diff options
author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2009-01-27 17:33:08 +0000 |
---|---|---|
committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2009-01-27 17:33:08 +0000 |
commit | 7ebd38d4ce3666448ef532f528da26a09d6831f5 (patch) | |
tree | 0bdefbadf32afb9f937094879f9fffd0d2534e4d /sys | |
parent | d50c70d2334f54d790dc84646d73c81fffba6ee9 (diff) |
If a packet translation was a NOP, undo separate NAT key and
pretend there was no match. This prevents pf_state_insert()
to fail with duplicate keys. OK henning@, mcbride@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 2170d959308..f222a6b48ac 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.628 2009/01/16 23:43:01 david Exp $ */ +/* $OpenBSD: pf.c,v 1.629 2009/01/27 17:33:07 mpf Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2753,6 +2753,15 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction, default: return (NULL); } + /* + * Translation was a NOP. + * Undo separate NAT key and pretend there was no match. + */ + if (!bcmp(*skp, *nkp, sizeof(struct pf_state_key_cmp))) { + pool_put(&pf_state_key_pl, *nkp); + *skw = *sks = *nkp = *skp; + return (NULL); + } } return (r); |