反向路径过滤——reverse path filter
一、原理
先介绍个非对称路由的概念
参考《Understanding Linux Network Internals》三十章,
30.2. Essential Elements of Routing
Symmetric routes and asymmetric routes
Usually, the route taken from Host A to Host B is the same as the route used to get back from Host B to Host A; the route is then called symmetric . In complex setups, the route back may be different; in this case, it is asymmetric.
关于反向路径过滤,参考《Understanding Linux Network Internals》三十一章,
31.7. Reverse Path Filtering
We saw what an asymmetric route is in the section "Essential Elements of Routing in Chapter 30. Asymmetric routes are not common, but may be necessary in certain cases. The default behavior of Linux is to consider asymmetric routing suspicious and therefore to drop any packet whose source IP address is not reachable through the device the packet was received from, according to the routing table.
However, this behavior can be tuned via /proc on a per-device basis, as we will see in Chapter 36. See also the section "Input Routing" in Chapter 35.
二、检查流程
如果一台主机(或路由器)从接口A收到一个包,其源地址和目的地址分别是10.3.0.2和10.2.0.2,
即, 如果启用反向路径过滤功能