diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/313-netfilter-remove-defensive-check-on-malformed-packet.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/313-netfilter-remove-defensive-check-on-malformed-packet.patch | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/target/linux/generic/backport-4.14/313-netfilter-remove-defensive-check-on-malformed-packet.patch b/target/linux/generic/backport-4.14/313-netfilter-remove-defensive-check-on-malformed-packet.patch index 30b0bc70dd..5e56d0dc49 100644 --- a/target/linux/generic/backport-4.14/313-netfilter-remove-defensive-check-on-malformed-packet.patch +++ b/target/linux/generic/backport-4.14/313-netfilter-remove-defensive-check-on-malformed-packet.patch @@ -87,9 +87,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> - ip_hdrlen(skb) < sizeof(struct iphdr)) - return NF_ACCEPT; - - if (ip_is_fragment(ip_hdr(skb))) /* IP_NODEFRAG setsockopt set */ - return NF_ACCEPT; - + if (ip_is_fragment(ip_hdr(skb))) { /* IP_NODEFRAG setsockopt set */ + enum ip_conntrack_info ctinfo; + struct nf_conn *tmpl; --- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c @@ -355,11 +355,6 @@ nf_nat_ipv4_out(void *priv, struct sk_bu |