Importing pfSense patch pf_icmp_redirect.diff

author: Renato Botelho <renato@netgate.com> 2015-08-17 13:53:21 -0300
committer: Renato Botelho <renato@netgate.com> 2015-08-17 13:53:21 -0300
commit: fb8160d0fb248c35e8bc74d67dcca6c22e974db3 (patch)
tree: 5f2e6f2c1222b9418347a2d4ba9c871b6f5d002a /sys/netpfil
parent: 28d8a8231c2378662bd19477648692aaa16ae6e7 (diff)
download: FreeBSD-src-fb8160d0fb248c35e8bc74d67dcca6c22e974db3.zip
FreeBSD-src-fb8160d0fb248c35e8bc74d67dcca6c22e974db3.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 95308ff..a370958 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -5765,6 +5765,9 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		error = EMSGSIZE;
 		KMOD_IPSTAT_INC(ips_cantfrag);
 		if (r->rt != PF_DUPTO) {
+			if (s && pd->nat_rule != NULL)
+				pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir);
+
 			icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0,
 			    ifp->if_mtu);
 			goto done;
@@ -5974,9 +5977,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		nd6_output(ifp, ifp, m0, &dst, NULL);
 	else {
 		in6_ifstat_inc(ifp, ifs6_in_toobig);
-		if (r->rt != PF_DUPTO)
+		if (r->rt != PF_DUPTO) {
+			if (s && pd->nat_rule != NULL)
+				pf_packet_undo_nat(m0, pd, ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr), s, dir);
+
 			icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu);
-		else
+		} else
 			goto bad;
 	}
author	Renato Botelho <renato@netgate.com>	2015-08-17 13:53:21 -0300
committer	Renato Botelho <renato@netgate.com>	2015-08-17 13:53:21 -0300
commit	fb8160d0fb248c35e8bc74d67dcca6c22e974db3 (patch)
tree	5f2e6f2c1222b9418347a2d4ba9c871b6f5d002a /sys/netpfil
parent	28d8a8231c2378662bd19477648692aaa16ae6e7 (diff)
download	FreeBSD-src-fb8160d0fb248c35e8bc74d67dcca6c22e974db3.zip FreeBSD-src-fb8160d0fb248c35e8bc74d67dcca6c22e974db3.tar.gz