Module Name: src
Committed By: darrenr
Date: Sat Jul 12 14:54:32 UTC 2014
Modified Files:
src/sys/external/bsd/ipf/netinet: ip_nat.c
Log Message:
PR kern/47665
For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather
than overloading those with "port" in them and expecting them to work.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/sys/external/bsd/ipf/netinet/ip_nat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/ip_nat.c
diff -u src/sys/external/bsd/ipf/netinet/ip_nat.c:1.12 src/sys/external/bsd/ipf/netinet/ip_nat.c:1.13
--- src/sys/external/bsd/ipf/netinet/ip_nat.c:1.12 Sat Jun 28 08:02:09 2014
+++ src/sys/external/bsd/ipf/netinet/ip_nat.c Sat Jul 12 14:54:32 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_nat.c,v 1.12 2014/06/28 08:02:09 darrenr Exp $ */
+/* $NetBSD: ip_nat.c,v 1.13 2014/07/12 14:54:32 darrenr Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -113,7 +113,7 @@ extern struct ifnet vpnif;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.12 2014/06/28 08:02:09 darrenr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.13 2014/07/12 14:54:32 darrenr Exp $");
#else
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_nat.c,v 1.1.1.2 2012/07/22 13:45:27 darrenr Exp";
@@ -3443,7 +3443,7 @@ ipf_nat_insert(ipf_main_softc_t *softc,
}
ret = ipf_nat_hashtab_add(softc, softn, nat);
- if (ret == -1)
+ if (ret != 0)
MUTEX_DESTROY(&nat->nat_lock);
return ret;
}
@@ -4081,7 +4081,7 @@ ipf_nat_inlookup(fr_info_t *fin, u_int f
continue;
} else if (p == IPPROTO_ICMP) {
- if (nat->nat_osport != dport) {
+ if (nat->nat_oicmpid != dport) {
continue;
}
}
@@ -4106,7 +4106,7 @@ ipf_nat_inlookup(fr_info_t *fin, u_int f
continue;
} else if (p == IPPROTO_ICMP) {
- if (nat->nat_osport != dport) {
+ if (nat->nat_nicmpid != dport) {
continue;
}
}
@@ -4408,7 +4408,7 @@ ipf_nat_outlookup(fr_info_t *fin, u_int
continue;
} else if (p == IPPROTO_ICMP) {
- if (nat->nat_osport != dport) {
+ if (nat->nat_nicmpid != dport) {
continue;
}
}
@@ -4428,7 +4428,7 @@ ipf_nat_outlookup(fr_info_t *fin, u_int
continue;
} else if (p == IPPROTO_ICMP) {
- if (nat->nat_osport != dport) {
+ if (nat->nat_oicmpid != dport) {
continue;
}
}
@@ -4818,7 +4818,6 @@ ipf_nat_checkout(fr_info_t *fin, u_32_t
nflags = IPN_UDP;
break;
case IPPROTO_ICMP :
-
/*
* This is an incoming packet, so the destination is
* the icmp_id and the source port equals 0
@@ -5185,9 +5184,18 @@ ipf_nat_out(fr_info_t *fin, nat_t *nat,
}
}
- if ((nat->nat_nsport != 0) && (nflags & IPN_ICMPQUERY)) {
+ if ((nat->nat_oicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
icmp = fin->fin_dp;
- icmp->icmp_id = nat->nat_nicmpid;
+
+ switch (nat->nat_dir)
+ {
+ case NAT_OUTBOUND :
+ icmp->icmp_id = nat->nat_nicmpid;
+ break;
+ case NAT_INBOUND :
+ icmp->icmp_id = nat->nat_oicmpid;
+ break;
+ }
}
csump = ipf_nat_proto(fin, nat, nflags);
@@ -5653,10 +5661,18 @@ ipf_nat_in(fr_info_t *fin, nat_t *nat, i
}
- if ((nat->nat_odport != 0) && (nflags & IPN_ICMPQUERY)) {
+ if ((nat->nat_oicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
icmp = fin->fin_dp;
- icmp->icmp_id = nat->nat_nicmpid;
+ switch (nat->nat_dir)
+ {
+ case NAT_INBOUND :
+ icmp->icmp_id = nat->nat_nicmpid;
+ break;
+ case NAT_OUTBOUND :
+ icmp->icmp_id = nat->nat_oicmpid;
+ break;
+ }
}
csump = ipf_nat_proto(fin, nat, nflags);
