From owner-svn-src-all@freebsd.org Wed May 10 19:41:54 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A19FD5B449; Wed, 10 May 2017 19:41:54 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 10AE31783; Wed, 10 May 2017 19:41:53 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4AJfrAO010172; Wed, 10 May 2017 19:41:53 GMT (envelope-from eugen@FreeBSD.org) Received: (from eugen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4AJfrfF010171; Wed, 10 May 2017 19:41:53 GMT (envelope-from eugen@FreeBSD.org) Message-Id: <201705101941.v4AJfrfF010171@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eugen set sender to eugen@FreeBSD.org using -f From: Eugene Grosbein Date: Wed, 10 May 2017 19:41:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r318150 - head/sys/netinet/libalias X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 May 2017 19:41:54 -0000 Author: eugen (ports committer) Date: Wed May 10 19:41:52 2017 New Revision: 318150 URL: https://svnweb.freebsd.org/changeset/base/318150 Log: ipfw nat and natd support multiple aliasing instances with "nat global" feature that chooses right alias_address for outgoing packets that already have corresponding state in one of aliasing instances. This feature works just fine for ICMP, UDP, TCP and SCTP packes but not for others. For example, outgoing PPtP/GRE packets always get alias_address of latest configured instance no matter whether such packets have corresponding state or not. This change unbreaks translation of transit PPtP/GRE connections for "nat global" case fixing a bug in static ProtoAliasOut() function that ignores its "create" argument and performs translation regardless of its value. This static function is called only by LibAliasOutLocked() function and only for packers other than ICMP, UDP, TCP and SCTP. LibAliasOutLocked() passes its "create" argument unmodified. We have only two consumers of LibAliasOutLocked() in the source tree calling it with "create" unequal to 1: "ipfw nat global" code and similar natd code having same problem. All other consumers of LibAliasOutLocked() call it with create = 1 and the patch is "no-op" for such cases. PR: 218968 Approved by: ae, vsevolod (mentor) MFC after: 1 week Modified: head/sys/netinet/libalias/alias.c Modified: head/sys/netinet/libalias/alias.c ============================================================================== --- head/sys/netinet/libalias/alias.c Wed May 10 18:59:20 2017 (r318149) +++ head/sys/netinet/libalias/alias.c Wed May 10 19:41:52 2017 (r318150) @@ -699,12 +699,14 @@ ProtoAliasOut(struct libalias *la, struc struct alias_link *lnk; LIBALIAS_LOCK_ASSERT(la); - (void)create; /* Return if proxy-only mode is enabled */ if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) return (PKT_ALIAS_OK); + if (!create) + return (PKT_ALIAS_IGNORED); + lnk = FindProtoOut(la, *ip_src, ip_dst, ip_p); if (lnk != NULL) { struct in_addr alias_address;