Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PR kern/47665 

For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather
than overloading those with "port" in them and expecting them to work.
This commit is contained in:
darrenr 2014-07-12 14:54:32 +00:00
parent cccb715a0e
commit 5446176ae4
1 changed files with 28 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
sys/external/bsd/ipf/netinet/ip_nat.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_nat.c,v 1.12 2014/06/28 08:02:09 darrenr Exp $ */
/* $NetBSD: ip_nat.c,v 1.13 2014/07/12 14:54:32 darrenr Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@ -113,7 +113,7 @@ extern struct ifnet vpnif;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.12 2014/06/28 08:02:09 darrenr Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.13 2014/07/12 14:54:32 darrenr Exp $");
#else
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_nat.c,v 1.1.1.2 2012/07/22 13:45:27 darrenr Exp";
@ -3443,7 +3443,7 @@ ipf_nat_insert(ipf_main_softc_t *softc, ipf_nat_softc_t *softn, nat_t *nat)
}
ret = ipf_nat_hashtab_add(softc, softn, nat);
if (ret == -1)
if (ret != 0)
MUTEX_DESTROY(&nat->nat_lock);
return ret;
}
@ -4081,7 +4081,7 @@ ipf_nat_inlookup(fr_info_t *fin, u_int flags, u_int p, struct in_addr src,
continue;
} else if (p == IPPROTO_ICMP) {
if (nat->nat_osport != dport) {
if (nat->nat_oicmpid != dport) {
continue;
}
}
@ -4106,7 +4106,7 @@ ipf_nat_inlookup(fr_info_t *fin, u_int flags, u_int p, struct in_addr src,
continue;
} else if (p == IPPROTO_ICMP) {
if (nat->nat_osport != dport) {
if (nat->nat_nicmpid != dport) {
continue;
}
}
@ -4408,7 +4408,7 @@ ipf_nat_outlookup(fr_info_t *fin, u_int flags, u_int p, struct in_addr src,
continue;
} else if (p == IPPROTO_ICMP) {
if (nat->nat_osport != dport) {
if (nat->nat_nicmpid != dport) {
continue;
}
}
@ -4428,7 +4428,7 @@ ipf_nat_outlookup(fr_info_t *fin, u_int flags, u_int p, struct in_addr src,
continue;
} else if (p == IPPROTO_ICMP) {
if (nat->nat_osport != dport) {
if (nat->nat_oicmpid != dport) {
continue;
}
}
@ -4818,7 +4818,6 @@ ipf_nat_checkout(fr_info_t *fin, u_32_t *passp)
nflags = IPN_UDP;
break;
case IPPROTO_ICMP :
/*
* This is an incoming packet, so the destination is
* the icmp_id and the source port equals 0
@ -5185,9 +5184,18 @@ ipf_nat_out(fr_info_t *fin, nat_t *nat, int natadd, u_32_t nflags)
}
}
if ((nat->nat_nsport != 0) && (nflags & IPN_ICMPQUERY)) {
if ((nat->nat_oicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
icmp = fin->fin_dp;
icmp->icmp_id = nat->nat_nicmpid;
switch (nat->nat_dir)
{
case NAT_OUTBOUND :
icmp->icmp_id = nat->nat_nicmpid;
break;
case NAT_INBOUND :
icmp->icmp_id = nat->nat_oicmpid;
break;
}
}
csump = ipf_nat_proto(fin, nat, nflags);
@ -5653,10 +5661,18 @@ ipf_nat_in(fr_info_t *fin, nat_t *nat, int natadd, u_32_t nflags)
}
if ((nat->nat_odport != 0) && (nflags & IPN_ICMPQUERY)) {
if ((nat->nat_oicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
icmp = fin->fin_dp;
icmp->icmp_id = nat->nat_nicmpid;
switch (nat->nat_dir)
{
case NAT_INBOUND :
icmp->icmp_id = nat->nat_nicmpid;
break;
case NAT_OUTBOUND :
icmp->icmp_id = nat->nat_oicmpid;
break;
}
}
csump = ipf_nat_proto(fin, nat, nflags);