svn commit: r318150 - head/sys/netinet/libalias

Eugene Grosbein eugen at FreeBSD.org
Wed May 10 19:41:54 UTC 2017 

Author: eugen (ports committer)
Date: Wed May 10 19:41:52 2017
New Revision: 318150
URL: https://svnweb.freebsd.org/changeset/base/318150

Log:
  ipfw nat and natd support multiple aliasing instances with "nat global" feature
  that chooses right alias_address for outgoing packets that already have
  corresponding state in one of aliasing instances. This feature works just fine
  for ICMP, UDP, TCP and SCTP packes but not for others. For example,
  outgoing PPtP/GRE packets always get alias_address of latest configured
  instance no matter whether such packets have corresponding state or not.
  
  This change unbreaks translation of transit PPtP/GRE connections
  for "nat global" case fixing a bug in static ProtoAliasOut() function
  that ignores its "create" argument and performs translation
  regardless of its value. This static function is called only
  by LibAliasOutLocked() function and only for packers other than
  ICMP, UDP, TCP and SCTP. LibAliasOutLocked() passes its "create"
  argument unmodified.
  
  We have only two consumers of LibAliasOutLocked() in the source tree
  calling it with "create" unequal to 1: "ipfw nat global" code and similar
  natd code having same problem. All other consumers of LibAliasOutLocked()
  call it with create = 1 and the patch is "no-op" for such cases.
  
  PR:		218968
  Approved by:	ae, vsevolod (mentor)
  MFC after:	1 week

Modified:
  head/sys/netinet/libalias/alias.c

Modified: head/sys/netinet/libalias/alias.c
==============================================================================
--- head/sys/netinet/libalias/alias.c	Wed May 10 18:59:20 2017	(r318149)
+++ head/sys/netinet/libalias/alias.c	Wed May 10 19:41:52 2017	(r318150)
@@ -699,12 +699,14 @@ ProtoAliasOut(struct libalias *la, struc
 	struct alias_link *lnk;
 
 	LIBALIAS_LOCK_ASSERT(la);
-	(void)create;
 
 /* Return if proxy-only mode is enabled */
 	if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
 		return (PKT_ALIAS_OK);
 
+	if (!create)
+		return (PKT_ALIAS_IGNORED);
+
 	lnk = FindProtoOut(la, *ip_src, ip_dst, ip_p);
 	if (lnk != NULL) {
 		struct in_addr alias_address;

More information about the svn-src-head mailing list