diff options
| -rw-r--r-- | sys/netpfil/pf/pf.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 6bfc728..76cfebc 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5690,6 +5690,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, if (oifp != ifp) { if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address list?! */ return; + + if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL && + r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) { + pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir); + } + if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS) goto bad; else if (m0 == NULL) @@ -5919,6 +5925,13 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, return; if (oifp != ifp) { + + if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL && + r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) { + int ip_off = ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr); + pf_packet_undo_nat(m0, pd, ip_off, s, dir); + } + if (pf_test6(PF_FWD, ifp, &m0, NULL) != PF_PASS) goto bad; else if (m0 == NULL) |
