fix breakage in in-kernel NAT: the code did not honor

net.inet.ip.fw.one_pass and always moved to the next rule in case of a successful nat. This should fix several related PR (waiting for feedback before closing them) PR: 145167 149572 150141 MFC after: 3 days
author: luigi <luigi@FreeBSD.org> 2010-09-28 23:23:23 +0000
committer: luigi <luigi@FreeBSD.org> 2010-09-28 23:23:23 +0000
commit: c0dff81a760d578b010415f095a0a01e2657eced (patch)
tree: ea3acc3eecbeef72d1823a7e52c958b1a20eeb1c /sys/netinet
parent: 9c86b371d662f0277075f7439f90e8371c63493b (diff)
download: FreeBSD-src-c0dff81a760d578b010415f095a0a01e2657eced.zip
FreeBSD-src-c0dff81a760d578b010415f095a0a01e2657eced.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/netinet/ipfw/ip_fw_pfil.c b/sys/netinet/ipfw/ip_fw_pfil.c
index e87a4c9..248e4dd 100644
--- a/sys/netinet/ipfw/ip_fw_pfil.c
+++ b/sys/netinet/ipfw/ip_fw_pfil.c
@@ -231,6 +231,11 @@ again:
 		break;
 
 	case IP_FW_NAT:
+		/* honor one-pass in case of successful nat */
+		if (V_fw_one_pass)
+			break; /* ret is already 0 */
+		goto again;
+
 	case IP_FW_REASS:
 		goto again;		/* continue with packet */
author	luigi <luigi@FreeBSD.org>	2010-09-28 23:23:23 +0000
committer	luigi <luigi@FreeBSD.org>	2010-09-28 23:23:23 +0000
commit	c0dff81a760d578b010415f095a0a01e2657eced (patch)
tree	ea3acc3eecbeef72d1823a7e52c958b1a20eeb1c /sys/netinet
parent	9c86b371d662f0277075f7439f90e8371c63493b (diff)
download	FreeBSD-src-c0dff81a760d578b010415f095a0a01e2657eced.zip FreeBSD-src-c0dff81a760d578b010415f095a0a01e2657eced.tar.gz