kern/58927: Verification of reverse path in ip_fw2.c causes problems
Vlad Manilici
vman at entropy.tmok.com
Tue Nov 4 08:20:30 PST 2003
>Number: 58927
>Category: kern
>Synopsis: Verification of reverse path in ip_fw2.c causes problems
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 04 08:20:25 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Vlad Manilici
>Release: FreeBSD 5.1-RELEASE-p10 i386
>Organization:
Private
>Environment:
System: FreeBSD k2 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #8: Tue Nov 4 01:26:05 CET 2003 root at k2:/usr/obj/usr/src/sys/K2 i386
>Description:
If the direct and reverse route run over different gateways, not
response packet is accepted. This may cause problems with certain
ISPs (as mine).
>How-To-Repeat:
Use a host with 2 NICs, and different direct and reverse routes.
Traffic will be "swallowed".
>Fix:
1. Shorthand: put the interface in promiscuous mode (tcpdump).
2. Elaborate: edit /usr/src/sys/netinet/ip_fw2.c and eliminate
verify_rev_path() and all calls to it.
***** Complaint
Please restart the Web Interface to GNATS. Users with FreeBSD
machines isolated in intranets etc. may have problems with
send-pr(1)
Cheers,
Vlad
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list