kern/145167: commit references a PR
dfilter service
dfilter at FreeBSD.ORG
Tue Sep 28 23:30:06 UTC 2010
The following reply was made to PR kern/145167; it has been noted by GNATS.
From: dfilter at FreeBSD.ORG (dfilter service)
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: kern/145167: commit references a PR
Date: Tue, 28 Sep 2010 23:23:28 +0000 (UTC)
Author: luigi
Date: Tue Sep 28 23:23:23 2010
New Revision: 213254
URL: http://svn.freebsd.org/changeset/base/213254
Log:
fix breakage in in-kernel NAT: the code did not honor
net.inet.ip.fw.one_pass and always moved to the next rule
in case of a successful nat.
This should fix several related PR (waiting for feedback
before closing them)
PR: 145167 149572 150141
MFC after: 3 days
Modified:
head/sys/netinet/ipfw/ip_fw_pfil.c
Modified: head/sys/netinet/ipfw/ip_fw_pfil.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw_pfil.c Tue Sep 28 22:46:13 2010 (r213253)
+++ head/sys/netinet/ipfw/ip_fw_pfil.c Tue Sep 28 23:23:23 2010 (r213254)
@@ -231,6 +231,11 @@ again:
break;
case IP_FW_NAT:
+ /* honor one-pass in case of successful nat */
+ if (V_fw_one_pass)
+ break; /* ret is already 0 */
+ goto again;
+
case IP_FW_REASS:
goto again; /* continue with packet */
_______________________________________________
svn-src-all at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list