From 8cf5d8cc3eae2a6324ff81aa5f2f6c2f52bc5cd0 Mon Sep 17 00:00:00 2001 From: Jay Vosburgh Date: Mon, 8 Feb 2021 17:37:01 -0800 Subject: [PATCH] Documentation: networking: ip-sysctl: Document src_valid_mark sysctl Provide documentation for src_valid_mark sysctl, which was added in commit 28f6aeea3f12 ("net: restore ip source validation"). Signed-off-by: Jay Vosburgh Signed-off-by: David S. Miller --- Documentation/networking/ip-sysctl.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index 83ff515..581bfce8 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -1446,6 +1446,25 @@ rp_filter - INTEGER Default value is 0. Note that some distributions enable it in startup scripts. +src_valid_mark - BOOLEAN + - 0 - The fwmark of the packet is not included in reverse path + route lookup. This allows for asymmetric routing configurations + utilizing the fwmark in only one direction, e.g., transparent + proxying. + + - 1 - The fwmark of the packet is included in reverse path route + lookup. This permits rp_filter to function when the fwmark is + used for routing traffic in both directions. + + This setting also affects the utilization of fmwark when + performing source address selection for ICMP replies, or + determining addresses stored for the IPOPT_TS_TSANDADDR and + IPOPT_RR IP options. + + The max value from conf/{all,interface}/src_valid_mark is used. + + Default value is 0. + arp_filter - BOOLEAN - 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered -- 2.7.4