Use the packet's address family instead of the rule's when selecting a

replacement address for an rdr rule. Some rdr rules have no address family (when the replacement is a table and no other criterion implies one AF). In this case, pf would fail to select a replacement address and drop the packet due to translation failure. Found by: Gustavo A. Baratto
2005-01-20 18:07:35 +00:00 · 2005-01-20 18:07:35 +00:00 · d4f925e4df
commit d4f925e4df
parent 9086083a9a
1 changed files with 1 additions and 1 deletions
--- a/sys/contrib/pf/net/pf.c
+++ b/sys/contrib/pf/net/pf.c
@ -2362,7 +2362,7 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,
 			}
 			break;
 		case PF_RDR: {
-			if (pf_map_addr(r->af, r, saddr, naddr, NULL, sn))
+			if (pf_map_addr(pd->af, r, saddr, naddr, NULL, sn))
 				return (NULL);

 			if (r->rpool.proxy_port[1]) {