summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
5cee0bc)
An unknown proto packet can be processed as UDP with destination port
rewriting which breaks the original packet.
With this commit, stop processing unknown proto packets after
nat44_ed_out2in_unknown_proto() execution.
Type: fix
Change-Id: Iea93faf3c282f542d5ee7120c15e1027c1e4abc9
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
s0 =
nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0,
thread_index, now, vm, node);
s0 =
nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0,
thread_index, now, vm, node);
if (!sm->forwarding_enabled)
{
if (!s0)
next0 = NAT_NEXT_DROP;
if (!sm->forwarding_enabled)
{
if (!s0)
next0 = NAT_NEXT_DROP;
+ other_packets++;
+ goto trace0;
}
if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
}
if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))