Fix minor bug in uRPF:

If net.link.ether.inet.useloopback=1 and we send broadcast packet using our own source ip address it may be rejected by uRPF rules. Same bug was fixed for IPv6 in rev. 1.115 by suz. PR: kern/76971 Approved by: glebius (mentor) MFC after: 3 days
2006-01-24 13:38:06 +00:00 · 2006-01-24 13:38:06 +00:00 · 44a515834f
commit 44a515834f
parent 634c377652
1 changed files with 8 additions and 2 deletions
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -545,8 +545,14 @@ verify_path(struct in_addr src, struct ifnet *ifp)
 	if (ro.ro_rt == NULL)
 		return 0;

-	/* if ifp is provided, check for equality with rtentry */
-	if (ifp != NULL && ro.ro_rt->rt_ifp != ifp) {
+	/*
+	 * If ifp is provided, check for equality with rtentry.
+	 * We should use rt->rt_ifa->ifa_ifp, instead of rt->rt_ifp,
+	 * in order to pass packets injected back by if_simloop():
+	 * if useloopback == 1 routing entry (via lo0) for our own address
+	 * may exist, so we need to handle routing assymetry.
+	 */
+	if (ifp != NULL && ro.ro_rt->rt_ifa->ifa_ifp != ifp) {
 		RTFREE(ro.ro_rt);
 		return 0;
 	}