Attachment #196269 for bug #208566




		if ((np->in_nsrcmsk == 0xffffffff) && (np->in_spnext == 0)) {
			if (l > 0) {
				NBUMPSIDEX(1, ns_exhausted, ns_exhausted_1);
				DT4(ns_exhausted_1, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
				return -1;
			}
		}

			if ((l >= np->in_ppip) || ((l > 0) &&
			     !(flags & IPN_TCPUDP))) {
				NBUMPSIDEX(1, ns_exhausted, ns_exhausted_2);
				DT4(ns_exhausted_2, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
				return -1;
			}
			/*

			    ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp,
				       &in6, NULL) == -1) {
				NBUMPSIDEX(1, ns_new_ifpaddr, ns_new_ifpaddr_1);
				DT4(ns_new_ifpaddr_1, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
				return -1;
			}
			in.s_addr = ntohl(in6.in4.s_addr);

			 */
			if (l > 0) {
				NBUMPSIDEX(1, ns_exhausted, ns_exhausted_3);
				DT4(ns_exhausted_3, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
				return -1;
			}
			in.s_addr = ntohl(fin->fin_saddr);

		    (np->in_spnext != 0) && (st_port == np->in_spnext) &&
		    (np->in_snip != 0) && (st_ip == np->in_snip)) {
			NBUMPSIDED(1, ns_wrap);
			DT4(ns_wrap, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np);
			return -1;
		}
		l++;

		if (ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp,
			       &in6, NULL) == -1) {
			NBUMPSIDEX(0, ns_new_ifpaddr, ns_new_ifpaddr_2);
			DT3(ns_new_ifpaddr_2, fr_info_t *, fin, nat_t *, nat, natinfo_t, ni);
			return -1;
		}
		in.s_addr = ntohl(in6.in4.s_addr);


	if (nsp->ns_active >= softn->ipf_nat_table_max) {
		NBUMPSIDED(fin->fin_out, ns_table_max);
		DT2(ns_table_max, nat_stat_t *, nsp, ipf_nat_softc_t *, softn);
		return NULL;
	}


	/* Give me a new nat */
	KMALLOC(nat, nat_t *);
	if (nat == NULL) {
		DT(ns_memfail);
		NBUMPSIDED(fin->fin_out, ns_memfail);
		/*
		 * Try to automatically tune the max # of entries in the

	if ((np->in_apr != NULL) && ((nat->nat_flags & NAT_SLAVE) == 0)) {
		if (ipf_proxy_new(fin, nat) == -1) {
			NBUMPSIDED(fin->fin_out, ns_appr_fail);
			DT3(ns_appr_fail, fr_info_t *, fin, nat_t *, nat, ipnat_t *, np);
			goto badnat;
		}
	}


	goto done;
badnat:
	DT3(ns_badnatnew, fr_info_t *, fin, nat_t *, nat, ipnat_t *, np);
	NBUMPSIDE(fin->fin_out, ns_badnatnew);
	if ((hm = nat->nat_hm) != NULL)
		ipf_nat_hostmapdel(softc, &hm);

	}

	NBUMPSIDED(fin->fin_out, ns_unfinalised);
	DT2(ns_unfinalised, fr_info_t *, fin, nat_t *, nat);
	/*
	 * nat_insert failed, so cleanup time...
	 */

	do {
		changed = -1;
		/* TRACE (l, src_search, dst_search, np) */
		DT4(ipf_nat_rewrite_1, int, l, int, src_search, int, dst_search, ipnat_t *, np);

		if ((src_search == 0) && (np->in_spnext == 0) &&
		    (dst_search == 0) && (np->in_dpnext == 0)) {

		 * Find a new destination address
		 */
		/* TRACE (fin, np, l, frnat) */
		DT4(ipf_nat_rewrite_2, frinfo_t *, fin, ipnat_t *, np, int, l, frinfo_t *, &frnat);

		if (ipf_nat_nextaddr(fin, &np->in_ndst, &frnat.fin_daddr,
				     &frnat.fin_daddr) == -1)

		}

		/* TRACE (frnat) */
		DT1(ipf_nat_rewrite_3, frinfo_t *, &frnat);

		/*
		 * Here we do a lookup of the connection as seen from

		}

		/* TRACE natl, in_stepnext, l */
		DT3(ipf_nat_rewrite_2, nat_t *, natl, ipnat_t *, np , int, l);

		if ((natl != NULL) && (l > 8))	/* XXX 8 is arbitrary */
			return -1;


	if (natl != NULL) {
		NBUMPSIDED(fin->fin_out, ns_divert_exist);
		DT3(ns_divert_exist, fr_info_t *, fin, nat_t *, nat, natinfo_t, nai);
		return -1;
	}


	case FRI_PEERADDR :
	case FRI_NETWORK :
	default :
		DT4(ns_na_atype, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new);
		return -1;
	}


