From 03d8b6fd1b259cedfa9083550e2a469967bc866f Mon Sep 17 00:00:00 2001 From: "Bjoern A. Zeeb" Date: Sun, 14 Dec 2008 17:47:33 +0000 Subject: [PATCH] Add a check, that is currently under discussion for 8 but that we need to keep for 7-STABLE when MFCing in_pcbladdr() to not change the behaviour there. With this a destination route via a loopback interface is treated as a valid and reachable thing for IPv4 source address selection, even though nothing of that network is ever directly reachable, but it is more like a blackhole route. With this the source address will be selected and IPsec can grab the packets before we would discard them at a later point, encapsulate them and send them out from a different tunnel endpoint IP. Discussed on: net Reported by: Frank Behrens Tested by: Frank Behrens MFC after: 4 weeks (just so that I get the mail) --- sys/netinet/in_pcb.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 70f217a9128c..c5515daefd63 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -695,6 +695,10 @@ in_pcbladdr(struct inpcb *inp, struct in_addr *faddr, struct in_addr *laddr, ia = ifatoia(ifa_ifwithnet(sintosa(&sain))); if (cred == NULL || !jailed(cred)) { +#if __FreeBSD_version < 800000 + if (ia == NULL) + ia = (struct in_ifaddr *)sro.ro_rt->rt_ifa; +#endif if (ia == NULL) { error = ENETUNREACH; goto done;