Importing pfSense patch pf_route_to_daemon_friendly.RELENG_10.diff

1 files changed, 13 insertions, 0 deletions

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 6bfc728..76cfebc 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -5690,6 +5690,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	if (oifp != ifp) {
 		if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address list?! */
 			return;
+
+		if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL &&
+			r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) {
+			pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir);
+		}
+
 		if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS)
 			goto bad;
 		else if (m0 == NULL)
@@ -5919,6 +5925,13 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 	       return;
 
 	if (oifp != ifp) {
+
+		if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL &&
+			r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) {
+			int ip_off =  ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr);
+			pf_packet_undo_nat(m0, pd, ip_off, s, dir);
+		}
+
 		if (pf_test6(PF_FWD, ifp, &m0, NULL) != PF_PASS)
 			goto bad;
 		else if (m0 == NULL)