Fix ipfilter bug 3600459 NAT bucket count wrong.

Obtained from:	ipfilter cvs repo r1.48.2.25
MFC after:	2 weeks

2 files changed, 14 insertions, 1 deletions

diff --git a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
index 93ea572..72f67d7 100644
--- a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
@@ -1104,6 +1104,18 @@ ipf_checkv4sum(fin)
 		return -1;
 	}
 	if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID) {
+		/* UDP may have zero checksum */
+		if (fin->fin_p == IPPROTO_UDP && (fin->fin_flx & (FI_FRAG|FI_SHORT|FI_BAD)) == 0) {
+			udphdr_t *udp = fin->fin_dp;
+			if (udp->uh_sum == 0) {
+				/* we're good no matter what the hardware checksum flags
+				   and csum_data say (handling of csum_data for zero UDP
+				   checksum is not consistent across all drivers) */
+				fin->fin_cksum = 1;
+				return 0;
+			}
+		}
+
 		if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
 			sum = m->m_pkthdr.csum_data;
 		else
diff --git a/sys/contrib/ipfilter/netinet/ip_state.c b/sys/contrib/ipfilter/netinet/ip_state.c
index ad2bf38..a3930ea 100644
--- a/sys/contrib/ipfilter/netinet/ip_state.c
+++ b/sys/contrib/ipfilter/netinet/ip_state.c
@@ -3646,7 +3646,8 @@ ipf_state_del(softc, is, why)
 		is->is_me = NULL;
 		is->is_ref--;
 	}
-	if (is->is_ref > 1) {
+	is->is_ref--;
+	if (is->is_ref > 0) {
 		int refs;
 
 		is->is_ref--;