CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	kp <kp@FreeBSD.org>
	Wed, 26 Dec 2018 12:54:27 +0000 (12:54 +0000)
committer	kp <kp@FreeBSD.org>
	Wed, 26 Dec 2018 12:54:27 +0000 (12:54 +0000)
commit	955c6a36425f6f83bc210ca3178b73219555a550
tree	077dfcca920ace35bd103628746a2c91a9fdac77	tree \| snapshot
parent	9354cf24f8944c9cb835f30367da969f99ffa8e0	commit \| diff

MFC r341998:

pf: Fix endless loop on NAT exhaustion with sticky-address

When we try to find a source port in pf_get_sport() it's possible that
all available source ports will be in use. In that case we call
pf_map_addr() to try to find a new source IP to try from. If there are
no more available source IPs pf_map_addr() will return 1 and we stop
trying.

However, if sticky-address is set we'll always return the same IP
address, even if we've already tried that one.
We need to check the supplied address, because if that's the one we'd
set it means pf_get_sport() has already tried it, and we should error
out rather than keep trying.

PR: 233867

sys/netpfil/pf/pf.c		diff \| blob \| history
sys/netpfil/pf/pf_lb.c		diff \| blob \| history