Diffusion FreeBSD src repository b93394a38bc4

pf: fix 'natpass'
b93394a38bc4
Actions

Description

pf: fix 'natpass'

If an rdr (or nat) rule specifies 'pass' we don't run the filter rules, we just
pass the traffic. Or at least, we did until that got unintentionally broken.
Restore that behaviour and add a test case.

While here also fix nat:dummynet_mask, which relied on the broken behaviour.

MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52838

Details

Provenance

kp	Authored on Tue, Sep 30, 5:40 PM

Differential Revision

D52838: pf: fix 'natpass'

Parents

rGad38f6a0b466: tcp: close two minor races with debug messages

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rGb93394a38bc4: pf: fix 'natpass' (authored by kp).Thu, Oct 2, 8:46 PM

kp added an edge: D52838: pf: fix 'natpass'.

kp mentioned this in rGff566e6b9b8f: pf: fix 'natpass'.Sun, Oct 5, 8:52 PM

Changes (3)

Path

Size

sys/

netpfil/

pf/

pf.c

tests/

sys/

netpfil/

pf/

nat.sh

rdr.sh

rGb93394a38bc4

View Options

sys/netpfil/pf/pf.c

View Options

tests/sys/netpfil/pf/nat.sh

View Options

tests/sys/netpfil/pf/rdr.sh

pf: fix 'natpass'b93394a38bc4Actions

Description

Details

Event Timeline

Changes (3)

rGb93394a38bc4

sys/netpfil/pf/pf.c

tests/sys/netpfil/pf/nat.sh

tests/sys/netpfil/pf/rdr.sh

pf: fix 'natpass'
b93394a38bc4
Actions