Bug 28567

Summary: incorrect implemenatition of IPFW's 'me'-keyword
Product: Base System Reporter: Igor M Podlesny <poige>
Component: kernAssignee: ru <ru>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Igor M Podlesny 2001-07-01 11:00:02 UTC 
using newly implemented feature 'me' of ipfw has a sideeffect for pointopoint interfaces -- the remote addr. is classified as ours (i.e., matches 'me')

Fix: 

avoid using INADDR_TO_IFP (/usr/src/sys/netinet/in_var.h) for 'me' feature in ip_fw.c cause it finds the corresponding interface for any kind of addresses without respect to is it remote or local.
How-To-Repeat: should have any PTP-interface and set your firewall up using 'me'.
Comment 1 dwmalone freebsd_committer freebsd_triage 2001-07-01 21:32:31 UTC 
Responsible Changed
From-To: freebsd-bugs->phk

phk brought in the 'me' keyword in ipfw.
Comment 2 ru freebsd_committer freebsd_triage 2001-07-17 11:50:40 UTC 
State Changed
From-To: open->closed

Fixed in 5.0-CURRENT, sys/netinet/in_var.h,v 1.39. 
Fixed in 4.3-STABLE, sys/netinet/in_var.h,v 1.33.2.2.
Comment 3 ru freebsd_committer freebsd_triage 2001-07-17 11:50:40 UTC 
Responsible Changed
From-To: phk->ru

phk didn't mind.