integrated

[ipfw.git] / dummynet2 / ip_fw_pfil.c

diff --git a/dummynet2/ip_fw_pfil.c b/dummynet2/ip_fw_pfil.c
index 52d85a5..a125ef2 100644 (file)
--- a/dummynet2/ip_fw_pfil.c
+++ b/dummynet2/ip_fw_pfil.c
@@ -99,7 +99,7 @@ SYSEND
  * The pfilter hook to pass packets to ipfw_chk and then to
  * dummynet, divert, netgraph or other modules.
  * The packet may be consumed.
- */            
+ */
 int
 ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
     struct inpcb *inp)
@@ -229,8 +229,13 @@ again:
                if (ipfw == IP_FW_NGTEE) /* ignore errors for NGTEE */
                        goto again;     /* continue with packet */
                break;
-               
+
        case IP_FW_NAT:
+               /* honor one-pass in case of successful nat */
+               if (V_fw_one_pass)
+                       break; /* ret is already 0 */
+               goto again;
+
        case IP_FW_REASS:
                goto again;             /* continue with packet */
        
@@ -264,7 +269,7 @@ ipfw_divert(struct mbuf **m0, int incoming, struct ipfw_rule_ref *rule,
 
        /* Cloning needed for tee? */
        if (tee == 0) {
-               clone = *m0;    /* use the original mbuf */
+               clone = *m0;    /* use the original mbuf */
                *m0 = NULL;
        } else {
                clone = m_dup(*m0, M_DONTWAIT);