svn commit: r300501 - head/sys/netpfil/pf
Kristof Provost
kp at FreeBSD.org
Mon May 23 12:41:30 UTC 2016
Author: kp
Date: Mon May 23 12:41:29 2016
New Revision: 300501
URL: https://svnweb.freebsd.org/changeset/base/300501
Log:
pf: Fix ICMP translation
Fix ICMP source address rewriting in rdr scenarios.
PR: 201519
Submitted by: Max <maximos at als.nnov.ru>
MFC after: 1 week
Modified:
head/sys/netpfil/pf/pf.c
Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c Mon May 23 12:35:07 2016 (r300500)
+++ head/sys/netpfil/pf/pf.c Mon May 23 12:41:29 2016 (r300501)
@@ -4784,8 +4784,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != th.th_dport)
pf_change_icmp(pd2.dst, &th.th_dport,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, pd2.af);
@@ -4857,8 +4856,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != uh.uh_dport)
pf_change_icmp(pd2.dst, &uh.uh_dport,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], &uh.uh_sum,
pd2.ip_sum, icmpsum,
pd->ip_sum, 1, pd2.af);
@@ -4925,8 +4923,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != iih.icmp_id)
pf_change_icmp(pd2.dst, &iih.icmp_id,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, AF_INET);
@@ -4978,8 +4975,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != iih.icmp6_id)
pf_change_icmp(pd2.dst, &iih.icmp6_id,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, AF_INET6);
@@ -5018,8 +5014,7 @@ pf_test_state_icmp(struct pf_state **sta
if (PF_ANEQ(pd2.dst,
&nk->addr[pd2.didx], pd2.af))
- pf_change_icmp(pd2.src, NULL,
- NULL, /* XXX Inbound NAT? */
+ pf_change_icmp(pd2.src, NULL, saddr,
&nk->addr[pd2.didx], 0, NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, pd2.af);
More information about the svn-src-all
mailing list