diff options
author | Alexander Chernavin <achernavin@netgate.com> | 2021-05-27 10:05:17 -0400 |
---|---|---|
committer | Ole Tr�an <otroan@employees.org> | 2021-06-16 07:58:17 +0000 |
commit | b862f1dd52b0f5318d67b4463be90562e57f8278 (patch) | |
tree | 9443bc60f9bcc48de62a778843ea54662c94e0eb /src | |
parent | 26c6fffa7ac30bda79432a6d46d6dd5d286b7cb6 (diff) |
nat: fix crash when translate unknown proto packets
Type: fix
Currently, there might be a crash in NAT ED mode:
* if a session for an unknown proto packet cannot be created in2out,
* if a session for an unknown proto packet cannot be found out2in.
With this change, translate packets only if a session is given in NAT
ED mode.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iafb332db1ae9a3e76435964ad636037d1b8a51e8
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 7 | ||||
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed_out2in.c | 2 |
2 files changed, 5 insertions, 4 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c index 85cda76db39..f3f3ffa13b0 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c +++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c @@ -1329,9 +1329,10 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm, if (!s0) next[0] = NAT_NEXT_DROP; - if (NAT_ED_TRNSL_ERR_SUCCESS != - (translation_error = nat_6t_flow_buf_translate ( - sm, b0, ip0, &s0->i2o, proto0, is_output_feature))) + if (NAT_NEXT_DROP != next[0] && s0 && + NAT_ED_TRNSL_ERR_SUCCESS != + (translation_error = nat_6t_flow_buf_translate ( + sm, b0, ip0, &s0->i2o, proto0, is_output_feature))) { goto trace0; } diff --git a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c index 039d46406d1..f14311a99e1 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c +++ b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c @@ -1180,7 +1180,7 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, if (!s0) next[0] = NAT_NEXT_DROP; } - if (NAT_NEXT_DROP != next[0] && + if (NAT_NEXT_DROP != next[0] && s0 && NAT_ED_TRNSL_ERR_SUCCESS != (translation_error = nat_6t_flow_buf_translate ( sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */))) |