On Tue, 2 Jul 2013 10:26:40 +0200
Christopher Zimmermann <chr...@openbsd.org> wrote:
> Hi,
>
> My IPsec roadwarrior setup on my laptop broke with one of the latest
> snapshots because some outgoing connections are routed wrongly with a
> source ip of 127.0.0.1.
I found the according line in the source:
netinet/in_pcb.c:836
/*
* If we found a route, use the address
* corresponding to the outgoing interface
* unless it is the loopback (in case a route
* to our address on another net goes to loopback).
*/
if (ro->ro_rt && ro->ro_rt->rt_ifp &&
!(ro->ro_rt->rt_ifp->if_flags & IFF_LOOPBACK)) /* XXX Don't use address of
any loopback interface */
ia = ifatoia(ro->ro_rt->rt_ifa);
if (ia == 0) {
u_int16_t fport = sin->sin_port;
sin->sin_port = 0;
ia = ifatoia(ifa_ifwithdstaddr(sintosa(sin), rtableid));
if (ia == 0)
ia = ifatoia(ifa_ifwithnet(sintosa(sin), rtableid));
sin->sin_port = fport;
if (ia == 0)
ia = TAILQ_FIRST(&in_ifaddr); /* XXX Now use the address of the
FIRST loopback interface anyways ?!? */
if (ia == 0) {
*errorp = EADDRNOTAVAIL;
return NULL;
}
}
Is this reasonable not to use address of loopback interfaces?
Also this codepath only affects udp/tcp, but NOT icmp.
The icmp codepath will use the address of loopback interfaces.
Christopher
