hi, in pf_translate, when we're changing addresses for the icmp messages
there's an unjustified fallthrough in the IPPROTO_ICMPV6 case. in fact
this doesn't seem to harm anything because default case performs the
same operation. note that pd->ip_sum is null in ipv6 case so pf_change_a6
just punches a translation address to the packet with PF_ACPY.
henning@ agrees that this fallthrough was introduced by mistake, but we
won't mind if somebody with pf knowledge will glance through the code.
cvs diff -r1.657 -r1.658 pf.c might be handy.
ok?
Index: pf.c
===================================================================
RCS file: /home/cvs/src/sys/net/pf.c,v
retrieving revision 1.722
diff -u -p -U10 -r1.722 pf.c
--- pf.c 22 Jan 2011 11:43:57 -0000 1.722
+++ pf.c 2 Feb 2011 15:01:38 -0000
@@ -3342,21 +3342,21 @@ pf_translate(struct pf_pdesc *pd, struct
&pd->hdr.icmp6->icmp6_cksum, saddr, 0);
rewrite = 1;
}
if (PF_ANEQ(daddr, pd->dst, pd->af)) {
pf_change_a6(pd->dst,
&pd->hdr.icmp6->icmp6_cksum, daddr, 0);
rewrite = 1;
}
break;
}
- /* FALLTHROUGH */
+ break;
#endif /* INET6 */
default:
switch (pd->af) {
#ifdef INET
case AF_INET:
if (PF_ANEQ(saddr, pd->src, pd->af)) {
pf_change_a(&pd->src->v4.s_addr, pd->ip_sum,
saddr->v4.s_addr, 0);
rewrite = 1;
