d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix breakage in in-kernel NAT: the code did not honor

Browse Source 
net.inet.ip.fw.one_pass and always moved to the next rule
in case of a successful nat.

This should fix several related PR (waiting for feedback
before closing them)

PR:		145167 149572 150141
MFC after:	3 days
This commit is contained in:
Luigi Rizzo 2010-09-28 23:23:23 +00:00
parent c08e545e99
commit 8d74ca8ce9
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=213254
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/netinet/ipfw/ip_fw_pfil.c
View File

@ -231,6 +231,11 @@ ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
break; break;
case IP_FW_NAT: case IP_FW_NAT:
/* honor one-pass in case of successful nat */
if (V_fw_one_pass)
break; /* ret is already 0 */
goto again;
case IP_FW_REASS: case IP_FW_REASS:
goto again; /* continue with packet */ goto again; /* continue with packet */