Date: Sat, 21 May 2016 22:18:34 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 201519] pf NAT translates ICMP type 3 packects incorrectly Message-ID: <bug-201519-17777-bc1TzpX9YM@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-201519-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-201519-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D201519 Max <maximos@als.nnov.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |maximos@als.nnov.ru --- Comment #3 from Max <maximos@als.nnov.ru> --- This patch is not fully tested. releng/10.3. --- sys/netpfil/pf/pf.c.orig 2016-05-21 17:57:29.420602000 +0300 +++ sys/netpfil/pf/pf.c 2016-05-22 00:54:16.043961000 +0300 @@ -4793,8 +4793,7 @@ pf_test_state_icmp(struct pf_state **sta &nk->addr[pd2.didx], pd2.af) || nk->port[pd2.didx] !=3D th.th_dport) pf_change_icmp(pd2.dst, &th.th_dpor= t, - NULL, /* XXX Inbound NAT? */ - &nk->addr[pd2.didx], + saddr, &nk->addr[pd2.didx], nk->port[pd2.didx], NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, pd2.af); @@ -4866,8 +4865,7 @@ pf_test_state_icmp(struct pf_state **sta &nk->addr[pd2.didx], pd2.af) || nk->port[pd2.didx] !=3D uh.uh_dport) pf_change_icmp(pd2.dst, &uh.uh_dpor= t, - NULL, /* XXX Inbound NAT? */ - &nk->addr[pd2.didx], + saddr, &nk->addr[pd2.didx], nk->port[pd2.didx], &uh.uh_sum, pd2.ip_sum, icmpsum, pd->ip_sum, 1, pd2.af); @@ -4934,8 +4932,7 @@ pf_test_state_icmp(struct pf_state **sta &nk->addr[pd2.didx], pd2.af) || nk->port[pd2.didx] !=3D iih.icmp_id) pf_change_icmp(pd2.dst, &iih.icmp_i= d, - NULL, /* XXX Inbound NAT? */ - &nk->addr[pd2.didx], + saddr, &nk->addr[pd2.didx], nk->port[pd2.didx], NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET); @@ -4987,8 +4984,7 @@ pf_test_state_icmp(struct pf_state **sta &nk->addr[pd2.didx], pd2.af) || nk->port[pd2.didx] !=3D iih.icmp6_id) pf_change_icmp(pd2.dst, &iih.icmp6_= id, - NULL, /* XXX Inbound NAT? */ - &nk->addr[pd2.didx], + saddr, &nk->addr[pd2.didx], nk->port[pd2.didx], NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, AF_INET6); @@ -5027,8 +5023,7 @@ pf_test_state_icmp(struct pf_state **sta if (PF_ANEQ(pd2.dst, &nk->addr[pd2.didx], pd2.af)) - pf_change_icmp(pd2.src, NULL, - NULL, /* XXX Inbound NAT? */ + pf_change_icmp(pd2.dst, NULL, saddr, &nk->addr[pd2.didx], 0, NULL, pd2.ip_sum, icmpsum, pd->ip_sum, 0, pd2.af); --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201519-17777-bc1TzpX9YM>