Bug 29602

Summary: kernel doesn't check if newly allocated ephemerical port is occupied by ipnat rdr
Product: Base System Reporter: Przemyslaw Frasunek <venglin>
Component: kernAssignee: Darern Reed <darrenr>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.3-STABLE   
Hardware: Any   
OS: Any   

Description Przemyslaw Frasunek 2001-08-10 13:10:01 UTC 
	When ephemerical port is allocated for outgoing connection, kernel
	doesn't check if port is already occupied by ipnat redirection.

	Such condition is very rare, but still possible:

intercom:root:/usr/src/sys/netinet# ipnat -l | grep 3389
rdr fxp0 195.205.36.110/32 port 3389 -> 192.168.0.100 port 3389 tcp
RDR 192.168.0.100   3389  <- -> 195.205.36.110  3389  [212.2.96.35 80]

	Source of redirected connection seems to be 212.2.96.35:80, which
	is impossible. 212.182.96.35:80 is destination of connection
	initiated from 195.205.36.110:3389 from local machine.

Fix: 

Unknown.
How-To-Repeat: 
	Set up an ipnat redirection on low epheremical port and do some
	connect()s.
Comment 1 Kris Kennaway freebsd_committer freebsd_triage 2001-08-10 23:00:47 UTC 
Responsible Changed
From-To: freebsd-bugs->darrenr

Darrenr maintains ipfilter
Comment 2 Darern Reed freebsd_committer freebsd_triage 2001-10-20 05:34:34 UTC 
State Changed
From-To: open->closed

this is a known restruction of ipfilter.