From 8a377db272f01022b648ec46ec70d8faa7d44c9b Mon Sep 17 00:00:00 2001 From: Darren Reed Date: Fri, 17 Dec 2004 02:29:34 +0000 Subject: [PATCH] Allow ipnat redirect rules to work for non-TCP/UDP packets. PR: 70038 Submitted by: fming@borderware.com Reviewed by: darrenr Obtained from: fming@borderware.com --- sys/contrib/ipfilter/netinet/ip_nat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sys/contrib/ipfilter/netinet/ip_nat.c b/sys/contrib/ipfilter/netinet/ip_nat.c index 49de89bf748d..997b59dfa153 100644 --- a/sys/contrib/ipfilter/netinet/ip_nat.c +++ b/sys/contrib/ipfilter/netinet/ip_nat.c @@ -132,7 +132,7 @@ u_long fr_defnatage = DEF_NAT_AGE, fr_defnaticmpage = 6; /* 3 seconds */ natstat_t nat_stats; int fr_nat_lock = 0; -#if (SOLARIS || defined(__sgi)) && defined(_KERNEL) +#ifdef USE_MUTEX extern kmutex_t ipf_rw; extern KRWLOCK_T ipf_nat; #endif @@ -2613,8 +2613,10 @@ maskloop: hv = NAT_HASH_FN(iph, 0, ipf_rdrrules_sz); for (np = rdr_rules[hv]; np; np = np->in_rnext) { if ((np->in_ifp && (np->in_ifp != ifp)) || - (np->in_p && (np->in_p != fin->fin_p)) || - (np->in_flags && !(nflags & np->in_flags))) + (np->in_p && (np->in_p != fin->fin_p))) + continue; + if ((np->in_flags & IPN_RF) && + !(nflags & np->in_flags)) continue; if (np->in_flags & IPN_FILTER) { if (!nat_match(fin, np, ip))