diff options
author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2011-02-23 15:46:15 +0000 |
---|---|---|
committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2011-02-23 15:46:15 +0000 |
commit | 884f2d70183a62e3f2fbb08712b7e86153a3c195 (patch) | |
tree | e98b443bafebfbce1fb2007f43651c2173698077 /sys/net | |
parent | 0e07a707693c7393ccc9cb567b03c709abcbf521 (diff) |
fixup source address rewriting for the icmp errors with the rdr-to setup.
problem was reported by babut at yandex dot ru in the pr 6564, tested by
the pr originator and me, ok henning mcbride. shaves off a bunch of XXXs.
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pf.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index d241bbe6e50..1a8786c3557 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.726 2011/02/14 11:01:36 sthen Exp $ */ +/* $OpenBSD: pf.c,v 1.727 2011/02/23 15:46:14 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4498,8 +4498,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, &nk->addr[pd2.didx], pd2.af) || nk->port[pd2.didx] != th.th_dport) pf_change_icmp(pd2.dst, &th.th_dport, - NULL, /* XXX Inbound NAT? */ - &nk->addr[pd2.didx], + saddr, &nk->addr[pd2.didx], nk->port[pd2.didx], NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, pd2.af); @@ -4576,8 +4575,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, &nk->addr[pd2.didx], pd2.af) || nk->port[pd2.didx] != uh.uh_dport) pf_change_icmp(pd2.dst, &uh.uh_dport, - NULL, /* XXX Inbound NAT? */ - &nk->addr[pd2.didx], + saddr, &nk->addr[pd2.didx], nk->port[pd2.didx], &uh.uh_sum, pd2.ip_sum, icmpsum, pd->ip_sum, 1, pd2.af); @@ -4653,7 +4651,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, if (PF_ANEQ(pd2.dst, &nk->addr[pd2.didx], pd2.af)) - pf_change_icmp(pd2.dst, NULL, NULL, + pf_change_icmp(pd2.dst, NULL, saddr, &nk->addr[pd2.didx], 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET); @@ -4728,7 +4726,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, if (PF_ANEQ(pd2.dst, &nk->addr[pd2.didx], pd2.af)) - pf_change_icmp(pd2.dst, NULL, NULL, + pf_change_icmp(pd2.dst, NULL, saddr, &nk->addr[pd2.didx], 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); @@ -4774,8 +4772,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, if (PF_ANEQ(pd2.dst, &nk->addr[pd2.didx], pd2.af)) - pf_change_icmp(pd2.src, NULL, - NULL, /* XXX Inbound NAT? */ + pf_change_icmp(pd2.dst, NULL, saddr, &nk->addr[pd2.didx], 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, pd2.af); |