From ca0f03e808edc4f54bfcb16b46532604ecad83a8 Mon Sep 17 00:00:00 2001
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Mon, 11 Mar 2019 10:42:09 +0000
Subject: [PATCH] Add IP_FW_NAT64 to codes that ipfw_chk() can return.

It will be used by upcoming NAT64 changes. We use separate code
to avoid propogating EACCES error code to user level applications
when NAT64 consumes a packet.

Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
---
 sys/netpfil/ipfw/ip_fw_pfil.c    | 4 ++++
 sys/netpfil/ipfw/ip_fw_private.h | 1 +
 2 files changed, 5 insertions(+)

diff --git a/sys/netpfil/ipfw/ip_fw_pfil.c b/sys/netpfil/ipfw/ip_fw_pfil.c
index 25726bd4636e..440d73e3f1fa 100644
--- a/sys/netpfil/ipfw/ip_fw_pfil.c
+++ b/sys/netpfil/ipfw/ip_fw_pfil.c
@@ -313,6 +313,10 @@ ipfw_check_packet(struct mbuf **m0, struct ifnet *ifp, int dir,
 	case IP_FW_REASS:
 		goto again;		/* continue with packet */
 
+	case IP_FW_NAT64:
+		ret = PFIL_CONSUMED;
+		break;
+
 	default:
 		KASSERT(0, ("%s: unknown retval", __func__));
 	}
diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h
index e0e24122168b..c01fc57c3b49 100644
--- a/sys/netpfil/ipfw/ip_fw_private.h
+++ b/sys/netpfil/ipfw/ip_fw_private.h
@@ -61,6 +61,7 @@ enum {
 	IP_FW_NGTEE,
 	IP_FW_NAT,
 	IP_FW_REASS,
+	IP_FW_NAT64,
 };
 
 /*