Fix minor bug in uRPF:

If net.link.ether.inet.useloopback=1 and we send broadcast packet using our own source ip address it may be rejected by uRPF rules. Same bug was fixed for IPv6 in rev. 1.115 by suz. PR: kern/76971 Approved by: glebius (mentor) MFC after: 3 days
author: oleg <oleg@FreeBSD.org> 2006-01-24 13:38:06 +0000
committer: oleg <oleg@FreeBSD.org> 2006-01-24 13:38:06 +0000
commit: e7a139cf88cc0cf1281a76fad701a7db4e79fd63 (patch)
tree: af2cb328702ac541b3e4acdde7d2b25bb36b3102 /sys/netinet/ip_fw2.c
parent: cccf088ae774e9039fb260bbfd949014bb44a76e (diff)
download: FreeBSD-src-e7a139cf88cc0cf1281a76fad701a7db4e79fd63.zip
FreeBSD-src-e7a139cf88cc0cf1281a76fad701a7db4e79fd63.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index 79e0e2b..e286951 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -545,8 +545,14 @@ verify_path(struct in_addr src, struct ifnet *ifp)
 	if (ro.ro_rt == NULL)
 		return 0;
 
-	/* if ifp is provided, check for equality with rtentry */
-	if (ifp != NULL && ro.ro_rt->rt_ifp != ifp) {
+	/*
+	 * If ifp is provided, check for equality with rtentry.
+	 * We should use rt->rt_ifa->ifa_ifp, instead of rt->rt_ifp,
+	 * in order to pass packets injected back by if_simloop():
+	 * if useloopback == 1 routing entry (via lo0) for our own address
+	 * may exist, so we need to handle routing assymetry.
+	 */
+	if (ifp != NULL && ro.ro_rt->rt_ifa->ifa_ifp != ifp) {
 		RTFREE(ro.ro_rt);
 		return 0;
 	}
author	oleg <oleg@FreeBSD.org>	2006-01-24 13:38:06 +0000
committer	oleg <oleg@FreeBSD.org>	2006-01-24 13:38:06 +0000
commit	e7a139cf88cc0cf1281a76fad701a7db4e79fd63 (patch)
tree	af2cb328702ac541b3e4acdde7d2b25bb36b3102 /sys/netinet/ip_fw2.c
parent	cccf088ae774e9039fb260bbfd949014bb44a76e (diff)
download	FreeBSD-src-e7a139cf88cc0cf1281a76fad701a7db4e79fd63.zip FreeBSD-src-e7a139cf88cc0cf1281a76fad701a7db4e79fd63.tar.gz