netbsd-bugs: Re: kern/36309

Subject: Re: kern/36309
To: None <ipf-bug-people@NetBSD.org, gnats-admin@netbsd.org,>
From: Darren Reed <darrenr@NetBSD.org>
List: netbsd-bugs
Date: 05/27/2007 22:45:02

The following reply was made to PR kern/36309; it has been noted by GNATS.

From: Darren Reed <darrenr@NetBSD.org>
To: Michael van Elst <mlelstv@serpens.de>
Cc: gnats-bugs@netbsd.org
Subject: Re: kern/36309
Date: Sun, 27 May 2007 22:44:54 +0000

 On Sun, May 27, 2007 at 11:43:03PM +0200, Michael van Elst wrote:
 > -	if (nat->nat_dir == NAT_OUTBOUND) {
 > +	if (oip->ip_dst.s_addr == nat->nat_oip.s_addr) {
 
 There are some other checks for NAT_OUTBOUND in that function:
 ...
                 if (nat->nat_dir == NAT_OUTBOUND) {
                         sum1 = ntohs(nat->nat_inport);
                         sum2 = ntohs(tcp->th_sport);
 ...
                 if (nat->nat_dir == NAT_OUTBOUND) {
                         if (orgicmp->icmp_id != nat->nat_inport) {       
 ...
 
 If you replace them all with the same check as above, does it still
 work properly for you?
 
 I'm a little bit surprised that you got away with just one...
 
 Darren