summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMarco Pfatschbacher <mpf@cvs.openbsd.org>2009-01-27 17:33:08 +0000
committerMarco Pfatschbacher <mpf@cvs.openbsd.org>2009-01-27 17:33:08 +0000
commit7ebd38d4ce3666448ef532f528da26a09d6831f5 (patch)
tree0bdefbadf32afb9f937094879f9fffd0d2534e4d /sys
parentd50c70d2334f54d790dc84646d73c81fffba6ee9 (diff)
If a packet translation was a NOP, undo separate NAT key and
pretend there was no match. This prevents pf_state_insert() to fail with duplicate keys. OK henning@, mcbride@
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 2170d959308..f222a6b48ac 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.628 2009/01/16 23:43:01 david Exp $ */
+/* $OpenBSD: pf.c,v 1.629 2009/01/27 17:33:07 mpf Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2753,6 +2753,15 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,
default:
return (NULL);
}
+ /*
+ * Translation was a NOP.
+ * Undo separate NAT key and pretend there was no match.
+ */
+ if (!bcmp(*skp, *nkp, sizeof(struct pf_state_key_cmp))) {
+ pool_put(&pf_state_key_pl, *nkp);
+ *skw = *sks = *nkp = *skp;
+ return (NULL);
+ }
}
return (r);