark in only one direction, e.g., transparent + proxying. + + - 1 - The fwmark of the packet is included in reverse path route + lookup. This permits rp_filter to function when the fwmark is + used for routing traffic in both directions. + + This setting also affects the utilization of fmwark when + performing source address selection for ICMP replies, or + determining addresses stored for the IPOPT_TS_TSANDADDR and + IPOPT_RR IP options. + + The max value from conf/{all,interface}/src_valid_mark is used. + + Default value is 0. + arp_filter - BOOLEAN - 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered