|
Lines 4951-4957
Link Here
|
| 4951 |
case 0 : |
4951 |
case 0 : |
| 4952 |
continue; |
4952 |
continue; |
| 4953 |
case -1 : |
4953 |
case -1 : |
| 4954 |
rval = -1; |
4954 |
rval = -3; |
| 4955 |
goto outmatchfail; |
4955 |
goto outmatchfail; |
| 4956 |
case 1 : |
4956 |
case 1 : |
| 4957 |
default : |
4957 |
default : |
|
Lines 4996-5002
Link Here
|
| 4996 |
natfailed = 0; |
4996 |
natfailed = 0; |
| 4997 |
break; |
4997 |
break; |
| 4998 |
} |
4998 |
} |
| 4999 |
natfailed = -1; |
4999 |
natfailed = -2; |
| 5000 |
} |
5000 |
} |
| 5001 |
if ((np == NULL) && (nmsk < softn->ipf_nat_map_max)) { |
5001 |
if ((np == NULL) && (nmsk < softn->ipf_nat_map_max)) { |
| 5002 |
nmsk++; |
5002 |
nmsk++; |
|
Lines 5021-5029
Link Here
|
| 5021 |
|
5021 |
|
| 5022 |
switch (rval) |
5022 |
switch (rval) |
| 5023 |
{ |
5023 |
{ |
|
|
5024 |
case -3 : |
| 5025 |
/* ipf_nat_match() failure */ |
| 5026 |
/* FALLTHROUGH */ |
| 5027 |
case -2 : |
| 5028 |
/* retry_roundrobin loop failure */ |
| 5029 |
/* FALLTHROUGH */ |
| 5024 |
case -1 : |
5030 |
case -1 : |
|
|
5031 |
/* proxy failure detected by ipf_nat_out() */ |
| 5025 |
if (passp != NULL) { |
5032 |
if (passp != NULL) { |
| 5026 |
DT1(frb_natv4out, fr_info_t *, fin); |
5033 |
DT2(frb_natv4out, fr_info_t *, fin, int, rval); |
| 5027 |
NBUMPSIDED(1, ns_drop); |
5034 |
NBUMPSIDED(1, ns_drop); |
| 5028 |
*passp = FR_BLOCK; |
5035 |
*passp = FR_BLOCK; |
| 5029 |
fin->fin_reason = FRB_NATV4; |
5036 |
fin->fin_reason = FRB_NATV4; |
|
Lines 5030-5035
Link Here
|
| 5030 |
} |
5037 |
} |
| 5031 |
fin->fin_flx |= FI_BADNAT; |
5038 |
fin->fin_flx |= FI_BADNAT; |
| 5032 |
NBUMPSIDED(1, ns_badnat); |
5039 |
NBUMPSIDED(1, ns_badnat); |
|
|
5040 |
rval = -1; /* We only return -1 on error. */ |
| 5033 |
break; |
5041 |
break; |
| 5034 |
case 0 : |
5042 |
case 0 : |
| 5035 |
NBUMPSIDE(1, ns_ignored); |
5043 |
NBUMPSIDE(1, ns_ignored); |
|
Lines 5437-5443
Link Here
|
| 5437 |
case 0 : |
5445 |
case 0 : |
| 5438 |
continue; |
5446 |
continue; |
| 5439 |
case -1 : |
5447 |
case -1 : |
| 5440 |
rval = -1; |
5448 |
rval = -3; |
| 5441 |
goto inmatchfail; |
5449 |
goto inmatchfail; |
| 5442 |
case 1 : |
5450 |
case 1 : |
| 5443 |
default : |
5451 |
default : |
|
Lines 5484-5490
Link Here
|
| 5484 |
natfailed = 0; |
5492 |
natfailed = 0; |
| 5485 |
break; |
5493 |
break; |
| 5486 |
} |
5494 |
} |
| 5487 |
natfailed = -1; |
5495 |
natfailed = -2; |
| 5488 |
} |
5496 |
} |
| 5489 |
if ((np == NULL) && (rmsk < softn->ipf_nat_rdr_max)) { |
5497 |
if ((np == NULL) && (rmsk < softn->ipf_nat_rdr_max)) { |
| 5490 |
rmsk++; |
5498 |
rmsk++; |
|
Lines 5509-5517
Link Here
|
| 5509 |
|
5517 |
|
| 5510 |
switch (rval) |
5518 |
switch (rval) |
| 5511 |
{ |
5519 |
{ |
|
|
5520 |
case -3 : |
| 5521 |
/* ipf_nat_match() failure */ |
| 5522 |
/* FALLTHROUGH */ |
| 5523 |
case -2 : |
| 5524 |
/* retry_roundrobin loop failure */ |
| 5525 |
/* FALLTHROUGH */ |
| 5512 |
case -1 : |
5526 |
case -1 : |
|
|
5527 |
/* proxy failure detected by ipf_nat_out() */ |
| 5513 |
if (passp != NULL) { |
5528 |
if (passp != NULL) { |
| 5514 |
DT1(frb_natv4in, fr_info_t *, fin); |
5529 |
DT2(frb_natv4in, fr_info_t *, fin, int, rval); |
| 5515 |
NBUMPSIDED(0, ns_drop); |
5530 |
NBUMPSIDED(0, ns_drop); |
| 5516 |
*passp = FR_BLOCK; |
5531 |
*passp = FR_BLOCK; |
| 5517 |
fin->fin_reason = FRB_NATV4; |
5532 |
fin->fin_reason = FRB_NATV4; |
|
Lines 5518-5523
Link Here
|
| 5518 |
} |
5533 |
} |
| 5519 |
fin->fin_flx |= FI_BADNAT; |
5534 |
fin->fin_flx |= FI_BADNAT; |
| 5520 |
NBUMPSIDED(0, ns_badnat); |
5535 |
NBUMPSIDED(0, ns_badnat); |
|
|
5536 |
rval = -1; /* We only return -1 on error. */ |
| 5521 |
break; |
5537 |
break; |
| 5522 |
case 0 : |
5538 |
case 0 : |
| 5523 |
NBUMPSIDE(0, ns_ignored); |
5539 |
NBUMPSIDE(0, ns_ignored); |