diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-09-17 17:16:28 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-09-17 17:16:28 +0000 |
| commit | a4250d640b018d8ccdbf48ca99e973ef197587ad (patch) | |
| tree | 1f8a5629d001e5f2d551efc770e92cb55fc63dae /sys | |
| parent | 42e1aa76a931acaa0d6ed1ea02fda14a15c858ea (diff) | |
icmpv6 nat fix, from Ryan McBride
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index aa793a35f66..c4ecec2848b 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.152 2001/09/15 22:25:25 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.153 2001/09/17 17:16:27 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3124,6 +3124,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, u_short reason; u_int16_t icmpid, af = pd->af; u_int8_t icmptype, icmpcode; + int rewrite = 0; switch (pd->proto) { #ifdef INET @@ -3158,6 +3159,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, case AF_INET6: pf_change_a6(saddr, &pd->hdr.icmp6->icmp6_cksum, &binat->raddr, 0); + rewrite++; break; #endif /* INET6 */ } @@ -3177,6 +3179,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, case AF_INET6: pf_change_a6(saddr, &pd->hdr.icmp6->icmp6_cksum, &nat->raddr, 0); + rewrite++; break; #endif /* INET6 */ } @@ -3197,6 +3200,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, case AF_INET6: pf_change_a6(daddr, &pd->hdr.icmp6->icmp6_cksum, &binat->saddr, 0); + rewrite++; break; #endif /* INET6 */ } @@ -3304,6 +3308,11 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, pf_insert_state(s); } + /* copy back packet headers if we performed IPv6 NAT operations */ + if (rewrite) + m_copyback(m, off, ICMP_MINLEN, + (caddr_t)pd->hdr.icmp6); + return (PF_PASS); } @@ -3787,6 +3796,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp, * Search for an ICMP state. */ struct pf_tree_key key; + int rewrite = 0; key.af = pd->af; key.proto = pd->proto; @@ -3822,6 +3832,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp, pf_change_a6(saddr, &pd->hdr.icmp6->icmp6_cksum, &(*state)->gwy.addr, 0); + rewrite++; break; #endif /* INET6 */ } @@ -3839,12 +3850,19 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp, pf_change_a6(daddr, &pd->hdr.icmp6->icmp6_cksum, &(*state)->lan.addr, 0); + rewrite++; break; #endif /* INET6 */ } } } + /* copy back packet headers if we performed IPv6 NAT */ + if (rewrite) + m_copyback(m, off, ICMP_MINLEN, + (caddr_t)pd->hdr.icmp6); + + return (PF_PASS); } else { |