Date: Sat, 21 May 2016 23:20:17 +0300 From: Max <maximos@als.nnov.ru> To: freebsd-pf@freebsd.org Subject: Re: Bug 201519 Message-ID: <8412061b-2bd3-0cc0-fc9f-99b81c653aae@als.nnov.ru> In-Reply-To: <20160521195406.GO15034@home.opsec.eu> References: <deb597cf-0c92-3d77-38f6-a03120f7e3ad@als.nnov.ru> <20160521195406.GO15034@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Kurt. It`s incomplete. I have tested only the case when inner packet is UDP. Other cases should be tested I think. Actually the patch was mentioned in Alexey's message (http://openbsd-archive.7691.n7.nabble.com/system-6564-pf-not-nating-does-not-see-icmp4-port-unreachable-packets-from-machine-behind-pf-td187997.html). Someone with more experience (then me) should review this patch. 21.05.2016 22:54, Kurt Jaeger пишет: > Hi! > >> I have patched and tested "case IPPROTO_UDP". It works. Other cases >> should work too I think. >> >> It's against releng/10.3 >> --- sys/netpfil/pf/pf.c.orig 2016-05-21 17:57:29.420602000 +0300 >> +++ sys/netpfil/pf/pf.c 2016-05-21 18:01:09.119724000 +0300 >> @@ -4866,8 +4866,7 @@ pf_test_state_icmp(struct pf_state **sta >> &nk->addr[pd2.didx], pd2.af) || >> nk->port[pd2.didx] != uh.uh_dport) >> pf_change_icmp(pd2.dst, >> &uh.uh_dport, >> - NULL, /* XXX Inbound NAT? */ >> - &nk->addr[pd2.didx], >> + saddr, &nk->addr[pd2.didx], >> nk->port[pd2.didx], &uh.uh_sum, >> pd2.ip_sum, icmpsum, >> pd->ip_sum, 1, pd2.af); >> > Can you add this patch to the PR you mention ? >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8412061b-2bd3-0cc0-fc9f-99b81c653aae>