							NULL);
		} else {
			NBUMPSIDE(fin->fin_out, ns_badnextaddr);
			DT4(ns_badnextaddr_1, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new);
		}

	} else if (na->na_atype == IPLT_NONE) {

			if (ipf_ifpaddr(softc, 4, na->na_atype,
					fin->fin_ifp, &newip, NULL) == -1) {
				NBUMPSIDED(fin->fin_out, ns_ifpaddrfail);
				DT4(ns_ifpaddrfail, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new);
				return -1;
			}
			new = newip.in4.s_addr;


	} else {
		NBUMPSIDE(fin->fin_out, ns_badnextaddr);
		DT4(ns_badnextaddr_2, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new);
	}

	return error;

Return to bug 208566

Lines 2676-2681 Link Here

(-)sys/contrib/ipfilter/netinet/ip_nat.c (-1 / +20 lines)
2676	if ((np->in_nsrcmsk == 0xffffffff) && (np->in_spnext == 0)) {	2676	if ((np->in_nsrcmsk == 0xffffffff) && (np->in_spnext == 0)) {
2677	if (l > 0) {	2677	if (l > 0) {
2678	NBUMPSIDEX(1, ns_exhausted, ns_exhausted_1);	2678	NBUMPSIDEX(1, ns_exhausted, ns_exhausted_1);
		2679	DT4(ns_exhausted_1, fr_info_t , fin, nat_t , nat, natinfo_t , ni, ipnat_t , np);
2679	return -1;	2680	return -1;
2680	}	2681	}
2681	}	2682	}
Lines 2693-2698 Link Here
2693	if ((l >= np->in_ppip) \|\| ((l > 0) &&	2694	if ((l >= np->in_ppip) \|\| ((l > 0) &&
2694	!(flags & IPN_TCPUDP))) {	2695	!(flags & IPN_TCPUDP))) {
2695	NBUMPSIDEX(1, ns_exhausted, ns_exhausted_2);	2696	NBUMPSIDEX(1, ns_exhausted, ns_exhausted_2);
		2697	DT4(ns_exhausted_2, fr_info_t , fin, nat_t , nat, natinfo_t , ni, ipnat_t , np);
2696	return -1;	2698	return -1;
2697	}	2699	}
2698	/*	2700	/*
Lines 2728-2733 Link Here
2728	ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp,	2730	ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp,
2729	&in6, NULL) == -1) {	2731	&in6, NULL) == -1) {
2730	NBUMPSIDEX(1, ns_new_ifpaddr, ns_new_ifpaddr_1);	2732	NBUMPSIDEX(1, ns_new_ifpaddr, ns_new_ifpaddr_1);
		2733	DT4(ns_new_ifpaddr_1, fr_info_t , fin, nat_t , nat, natinfo_t , ni, ipnat_t , np);
2731	return -1;	2734	return -1;
2732	}	2735	}
2733	in.s_addr = ntohl(in6.in4.s_addr);	2736	in.s_addr = ntohl(in6.in4.s_addr);
Lines 2738-2743 Link Here
2738	*/	2741	*/
2739	if (l > 0) {	2742	if (l > 0) {
2740	NBUMPSIDEX(1, ns_exhausted, ns_exhausted_3);	2743	NBUMPSIDEX(1, ns_exhausted, ns_exhausted_3);
		2744	DT4(ns_exhausted_3, fr_info_t , fin, nat_t , nat, natinfo_t , ni, ipnat_t , np);
2741	return -1;	2745	return -1;
2742	}	2746	}
2743	in.s_addr = ntohl(fin->fin_saddr);	2747	in.s_addr = ntohl(fin->fin_saddr);
Lines 2833-2838 Link Here
2833	(np->in_spnext != 0) && (st_port == np->in_spnext) &&	2837	(np->in_spnext != 0) && (st_port == np->in_spnext) &&
2834	(np->in_snip != 0) && (st_ip == np->in_snip)) {	2838	(np->in_snip != 0) && (st_ip == np->in_snip)) {
2835	NBUMPSIDED(1, ns_wrap);	2839	NBUMPSIDED(1, ns_wrap);
		2840	DT4(ns_wrap, fr_info_t , fin, nat_t , nat, natinfo_t , ni, ipnat_t , np);
2836	return -1;	2841	return -1;
2837	}	2842	}
2838	l++;	2843	l++;
Lines 2968-2973 Link Here
