fix breakage in in-kernel NAT: the code did not honor

net.inet.ip.fw.one_pass and always moved to the next rule in case of a successful nat. This should fix several related PR (waiting for feedback before closing them) PR: 145167 149572 150141 MFC after: 3 days
2010-09-28 23:23:23 +00:00 · 2010-09-28 23:23:23 +00:00 · 8d74ca8ce9
commit 8d74ca8ce9
parent c08e545e99
1 changed files with 5 additions and 0 deletions
--- a/sys/netinet/ipfw/ip_fw_pfil.c
+++ b/sys/netinet/ipfw/ip_fw_pfil.c
@ -231,6 +231,11 @@ again:
 		break;

 	case IP_FW_NAT:
+		/* honor one-pass in case of successful nat */
+		if (V_fw_one_pass)
+			break; /* ret is already 0 */
+		goto again;
+
 	case IP_FW_REASS:
 		goto again;		/* continue with packet */