fixed a bug that uRPF does not work properly for an IPv6 packet bound for the sending machine itself (this is a bug introduced due to a change in ip6_input.c:Rev.1.83)

Pointed out by: Sean McNeil and J.R.Oldroyd MFC after: 3 days
2005-11-10 22:10:39 +00:00 · 2005-11-10 22:10:39 +00:00 · d9a989231e
commit d9a989231e
parent 3a30b28fe9
1 changed files with 8 additions and 2 deletions
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -639,8 +639,14 @@ verify_path6(struct in6_addr *src, struct ifnet *ifp)
 	if (ro.ro_rt == NULL)
 		return 0;

-	/* if ifp is provided, check for equality with rtentry */
-	if (ifp != NULL && ro.ro_rt->rt_ifp != ifp) {
+	/* 
+	 * if ifp is provided, check for equality with rtentry
+	 * We should use rt->rt_ifa->ifa_ifp, instead of rt->rt_ifp,
+	 * to support the case of sending packets to an address of our own.
+	 * (where the former interface is the first argument of if_simloop()
+	 *  (=ifp), the latter is lo0)
+	 */
+	if (ifp != NULL && ro.ro_rt->rt_ifa->ifa_ifp != ifp) {
 		RTFREE(ro.ro_rt);
 		return 0;
 	}