[Xorp-hackers] Implementing reverse path filtering and packet marking

Craig Shue cshue@cs.indiana.edu
Tue, 18 Apr 2006 00:05:48 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig15E66545E438C4EC92B4BFD1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Greetings,

I am interested in implementing a form of Reverse Path Filtering. This
process is similar to ingress filtering that is performed by consulting
the BGP FIB/RIB and accepting packets only from address ranges reachable
through the interface (based on routing advertisements, static routes,
etc.). Afterwards, I would like to experiment by adding a prefix-indexed
table for this lookup and perform packet marking in the IP options field.

I have been looking around in the FEA section and documentation.
However, I am rather unclear about how/where the regular packet
processing is actually happening. I am seeing raw packet handling
functions, but they don't seem like they are for typical packets. Could
anyone point me to some detailed documentation on this or explain it a bit?

Also, if you have any pointers or general advice on how to proceed, it
would be greatly appreciated.

Thank you for your time,


-- Craig



--------------enig15E66545E438C4EC92B4BFD1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFERGWcWQ671T0s3GoRAhlFAJ9+wquq7souBS5nri5CIDRJhsjZ0gCglJvm
Y6FnvLDfgnRv6jC58DMay3w=
=H9iu
-----END PGP SIGNATURE-----

--------------enig15E66545E438C4EC92B4BFD1--