Importing pfSense patch pf_icmp_redirect.diff

author: Matt Smith <mgsmith@netgate.com> 2015-11-18 10:30:51 -0600
committer: Matt Smith <mgsmith@netgate.com> 2015-11-18 10:30:51 -0600
commit: adeaf5af88652f43d1b16c70818ac27bbd5c86cf (patch)
tree: ba440689e54c49208103efef857b3dc5ee453328
parent: 829456fb3d26d2cee3067b5be2bbb7dcd4a646d3 (diff)
download: FreeBSD-src-adeaf5af88652f43d1b16c70818ac27bbd5c86cf.zip
FreeBSD-src-adeaf5af88652f43d1b16c70818ac27bbd5c86cf.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 6a52c4e..1de258e 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -5726,6 +5726,9 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		error = EMSGSIZE;
 		KMOD_IPSTAT_INC(ips_cantfrag);
 		if (r->rt != PF_DUPTO) {
+			if (s && pd->nat_rule != NULL)
+				pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir);
+
 			icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0,
 			    ifp->if_mtu);
 			goto done;
@@ -5934,9 +5937,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		nd6_output(ifp, ifp, m0, &dst, NULL);
 	else {
 		in6_ifstat_inc(ifp, ifs6_in_toobig);
-		if (r->rt != PF_DUPTO)
+		if (r->rt != PF_DUPTO) {
+			if (s && pd->nat_rule != NULL)
+				pf_packet_undo_nat(m0, pd, ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr), s, dir);
+
 			icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu);
-		else
+		} else
 			goto bad;
 	}
author	Matt Smith <mgsmith@netgate.com>	2015-11-18 10:30:51 -0600
committer	Matt Smith <mgsmith@netgate.com>	2015-11-18 10:30:51 -0600
commit	adeaf5af88652f43d1b16c70818ac27bbd5c86cf (patch)
tree	ba440689e54c49208103efef857b3dc5ee453328
parent	829456fb3d26d2cee3067b5be2bbb7dcd4a646d3 (diff)
download	FreeBSD-src-adeaf5af88652f43d1b16c70818ac27bbd5c86cf.zip FreeBSD-src-adeaf5af88652f43d1b16c70818ac27bbd5c86cf.tar.gz