|
1
|
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
|
|
2
|
index 2882e95..3ba3048 100644
|
|
3
|
--- a/sys/netpfil/pf/pf.c
|
|
4
|
+++ b/sys/netpfil/pf/pf.c
|
|
5
|
@@ -5723,6 +5723,9 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
|
|
6
|
error = EMSGSIZE;
|
|
7
|
KMOD_IPSTAT_INC(ips_cantfrag);
|
|
8
|
if (r->rt != PF_DUPTO) {
|
|
9
|
+ if (s && pd->nat_rule != NULL)
|
|
10
|
+ pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir);
|
|
11
|
+
|
|
12
|
icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0,
|
|
13
|
ifp->if_mtu);
|
|
14
|
goto done;
|
|
15
|
@@ -5931,9 +5934,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
|
|
16
|
nd6_output(ifp, ifp, m0, &dst, NULL);
|
|
17
|
else {
|
|
18
|
in6_ifstat_inc(ifp, ifs6_in_toobig);
|
|
19
|
- if (r->rt != PF_DUPTO)
|
|
20
|
+ if (r->rt != PF_DUPTO) {
|
|
21
|
+ if (s && pd->nat_rule != NULL)
|
|
22
|
+ pf_packet_undo_nat(m0, pd, ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr), s, dir);
|
|
23
|
+
|
|
24
|
icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu);
|
|
25
|
- else
|
|
26
|
+ } else
|
|
27
|
goto bad;
|
|
28
|
}
|
|
29
|
|