Hi, Kurt.
It`s incomplete. I have tested only the case when inner packet is UDP.
Other cases should be tested I think.
Actually the patch was mentioned in Alexey's message
(http://openbsd-archive.7691.n7.nabble.com/system-6564-pf-not-nating-does-not-see-icmp4-port-unreachable-packets-from-machine-behind-pf-td187997.html).
Someone with more experience (then me) should review this patch.
21.05.2016 22:54, Kurt Jaeger пишет:
Hi!
I have patched and tested "case IPPROTO_UDP". It works. Other cases
should work too I think.
It's against releng/10.3
--- sys/netpfil/pf/pf.c.orig 2016-05-21 17:57:29.420602000 +0300
+++ sys/netpfil/pf/pf.c 2016-05-21 18:01:09.119724000 +0300
@@ -4866,8 +4866,7 @@ pf_test_state_icmp(struct pf_state **sta
&nk->addr[pd2.didx], pd2.af) ||
nk->port[pd2.didx] != uh.uh_dport)
pf_change_icmp(pd2.dst,
&uh.uh_dport,
- NULL, /* XXX Inbound NAT? */
- &nk->addr[pd2.didx],
+ saddr, &nk->addr[pd2.didx],
nk->port[pd2.didx], &uh.uh_sum,
pd2.ip_sum, icmpsum,
pd->ip_sum, 1, pd2.af);
Can you add this patch to the PR you mention ?
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
