pf: Fix ICMP translation

Fix ICMP source address rewriting in rdr scenarios. PR: 201519 Submitted by: Max <maximos@als.nnov.ru> MFC after: 1 week (cherry picked from commit e155a36ec0418be0b8147484b0644e5e50ab7d25)
author: kp <kp@FreeBSD.org> 2016-05-23 12:41:29 +0000
committer: Luiz Otavio O Souza <luiz@netgate.com> 2016-05-23 14:00:58 -0500
commit: ac26f7c44af17f07ae95d74e2ac9dd9e72d92c02 (patch)
tree: 2ae0762aa6d437e71268639975877c53a74ba029
parent: 3ef16fb22937fda756df399303c2a2b8ee053f4e (diff)
download: FreeBSD-src-ac26f7c44af17f07ae95d74e2ac9dd9e72d92c02.zip
FreeBSD-src-ac26f7c44af17f07ae95d74e2ac9dd9e72d92c02.tar.gz
1 files changed, 5 insertions, 10 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 280c78a..d93c776 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -5100,8 +5100,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				    &nk->addr[pd2.didx], pd2.af) ||
 				    nk->port[pd2.didx] != th.th_dport)
 					pf_change_icmp(pd2.dst, &th.th_dport,
-					    NULL, /* XXX Inbound NAT? */
-					    &nk->addr[pd2.didx],
+					    saddr, &nk->addr[pd2.didx],
 					    nk->port[pd2.didx], NULL,
 					    pd2.ip_sum, icmpsum,
 					    pd->ip_sum, 0, pd2.af);
@@ -5173,8 +5172,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				    &nk->addr[pd2.didx], pd2.af) ||
 				    nk->port[pd2.didx] != uh.uh_dport)
 					pf_change_icmp(pd2.dst, &uh.uh_dport,
-					    NULL, /* XXX Inbound NAT? */
-					    &nk->addr[pd2.didx],
+					    saddr, &nk->addr[pd2.didx],
 					    nk->port[pd2.didx], &uh.uh_sum,
 					    pd2.ip_sum, icmpsum,
 					    pd->ip_sum, 1, pd2.af);
@@ -5241,8 +5239,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				    &nk->addr[pd2.didx], pd2.af) ||
 				    nk->port[pd2.didx] != iih.icmp_id)
 					pf_change_icmp(pd2.dst, &iih.icmp_id,
-					    NULL, /* XXX Inbound NAT? */
-					    &nk->addr[pd2.didx],
+					    saddr, &nk->addr[pd2.didx],
 					    nk->port[pd2.didx], NULL,
 					    pd2.ip_sum, icmpsum,
 					    pd->ip_sum, 0, AF_INET);
@@ -5294,8 +5291,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				    &nk->addr[pd2.didx], pd2.af) ||
 				    nk->port[pd2.didx] != iih.icmp6_id)
 					pf_change_icmp(pd2.dst, &iih.icmp6_id,
-					    NULL, /* XXX Inbound NAT? */
-					    &nk->addr[pd2.didx],
+					    saddr, &nk->addr[pd2.didx],
 					    nk->port[pd2.didx], NULL,
 					    pd2.ip_sum, icmpsum,
 					    pd->ip_sum, 0, AF_INET6);
@@ -5334,8 +5330,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 
 				if (PF_ANEQ(pd2.dst,
 				    &nk->addr[pd2.didx], pd2.af))
-					pf_change_icmp(pd2.src, NULL,
-					    NULL, /* XXX Inbound NAT? */
+					pf_change_icmp(pd2.src, NULL, saddr,
 					    &nk->addr[pd2.didx], 0, NULL,
 					    pd2.ip_sum, icmpsum,
 					    pd->ip_sum, 0, pd2.af);
author	kp <kp@FreeBSD.org>	2016-05-23 12:41:29 +0000
committer	Luiz Otavio O Souza <luiz@netgate.com>	2016-05-23 14:00:58 -0500
commit	ac26f7c44af17f07ae95d74e2ac9dd9e72d92c02 (patch)
tree	2ae0762aa6d437e71268639975877c53a74ba029
parent	3ef16fb22937fda756df399303c2a2b8ee053f4e (diff)
download	FreeBSD-src-ac26f7c44af17f07ae95d74e2ac9dd9e72d92c02.zip FreeBSD-src-ac26f7c44af17f07ae95d74e2ac9dd9e72d92c02.tar.gz