X-Git-Url: http://git.onelab.eu/?p=ipfw.git;a=blobdiff_plain;f=dummynet2%2Fip_fw_pfil.c;fp=dummynet2%2Fip_fw_pfil.c;h=a125ef2cf293e322abe84deab4dde3378ea6291e;hp=52d85a51c6cef268e38481811b2eeadeb6542a37;hb=28a7fe9d930667786b902af6697c01eb87694173;hpb=2a8b6c544cf5ea3c84f763144c7ecfa79daea969

diff --git a/dummynet2/ip_fw_pfil.c b/dummynet2/ip_fw_pfil.c
index 52d85a5..a125ef2 100644
--- a/dummynet2/ip_fw_pfil.c
+++ b/dummynet2/ip_fw_pfil.c
@@ -99,7 +99,7 @@ SYSEND
  * The pfilter hook to pass packets to ipfw_chk and then to
  * dummynet, divert, netgraph or other modules.
  * The packet may be consumed.
- */            
+ */
 int
 ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
     struct inpcb *inp)
@@ -229,8 +229,13 @@ again:
 		if (ipfw == IP_FW_NGTEE) /* ignore errors for NGTEE */
 			goto again;	/* continue with packet */
 		break;
-		
+
 	case IP_FW_NAT:
+		/* honor one-pass in case of successful nat */
+		if (V_fw_one_pass)
+			break; /* ret is already 0 */
+		goto again;
+
 	case IP_FW_REASS:
 		goto again;		/* continue with packet */
 	
@@ -264,7 +269,7 @@ ipfw_divert(struct mbuf **m0, int incoming, struct ipfw_rule_ref *rule,
 
 	/* Cloning needed for tee? */
 	if (tee == 0) {
-		clone = *m0;    /* use the original mbuf */
+		clone = *m0;	/* use the original mbuf */
 		*m0 = NULL;
 	} else {
 		clone = m_dup(*m0, M_DONTWAIT);