From 44a515834f3c85533d590a7e6655fbcc62809ee6 Mon Sep 17 00:00:00 2001
From: Oleg Bulyzhin <oleg@FreeBSD.org>
Date: Tue, 24 Jan 2006 13:38:06 +0000
Subject: [PATCH] Fix minor bug in uRPF:   If net.link.ether.inet.useloopback=1
 and we send broadcast packet using our   own source ip address it may be
 rejected by uRPF rules.

  Same bug was fixed for IPv6 in rev. 1.115 by suz.

PR:		kern/76971
Approved by:	glebius (mentor)
MFC after:	3 days
---
 sys/netinet/ip_fw2.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index 79e0e2b80f1e..e28695198c73 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -545,8 +545,14 @@ verify_path(struct in_addr src, struct ifnet *ifp)
 	if (ro.ro_rt == NULL)
 		return 0;
 
-	/* if ifp is provided, check for equality with rtentry */
-	if (ifp != NULL && ro.ro_rt->rt_ifp != ifp) {
+	/*
+	 * If ifp is provided, check for equality with rtentry.
+	 * We should use rt->rt_ifa->ifa_ifp, instead of rt->rt_ifp,
+	 * in order to pass packets injected back by if_simloop():
+	 * if useloopback == 1 routing entry (via lo0) for our own address
+	 * may exist, so we need to handle routing assymetry.
+	 */
+	if (ifp != NULL && ro.ro_rt->rt_ifa->ifa_ifp != ifp) {
 		RTFREE(ro.ro_rt);
 		return 0;
 	}