Attending this event?
Back To Schedule
Friday, June 16 • 4:30pm - 5:05pm
Advanced rp_filter

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The IETF has long worked on IP source address validation in order to prevent IP spoofing and mitigate the problem of DoS attacks on the Internet. This work has lead to various forms of Reverse Path Forwarding (RPF) techniques, published in RFC 3704 and RFC 8704.

The Linux kernel has several features similar to RPF. They're implemented either as a sysctl or as Netfilter modules. I'll use the term rp_filter to collectively refer to all this implementations.

The objective of this talk is to give the audience a primer on rp_filter and to explain its challenges and pitfalls, beyond the well-known asymmetric routing issues. I'll conclude on what to consider when implementing RPF for advanced networking scenarios and why this is more complex than just setting a sysctl or loading a generic firewall rule.


Guillaume Nault

Senior Software Engineer, Red Hat
Kernel network programmer at Red Hat.

Friday June 16, 2023 4:30pm - 5:05pm CEST
E112 | Talks
Feedback form isn't open yet.