Mercurial > illumos > illumos-gate
changeset 4712:dc399af8f2e6
6564748 Fragments can be mishandled by ipfilter when using a custom NAT proxy
| author | zf203873 |
|---|---|
| date | Tue, 24 Jul 2007 03:02:52 -0700 |
| parents | 92bc2003b9d8 |
| children | 58aeb84211ce |
| files | usr/src/uts/common/inet/ipf/ip_nat.c |
| diffstat | 1 files changed, 4 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/uts/common/inet/ipf/ip_nat.c Tue Jul 24 02:59:04 2007 -0700 +++ b/usr/src/uts/common/inet/ipf/ip_nat.c Tue Jul 24 03:02:52 2007 -0700 @@ -3730,7 +3730,7 @@ csump = NULL; np = nat->nat_ptr; - if ((natadd != 0) && (fin->fin_flx & FI_FRAG) && (np != NULL)) + if ((natadd != 0) && (fin->fin_flx & FI_FRAG)) (void) fr_nat_newfrag(fin, 0, nat); MUTEX_ENTER(&nat->nat_lock); @@ -4044,9 +4044,10 @@ np = nat->nat_ptr; fin->fin_fr = nat->nat_fr; + if ((natadd != 0) && (fin->fin_flx & FI_FRAG)) + (void) fr_nat_newfrag(fin, 0, nat); + if (np != NULL) { - if ((natadd != 0) && (fin->fin_flx & FI_FRAG)) - (void) fr_nat_newfrag(fin, 0, nat); /* ------------------------------------------------------------- */ /* A few quick notes: */