IP address filtering

IP spoofing filtering is much used for ingress/egress filtering[37]. This is to prevent IP packets originating from addresses to which the receiving interface has no route, from being processed. This way it is harder for nodes to spoof an originator address.

This filtering is enabled by default in the Linux kernel by the initialization scripts in most standard Linux distributions, and it must be disabled in olsrd for several reasons. As mentioned in the previous section, one must disable this filtering to be able to use the 255.255.255.255 control-traffic broadcast approach. Doing this means that all packets broadcasted to 255.255.255.255 will be passed up to the application layer of all nodes listening on that UDP port no matter the sender address. But the IP spoofing filter mechanism has turned out to cause more problems than just the 255.255.255.255 broadcast issue. When two nodes have multiple symmetric links between them, the filter will stop incoming broadcasts on all other interfaces but the one on which a host route to the neighbor node is added. When using IPv4, olsrd automatically disables address spoof filtering for all interfaces on which it runs.

Address spoof filtering can be disabled per interface in Linux by writing ``0'' to the proper proc entry. For the eth0 interface that will be /proc/sys/net/ipv4/conf/eth0/rp_filter.