2968	if (ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp,	2973	if (ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp,
2969	&in6, NULL) == -1) {	2974	&in6, NULL) == -1) {
2970	NBUMPSIDEX(0, ns_new_ifpaddr, ns_new_ifpaddr_2);	2975	NBUMPSIDEX(0, ns_new_ifpaddr, ns_new_ifpaddr_2);
		2976	DT3(ns_new_ifpaddr_2, fr_info_t , fin, nat_t , nat, natinfo_t, ni);
2971	return -1;	2977	return -1;
2972	}	2978	}
2973	in.s_addr = ntohl(in6.in4.s_addr);	2979	in.s_addr = ntohl(in6.in4.s_addr);
Lines 3114-3119 Link Here
3114		3120
3115	if (nsp->ns_active >= softn->ipf_nat_table_max) {	3121	if (nsp->ns_active >= softn->ipf_nat_table_max) {
3116	NBUMPSIDED(fin->fin_out, ns_table_max);	3122	NBUMPSIDED(fin->fin_out, ns_table_max);
		3123	DT2(ns_table_max, nat_stat_t , nsp, ipf_nat_softc_t , softn);
3117	return NULL;	3124	return NULL;
3118	}	3125	}
3119		3126
Lines 3128-3133 Link Here
3128	/* Give me a new nat */	3135	/* Give me a new nat */
3129	KMALLOC(nat, nat_t *);	3136	KMALLOC(nat, nat_t *);
3130	if (nat == NULL) {	3137	if (nat == NULL) {
		3138	DT(ns_memfail);
3131	NBUMPSIDED(fin->fin_out, ns_memfail);	3139	NBUMPSIDED(fin->fin_out, ns_memfail);
3132	/*	3140	/*
3133	* Try to automatically tune the max # of entries in the	3141	* Try to automatically tune the max # of entries in the
Lines 3223-3228 Link Here
3223	if ((np->in_apr != NULL) && ((nat->nat_flags & NAT_SLAVE) == 0)) {	3231	if ((np->in_apr != NULL) && ((nat->nat_flags & NAT_SLAVE) == 0)) {
3224	if (ipf_proxy_new(fin, nat) == -1) {	3232	if (ipf_proxy_new(fin, nat) == -1) {
3225	NBUMPSIDED(fin->fin_out, ns_appr_fail);	3233	NBUMPSIDED(fin->fin_out, ns_appr_fail);
		3234	DT3(ns_appr_fail, fr_info_t , fin, nat_t , nat, ipnat_t *, np);
3226	goto badnat;	3235	goto badnat;
3227	}	3236	}
3228	}	3237	}
Lines 3259-3265 Link Here
3259		3268
3260	goto done;	3269	goto done;
3261	badnat:	3270	badnat:
3262	DT2(ns_badnatnew, fr_info_t , fin, nat_t , nat);	3271	DT3(ns_badnatnew, fr_info_t , fin, nat_t , nat, ipnat_t *, np);
3263	NBUMPSIDE(fin->fin_out, ns_badnatnew);	3272	NBUMPSIDE(fin->fin_out, ns_badnatnew);
3264	if ((hm = nat->nat_hm) != NULL)	3273	if ((hm = nat->nat_hm) != NULL)
3265	ipf_nat_hostmapdel(softc, &hm);	3274	ipf_nat_hostmapdel(softc, &hm);
Lines 3380-3385 Link Here
3380	}	3389	}
3381		3390
3382	NBUMPSIDED(fin->fin_out, ns_unfinalised);	3391	NBUMPSIDED(fin->fin_out, ns_unfinalised);
		3392	DT2(ns_unfinalised, fr_info_t , fin, nat_t , nat);
3383	/*	3393	/*
3384	* nat_insert failed, so cleanup time...	3394	* nat_insert failed, so cleanup time...
3385	*/	3395	*/
Lines 7065-7070 Link Here
7065	do {	7075	do {
7066	changed = -1;	7076	changed = -1;
7067	/* TRACE (l, src_search, dst_search, np) */	7077	/* TRACE (l, src_search, dst_search, np) */
		7078	DT4(ipf_nat_rewrite_1, int, l, int, src_search, int, dst_search, ipnat_t *, np);
7068		7079
7069	if ((src_search == 0) && (np->in_spnext == 0) &&	7080	if ((src_search == 0) && (np->in_spnext == 0) &&
