ipfw nat and natd support multiple aliasing instances with "nat global" feature

that chooses right alias_address for outgoing packets that already have corresponding state in one of aliasing instances. This feature works just fine for ICMP, UDP, TCP and SCTP packes but not for others. For example, outgoing PPtP/GRE packets always get alias_address of latest configured instance no matter whether such packets have corresponding state or not. This change unbreaks translation of transit PPtP/GRE connections for "nat global" case fixing a bug in static ProtoAliasOut() function that ignores its "create" argument and performs translation regardless of its value. This static function is called only by LibAliasOutLocked() function and only for packers other than ICMP, UDP, TCP and SCTP. LibAliasOutLocked() passes its "create" argument unmodified. We have only two consumers of LibAliasOutLocked() in the source tree calling it with "create" unequal to 1: "ipfw nat global" code and similar natd code having same problem. All other consumers of LibAliasOutLocked() call it with create = 1 and the patch is "no-op" for such cases. PR: 218968 Approved by: ae, vsevolod (mentor) MFC after: 1 week
svn path=/head/; revision=318150
2017-05-10 19:41:52 +00:00 · 2017-05-10 19:41:52 +00:00 · 1a356b8b90 · 2020-12-20 02:59:44 +00:00
commit 1a356b8b90
parent 6e105d4e35
1 changed files with 3 additions and 1 deletions
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@ -699,12 +699,14 @@ ProtoAliasOut(struct libalias *la, struct in_addr *ip_src,
 	struct alias_link *lnk;

 	LIBALIAS_LOCK_ASSERT(la);
-	(void)create;

 /* Return if proxy-only mode is enabled */
 	if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY)
 		return (PKT_ALIAS_OK);

+	if (!create)
+		return (PKT_ALIAS_IGNORED);
+
 	lnk = FindProtoOut(la, *ip_src, ip_dst, ip_p);
 	if (lnk != NULL) {
 		struct in_addr alias_address;