diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-17 13:53:12 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-17 13:53:12 -0300 |
commit | fa9181508d9f4170f8a35bdfbe349210c30dbceb (patch) | |
tree | b6f80c569dbf9c94976040816dc688eb1f3ce2ad | |
parent | cf3bb1a7166bec431631defe01c8d4e706a99638 (diff) | |
download | FreeBSD-src-fa9181508d9f4170f8a35bdfbe349210c30dbceb.zip FreeBSD-src-fa9181508d9f4170f8a35bdfbe349210c30dbceb.tar.gz |
Importing pfSense patch pf_route_to_daemon_friendly.RELENG_10.diff
-rw-r--r-- | sys/netpfil/pf/pf.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 6bfc728..76cfebc 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5690,6 +5690,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, if (oifp != ifp) { if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address list?! */ return; + + if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL && + r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) { + pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir); + } + if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS) goto bad; else if (m0 == NULL) @@ -5919,6 +5925,13 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, return; if (oifp != ifp) { + + if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL && + r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) { + int ip_off = ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr); + pf_packet_undo_nat(m0, pd, ip_off, s, dir); + } + if (pf_test6(PF_FWD, ifp, &m0, NULL) != PF_PASS) goto bad; else if (m0 == NULL) |