[Bug 201519] pf NAT translates ICMP type 3 packects incorrectly
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat May 21 22:18:34 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519
Max <maximos at als.nnov.ru> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |maximos at als.nnov.ru
--- Comment #3 from Max <maximos at als.nnov.ru> ---
This patch is not fully tested. releng/10.3.
--- sys/netpfil/pf/pf.c.orig 2016-05-21 17:57:29.420602000 +0300
+++ sys/netpfil/pf/pf.c 2016-05-22 00:54:16.043961000 +0300
@@ -4793,8 +4793,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != th.th_dport)
pf_change_icmp(pd2.dst, &th.th_dport,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, pd2.af);
@@ -4866,8 +4865,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != uh.uh_dport)
pf_change_icmp(pd2.dst, &uh.uh_dport,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], &uh.uh_sum,
pd2.ip_sum, icmpsum,
pd->ip_sum, 1, pd2.af);
@@ -4934,8 +4932,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != iih.icmp_id)
pf_change_icmp(pd2.dst, &iih.icmp_id,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, AF_INET);
@@ -4987,8 +4984,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != iih.icmp6_id)
pf_change_icmp(pd2.dst, &iih.icmp6_id,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, AF_INET6);
@@ -5027,8 +5023,7 @@ pf_test_state_icmp(struct pf_state **sta
if (PF_ANEQ(pd2.dst,
&nk->addr[pd2.didx], pd2.af))
- pf_change_icmp(pd2.src, NULL,
- NULL, /* XXX Inbound NAT? */
+ pf_change_icmp(pd2.dst, NULL, saddr,
&nk->addr[pd2.didx], 0, NULL,
pd2.ip_sum, icmpsum,
pd->ip_sum, 0, pd2.af);
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list