7070	(dst_search == 0) && (np->in_dpnext == 0)) {	7081	(dst_search == 0) && (np->in_dpnext == 0)) {
Lines 7129-7134 Link Here
7129	* Find a new destination address	7140	* Find a new destination address
7130	*/	7141	*/
7131	/* TRACE (fin, np, l, frnat) */	7142	/* TRACE (fin, np, l, frnat) */
		7143	DT4(ipf_nat_rewrite_2, frinfo_t , fin, ipnat_t , np, int, l, frinfo_t *, &frnat);
7132		7144
7133	if (ipf_nat_nextaddr(fin, &np->in_ndst, &frnat.fin_daddr,	7145	if (ipf_nat_nextaddr(fin, &np->in_ndst, &frnat.fin_daddr,
7134	&frnat.fin_daddr) == -1)	7146	&frnat.fin_daddr) == -1)
Lines 7179-7184 Link Here
7179	}	7191	}
7180		7192
7181	/* TRACE (frnat) */	7193	/* TRACE (frnat) */
		7194	DT1(ipf_nat_rewrite_3, frinfo_t *, &frnat);
7182		7195
7183	/*	7196	/*
7184	* Here we do a lookup of the connection as seen from	7197	* Here we do a lookup of the connection as seen from
Lines 7218-7223 Link Here
7218	}	7231	}
7219		7232
7220	/* TRACE natl, in_stepnext, l */	7233	/* TRACE natl, in_stepnext, l */
		7234	DT3(ipf_nat_rewrite_2, nat_t , natl, ipnat_t , np , int, l);
7221		7235
7222	if ((natl != NULL) && (l > 8)) /* XXX 8 is arbitrary */	7236	if ((natl != NULL) && (l > 8)) /* XXX 8 is arbitrary */
7223	return -1;	7237	return -1;
Lines 7310-7315 Link Here
7310		7324
7311	if (natl != NULL) {	7325	if (natl != NULL) {
7312	NBUMPSIDED(fin->fin_out, ns_divert_exist);	7326	NBUMPSIDED(fin->fin_out, ns_divert_exist);
		7327	DT3(ns_divert_exist, fr_info_t , fin, nat_t , nat, natinfo_t, nai);
7313	return -1;	7328	return -1;
7314	}	7329	}
7315		7330
Lines 7562-7567 Link Here
7562	case FRI_PEERADDR :	7577	case FRI_PEERADDR :
7563	case FRI_NETWORK :	7578	case FRI_NETWORK :
7564	default :	7579	default :
		7580	DT4(ns_na_atype, fr_info_t , fin, nat_addr_t , na, u_32_t , old, u_32_t , new);
7565	return -1;	7581	return -1;
7566	}	7582	}
7567		7583
Lines 7573-7578 Link Here
7573	NULL);	7589	NULL);
7574	} else {	7590	} else {
7575	NBUMPSIDE(fin->fin_out, ns_badnextaddr);	7591	NBUMPSIDE(fin->fin_out, ns_badnextaddr);
		7592	DT4(ns_badnextaddr_1, fr_info_t , fin, nat_addr_t , na, u_32_t , old, u_32_t , new);
7576	}	7593	}
7577		7594
7578	} else if (na->na_atype == IPLT_NONE) {	7595	} else if (na->na_atype == IPLT_NONE) {
Lines 7591-7596 Link Here
7591	if (ipf_ifpaddr(softc, 4, na->na_atype,	7608	if (ipf_ifpaddr(softc, 4, na->na_atype,
7592	fin->fin_ifp, &newip, NULL) == -1) {	7609	fin->fin_ifp, &newip, NULL) == -1) {
7593	NBUMPSIDED(fin->fin_out, ns_ifpaddrfail);	7610	NBUMPSIDED(fin->fin_out, ns_ifpaddrfail);
		7611	DT4(ns_ifpaddrfail, fr_info_t , fin, nat_addr_t , na, u_32_t , old, u_32_t , new);
7594	return -1;	7612	return -1;
7595	}	7613	}
7596	new = newip.in4.s_addr;	7614	new = newip.in4.s_addr;
Lines 7602-7607 Link Here
7602		7620
7603	} else {	7621	} else {
7604	NBUMPSIDE(fin->fin_out, ns_badnextaddr);	7622	NBUMPSIDE(fin->fin_out, ns_badnextaddr);
		7623	DT4(ns_badnextaddr_2, fr_info_t , fin, nat_addr_t , na, u_32_t , old, u_32_t , new);
7605	}	7624	}
7606		7625
7607	return error;	7626	return error;