Date: Tue, 4 Nov 2003 11:13:52 -0500 (EST) From: Vlad Manilici <vman@entropy.tmok.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/58927: Verification of reverse path in ip_fw2.c causes problems Message-ID: <200311041613.hA4GDq3C093173@entropy.tmok.com> Resent-Message-ID: <200311041620.hA4GKQ8C023473@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 58927 >Category: kern >Synopsis: Verification of reverse path in ip_fw2.c causes problems >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 04 08:20:25 PST 2003 >Closed-Date: >Last-Modified: >Originator: Vlad Manilici >Release: FreeBSD 5.1-RELEASE-p10 i386 >Organization: Private >Environment: System: FreeBSD k2 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #8: Tue Nov 4 01:26:05 CET 2003 root@k2:/usr/obj/usr/src/sys/K2 i386 >Description: If the direct and reverse route run over different gateways, not response packet is accepted. This may cause problems with certain ISPs (as mine). >How-To-Repeat: Use a host with 2 NICs, and different direct and reverse routes. Traffic will be "swallowed". >Fix: 1. Shorthand: put the interface in promiscuous mode (tcpdump). 2. Elaborate: edit /usr/src/sys/netinet/ip_fw2.c and eliminate verify_rev_path() and all calls to it. ***** Complaint Please restart the Web Interface to GNATS. Users with FreeBSD machines isolated in intranets etc. may have problems with send-pr(1) Cheers, Vlad >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311041613.hA4GDq3C093173>