6564748 Fragments can be mishandled by ipfilter when using a custom NAT proxy

author: zf203873 <none@none> 2007-07-24 03:02:52 -0700
committer: zf203873 <none@none> 2007-07-24 03:02:52 -0700
commit: 15013d88a4acb603af086d108cb23ba3631d2ece (patch)
tree: e51fd748b4edbcbd708cd2ef6e89814efc8b2904 /usr/src
parent: c56459ab07c57b5c66c374ed729056e50befe42f (diff)
download: illumos-joyent-15013d88a4acb603af086d108cb23ba3631d2ece.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/usr/src/uts/common/inet/ipf/ip_nat.c b/usr/src/uts/common/inet/ipf/ip_nat.c
index 2e0705c6c1..7251e89a92 100644
--- a/usr/src/uts/common/inet/ipf/ip_nat.c
+++ b/usr/src/uts/common/inet/ipf/ip_nat.c
@@ -3730,7 +3730,7 @@ u_32_t nflags;
 	csump = NULL;
 	np = nat->nat_ptr;
 
-	if ((natadd != 0) && (fin->fin_flx & FI_FRAG) && (np != NULL))
+	if ((natadd != 0) && (fin->fin_flx & FI_FRAG))
 		(void) fr_nat_newfrag(fin, 0, nat);
 
 	MUTEX_ENTER(&nat->nat_lock);
@@ -4044,9 +4044,10 @@ u_32_t nflags;
 	np = nat->nat_ptr;
 	fin->fin_fr = nat->nat_fr;
 
+	if ((natadd != 0) && (fin->fin_flx & FI_FRAG))
+		(void) fr_nat_newfrag(fin, 0, nat);
+
 	if (np != NULL) {
-		if ((natadd != 0) && (fin->fin_flx & FI_FRAG))
-			(void) fr_nat_newfrag(fin, 0, nat);
 
 	/* ------------------------------------------------------------- */
 	/* A few quick notes:						 */
author	zf203873 <none@none>	2007-07-24 03:02:52 -0700
committer	zf203873 <none@none>	2007-07-24 03:02:52 -0700
commit	15013d88a4acb603af086d108cb23ba3631d2ece (patch)
tree	e51fd748b4edbcbd708cd2ef6e89814efc8b2904 /usr/src
parent	c56459ab07c57b5c66c374ed729056e50befe42f (diff)
download	illumos-joyent-15013d88a4acb603af086d108cb23ba3631d2ece.tar.gz