d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pf: Fix ICMP translation

Browse Source 
Fix ICMP source address rewriting in rdr scenarios.

PR:		201519
Submitted by:	Max <maximos@als.nnov.ru>
MFC after:	1 week
This commit is contained in:
Kristof Provost 2016-05-23 12:41:29 +00:00
parent aef2a67b83
commit c0c82715b8
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=300501
1 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
sys/netpfil/pf/pf.c
View File

@ -4784,8 +4784,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != th.th_dport)
pf_change_icmp(pd2.dst, &th.th_dport,
NULL, /* XXX Inbound NAT? */
&nk->addr[pd2.didx],
saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, pd2.af);
@ -4857,8 +4856,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != uh.uh_dport)
pf_change_icmp(pd2.dst, &uh.uh_dport,
NULL, /* XXX Inbound NAT? */
&nk->addr[pd2.didx],
saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], &uh.uh_sum,
pd2.ip_sum, icmpsum,
pd->ip_sum, 1, pd2.af);
@ -4925,8 +4923,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != iih.icmp_id)
pf_change_icmp(pd2.dst, &iih.icmp_id,
NULL, /* XXX Inbound NAT? */
&nk->addr[pd2.didx],
saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, AF_INET);
@ -4978,8 +4975,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != iih.icmp6_id)
pf_change_icmp(pd2.dst, &iih.icmp6_id,
NULL, /* XXX Inbound NAT? */
&nk->addr[pd2.didx],
saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, AF_INET6);
@ -5018,8 +5014,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
if (PF_ANEQ(pd2.dst,
&nk->addr[pd2.didx], pd2.af))
pf_change_icmp(pd2.src, NULL,
NULL, /* XXX Inbound NAT? */
pf_change_icmp(pd2.src, NULL, saddr,
&nk->addr[pd2.didx], 0, NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, pd2.af);