From d4f925e4df3a58f927a105afb7da4de67b444212 Mon Sep 17 00:00:00 2001 From: Daniel Hartmeier Date: Thu, 20 Jan 2005 18:07:35 +0000 Subject: [PATCH] Use the packet's address family instead of the rule's when selecting a replacement address for an rdr rule. Some rdr rules have no address family (when the replacement is a table and no other criterion implies one AF). In this case, pf would fail to select a replacement address and drop the packet due to translation failure. Found by: Gustavo A. Baratto --- sys/contrib/pf/net/pf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index 22ece97338fd..d71a43504e5d 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -2362,7 +2362,7 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction, } break; case PF_RDR: { - if (pf_map_addr(r->af, r, saddr, naddr, NULL, sn)) + if (pf_map_addr(pd->af, r, saddr, naddr, NULL, sn)) return (NULL); if (r->rpool.proxy_port[1]) {