diff options
author | Matt Smith <mgsmith@netgate.com> | 2015-11-18 10:30:51 -0600 |
---|---|---|
committer | Matt Smith <mgsmith@netgate.com> | 2015-11-18 10:30:51 -0600 |
commit | adeaf5af88652f43d1b16c70818ac27bbd5c86cf (patch) | |
tree | ba440689e54c49208103efef857b3dc5ee453328 | |
parent | 829456fb3d26d2cee3067b5be2bbb7dcd4a646d3 (diff) | |
download | FreeBSD-src-adeaf5af88652f43d1b16c70818ac27bbd5c86cf.zip FreeBSD-src-adeaf5af88652f43d1b16c70818ac27bbd5c86cf.tar.gz |
Importing pfSense patch pf_icmp_redirect.diff
-rw-r--r-- | sys/netpfil/pf/pf.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 6a52c4e..1de258e 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5726,6 +5726,9 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, error = EMSGSIZE; KMOD_IPSTAT_INC(ips_cantfrag); if (r->rt != PF_DUPTO) { + if (s && pd->nat_rule != NULL) + pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir); + icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0, ifp->if_mtu); goto done; @@ -5934,9 +5937,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, nd6_output(ifp, ifp, m0, &dst, NULL); else { in6_ifstat_inc(ifp, ifs6_in_toobig); - if (r->rt != PF_DUPTO) + if (r->rt != PF_DUPTO) { + if (s && pd->nat_rule != NULL) + pf_packet_undo_nat(m0, pd, ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr), s, dir); + icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu); - else + } else goto bad; } |