Bug 201519
Max
maximos at als.nnov.ru
Sat May 21 20:20:21 UTC 2016
Hi, Kurt.
It`s incomplete. I have tested only the case when inner packet is UDP.
Other cases should be tested I think.
Actually the patch was mentioned in Alexey's message
(http://openbsd-archive.7691.n7.nabble.com/system-6564-pf-not-nating-does-not-see-icmp4-port-unreachable-packets-from-machine-behind-pf-td187997.html).
Someone with more experience (then me) should review this patch.
21.05.2016 22:54, Kurt Jaeger пишет:
> Hi!
>
>> I have patched and tested "case IPPROTO_UDP". It works. Other cases
>> should work too I think.
>>
>> It's against releng/10.3
>> --- sys/netpfil/pf/pf.c.orig 2016-05-21 17:57:29.420602000 +0300
>> +++ sys/netpfil/pf/pf.c 2016-05-21 18:01:09.119724000 +0300
>> @@ -4866,8 +4866,7 @@ pf_test_state_icmp(struct pf_state **sta
>> &nk->addr[pd2.didx], pd2.af) ||
>> nk->port[pd2.didx] != uh.uh_dport)
>> pf_change_icmp(pd2.dst,
>> &uh.uh_dport,
>> - NULL, /* XXX Inbound NAT? */
>> - &nk->addr[pd2.didx],
>> + saddr, &nk->addr[pd2.didx],
>> nk->port[pd2.didx], &uh.uh_sum,
>> pd2.ip_sum, icmpsum,
>> pd->ip_sum, 1, pd2.af);
>>
> Can you add this patch to the PR you mention ?
>
More information about the freebsd-pf
mailing list