diff options
author | suz <suz@FreeBSD.org> | 2005-11-10 22:10:39 +0000 |
---|---|---|
committer | suz <suz@FreeBSD.org> | 2005-11-10 22:10:39 +0000 |
commit | 199b78628d00e9207f3632055b6cb153f2aaf957 (patch) | |
tree | d011998971341d0f7333864545fb53f60f1a0539 /sys/netinet | |
parent | e6c93861cb12941d9af90748a7dc5043459aeb29 (diff) | |
download | FreeBSD-src-199b78628d00e9207f3632055b6cb153f2aaf957.zip FreeBSD-src-199b78628d00e9207f3632055b6cb153f2aaf957.tar.gz |
fixed a bug that uRPF does not work properly for an IPv6 packet bound for the sending machine itself (this is a bug introduced due to a change in ip6_input.c:Rev.1.83)
Pointed out by: Sean McNeil and J.R.Oldroyd
MFC after: 3 days
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_fw2.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 4e37273..fa3b0c2 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -639,8 +639,14 @@ verify_path6(struct in6_addr *src, struct ifnet *ifp) if (ro.ro_rt == NULL) return 0; - /* if ifp is provided, check for equality with rtentry */ - if (ifp != NULL && ro.ro_rt->rt_ifp != ifp) { + /* + * if ifp is provided, check for equality with rtentry + * We should use rt->rt_ifa->ifa_ifp, instead of rt->rt_ifp, + * to support the case of sending packets to an address of our own. + * (where the former interface is the first argument of if_simloop() + * (=ifp), the latter is lo0) + */ + if (ifp != NULL && ro.ro_rt->rt_ifa->ifa_ifp != ifp) { RTFREE(ro.ro_rt); return 0; } |