| commit | fd2d742ab8495e694e5c579c11ad6c112a0fb7a1 | [log] [tgz] |
|---|---|---|
| author | developer <developer@mediatek.com> | Wed Jun 09 17:09:39 2021 +0800 |
| committer | developer <developer@mediatek.com> | Mon Jun 14 16:51:48 2021 +0800 |
| tree | 5b4086708bf99490ca028c9da6f6a9da1fe4c4f7 | |
| parent | bb816413eafe58c89698d2e313b011a46e8e8c8f [diff] |
[][Add sanity check to bypass invalid packet] [Description] Add sanity check to avoid processing invalid packet for NF_HNAT. [Release-log] N/A Change-Id: I5330205d61f31b761f2c9c0f76258cabceaccd31 Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/4627575
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c index 1fb7ad2..73fe7af 100644 --- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c +++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
@@ -634,7 +634,8 @@ struct iphdr _iphdr; eth = eth_hdr(skb); - if (is_broadcast_ether_addr(eth->h_dest)) + if (!is_magic_tag_valid(skb) || !IS_SPACE_AVAILABLE_HEAD(skb) || + is_broadcast_ether_addr(eth->h_dest)) return 0; switch (ntohs(skb->protocol)) {