kern/122109: [ipfw] ipfw nat traceroute problem
Alexander V. Chernikov
melifaro at ipfw.ru
Tue Sep 21 21:30:09 UTC 2010
The following reply was made to PR kern/122109; it has been noted by GNATS.
From: "Alexander V. Chernikov" <melifaro at ipfw.ru>
To: bug-followup at FreeBSD.org, m.dyadchenko at 211.ru
Cc:
Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem
Date: Wed, 22 Sep 2010 01:24:40 +0400
Problem can be fixed with a small patch:
--- /usr/src/sys/netinet/libalias/alias.c.orig 2010-09-22
01:07:19.000000000 +0400
+++ /usr/src/sys/netinet/libalias/alias.c 2010-09-22
01:11:11.000000000 +0400
@@ -432,7 +432,7 @@
}
return (PKT_ALIAS_OK);
}
- return (PKT_ALIAS_IGNORED);
+ return (PKT_ALIAS_OK);
}
IcmpAliasIn2() doesn't create state for incoming packets (like
IcmpAliasIn1() does)
IcmpAliasIn2() is called only in case of
ICMP_UNREACH|ICMP_SOURCEQUENCH|ICMP_TIMXCEED|ICMP_PARAMPROB
If incoming icmp packet of given type is not found in internal state
table we can just pass it to the host system (back to ipfw or netgraph
hook, really) without even creating state
More information about the freebsd-ipfw
mailing list