Re: kern/50198: SIOCGNATL broken in IPFilter 5

To: ipf-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,prlw1%cam.ac.uk@localhost
Subject: Re: kern/50198: SIOCGNATL broken in IPFilter 5
From: Egerváry Gergely <gergely%egervary.hu@localhost>
Date: Fri, 30 Sep 2016 17:25:00 +0000 (UTC)

The following reply was made to PR kern/50198; it has been noted by GNATS.

From: =?UTF-8?Q?Egerv=c3=a1ry_Gergely?= <gergely%egervary.hu@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/50198: SIOCGNATL broken in IPFilter 5
Date: Fri, 30 Sep 2016 18:04:23 +0200

 > ipnat SIOCGNATL from IPFilter v5 doesn't look up redirected
 > destination IP addresses correctly, which breaks transparent proxies
 > such as squid.
 >
 > IPFilter 4 in NetBSD 5 returns:
 >            real: 192.168.204.87:80
 > IPFilter 5 in NetBSD 7 returns:
 >            real: 127.0.0.1:1234
 >
 > I think ipf_nat_lookupredir() is simply returning the wrong variables.
 
 I can confirm this, the patch below fixes it:
 
 --- ip_nat.c.orig       2016-04-30 05:33:02.000000000 +0200
 +++ ip_nat.c    2016-09-30 17:16:03.000000000 +0200
 @@ -4620,8 +4620,10 @@
                                 }
                         }
 
 -                       np->nl_realip = nat->nat_ndstip;
 -                       np->nl_realport = nat->nat_ndport;
 +                       np->nl_realip = nat->nat_odstip;
 +                       np->nl_realport = nat->nat_odport;
                 }
         }
 
 Please commit a fix.
 (hi Darren, are You here?)
 
 Thank You,
 Gergely EGERVARY

Prev by Date: Re: kern/50676: icmp traceroute does not work on NetBSD 7 / IPFilter 5.1
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: kern/50198: SIOCGNATL broken in IPFilter 5
Next by Thread: Re: kern/50198: SIOCGNATL broken in IPFilter 5
Indexes:

Home | Main Index | Thread Index | Old Index