summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Chernavin <achernavin@netgate.com>2021-05-27 10:05:17 -0400
committerOle Tr�an <otroan@employees.org>2021-06-16 07:58:17 +0000
commitb862f1dd52b0f5318d67b4463be90562e57f8278 (patch)
tree9443bc60f9bcc48de62a778843ea54662c94e0eb
parent26c6fffa7ac30bda79432a6d46d6dd5d286b7cb6 (diff)
nat: fix crash when translate unknown proto packets
Type: fix Currently, there might be a crash in NAT ED mode: * if a session for an unknown proto packet cannot be created in2out, * if a session for an unknown proto packet cannot be found out2in. With this change, translate packets only if a session is given in NAT ED mode. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Iafb332db1ae9a3e76435964ad636037d1b8a51e8
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_in2out.c7
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_out2in.c2
2 files changed, 5 insertions, 4 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
index 85cda76db39..f3f3ffa13b0 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
@@ -1329,9 +1329,10 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
if (!s0)
next[0] = NAT_NEXT_DROP;
- if (NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ if (NAT_NEXT_DROP != next[0] && s0 &&
+ NAT_ED_TRNSL_ERR_SUCCESS !=
+ (translation_error = nat_6t_flow_buf_translate (
+ sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
goto trace0;
}
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
index 039d46406d1..f14311a99e1 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
@@ -1180,7 +1180,7 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
if (!s0)
next[0] = NAT_NEXT_DROP;
}
- if (NAT_NEXT_DROP != next[0] &&
+ if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate (
sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))