diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-17 13:53:21 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-17 13:53:21 -0300 |
commit | fb8160d0fb248c35e8bc74d67dcca6c22e974db3 (patch) | |
tree | 5f2e6f2c1222b9418347a2d4ba9c871b6f5d002a | |
parent | 28d8a8231c2378662bd19477648692aaa16ae6e7 (diff) | |
download | FreeBSD-src-fb8160d0fb248c35e8bc74d67dcca6c22e974db3.zip FreeBSD-src-fb8160d0fb248c35e8bc74d67dcca6c22e974db3.tar.gz |
Importing pfSense patch pf_icmp_redirect.diff
-rw-r--r-- | sys/netpfil/pf/pf.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 95308ff..a370958 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5765,6 +5765,9 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, error = EMSGSIZE; KMOD_IPSTAT_INC(ips_cantfrag); if (r->rt != PF_DUPTO) { + if (s && pd->nat_rule != NULL) + pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir); + icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0, ifp->if_mtu); goto done; @@ -5974,9 +5977,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, nd6_output(ifp, ifp, m0, &dst, NULL); else { in6_ifstat_inc(ifp, ifs6_in_toobig); - if (r->rt != PF_DUPTO) + if (r->rt != PF_DUPTO) { + if (s && pd->nat_rule != NULL) + pf_packet_undo_nat(m0, pd, ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr), s, dir); + icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu); - else + } else goto bad; } |