|
1
|
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
|
|
2
|
index 580f380..a4134ca 100644
|
|
3
|
--- a/sys/netpfil/pf/pf.c
|
|
4
|
+++ b/sys/netpfil/pf/pf.c
|
|
5
|
@@ -5632,6 +5632,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
|
|
6
|
if (oifp != ifp) {
|
|
7
|
if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address list?! */
|
|
8
|
return;
|
|
9
|
+
|
|
10
|
+ if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL &&
|
|
11
|
+ r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) {
|
|
12
|
+ pf_packet_undo_nat(m0, pd, ntohs(ip->ip_off), s, dir);
|
|
13
|
+ }
|
|
14
|
+
|
|
15
|
if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS)
|
|
16
|
goto bad;
|
|
17
|
else if (m0 == NULL)
|
|
18
|
@@ -5860,6 +5866,13 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
|
|
19
|
return;
|
|
20
|
|
|
21
|
if (oifp != ifp) {
|
|
22
|
+
|
|
23
|
+ if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL &&
|
|
24
|
+ r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) {
|
|
25
|
+ int ip_off = ((caddr_t)ip6 - m0->m_data) + sizeof(struct ip6_hdr);
|
|
26
|
+ pf_packet_undo_nat(m0, pd, ip_off, s, dir);
|
|
27
|
+ }
|
|
28
|
+
|
|
29
|
if (pf_test6(PF_OUT, ifp, &m0, NULL) != PF_PASS)
|
|
30
|
goto bad;
|
|
31
|
else if (m0 == NULL)
|