From 6d03c693179f548b641b41023985c3dac2c0ce80 Mon Sep 17 00:00:00 2001 From: bluhm Date: Thu, 15 Oct 2015 19:48:44 +0000 Subject: [PATCH] When using a pf rule with both nat-to and rdr-to, it could happen that the nated source port was reused as destination port. Do not initialize nport at the beginning of the function, but where it is needed. OK sashan@ --- sys/net/pf_lb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index 72d5c27950e..9f5b5b6a436 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.50 2015/10/13 19:32:31 sashan Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.51 2015/10/15 19:48:44 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -648,7 +648,7 @@ pf_get_transaddr(struct pf_rule *r, struct pf_pdesc *pd, struct pf_src_node **sns, struct pf_rule **nr) { struct pf_addr naddr; - u_int16_t nport = 0; + u_int16_t nport; #ifdef INET6 if (pd->af != pd->naf) @@ -658,6 +658,7 @@ pf_get_transaddr(struct pf_rule *r, struct pf_pdesc *pd, if (r->nat.addr.type != PF_ADDR_NONE) { /* XXX is this right? what if rtable is changed at the same * XXX time? where do I need to figure out the sport? */ + nport = 0; if (pf_get_sport(pd, r, &naddr, &nport, r->nat.proxy_port[0], r->nat.proxy_port[1], sns)) { DPFPRINTF(LOG_NOTICE, @@ -678,6 +679,7 @@ pf_get_transaddr(struct pf_rule *r, struct pf_pdesc *pd, PF_POOLMASK(&naddr, &naddr, &r->rdr.addr.v.a.mask, &pd->ndaddr, pd->af); + nport = 0; if (r->rdr.proxy_port[1]) { u_int32_t tmp_nport; @@ -708,7 +710,7 @@ pf_get_transaddr_af(struct pf_rule *r, struct pf_pdesc *pd, struct pf_src_node **sns) { struct pf_addr ndaddr, nsaddr, naddr; - u_int16_t nport = 0; + u_int16_t nport; int prefixlen = 96; if (pf_status.debug >= LOG_NOTICE) { @@ -725,6 +727,7 @@ pf_get_transaddr_af(struct pf_rule *r, struct pf_pdesc *pd, panic("pf_get_transaddr_af: no nat pool for source address"); /* get source address and port */ + nport = 0; if (pf_get_sport(pd, r, &nsaddr, &nport, r->nat.proxy_port[0], r->nat.proxy_port[1], sns)) { DPFPRINTF(LOG_NOTICE, -- 2.20.1