kern/58927: Verification of reverse path in ip_fw2.c causes problems

Vlad Manilici vman at
Tue Nov 4 08:20:30 PST 2003

>Number:         58927
>Category:       kern
>Synopsis:       Verification of reverse path in ip_fw2.c causes problems
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 04 08:20:25 PST 2003
>Originator:     Vlad Manilici
>Release:        FreeBSD 5.1-RELEASE-p10 i386
System: FreeBSD k2 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #8: Tue Nov  4 01:26:05 CET 2003 root at k2:/usr/obj/usr/src/sys/K2  i386


If the direct and reverse route run over different gateways, not
response packet is accepted. This may cause problems with certain
ISPs (as mine).


Use a host with 2 NICs, and different direct and reverse routes.
Traffic will be "swallowed".


1. Shorthand: put the interface in promiscuous mode (tcpdump).
2. Elaborate: edit /usr/src/sys/netinet/ip_fw2.c and eliminate
   verify_rev_path() and all calls to it.

***** Complaint

Please restart the Web Interface to GNATS. Users with FreeBSD
machines isolated in intranets etc. may have problems with



More information about the freebsd-bugs mailing list