From 5fa08c60db48427a61f430fa7b9acc0442e2ed27 Mon Sep 17 00:00:00 2001 From: coolsnowwolf Date: Sun, 7 Apr 2019 10:53:30 +0800 Subject: [PATCH] netfilter: nf_nat_snmp_basic: use nf_ct_helper_log --- include/target.mk | 2 +- .../hack-4.14/953-use-nf_ct_helper_log.patch | 33 +++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 target/linux/generic/hack-4.14/953-use-nf_ct_helper_log.patch diff --git a/include/target.mk b/include/target.mk index 736fb9f7b..0357577ba 100644 --- a/include/target.mk +++ b/include/target.mk @@ -18,7 +18,7 @@ kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw \ default-settings luci luci-app-ddns luci-app-sqm luci-app-upnp luci-app-adbyby-plus luci-app-autoreboot \ luci-app-filetransfer luci-app-ssr-plus luci-app-vsftpd ddns-scripts_aliyun \ luci-app-pptp-server luci-app-arpbind luci-app-vlmcsd luci-app-wifischedule luci-app-wol luci-app-ramfree \ -luci-app-sfe luci-app-flowoffload luci-app-nlbwmon luci-app-usb-printer luci-app-accesscontrol +luci-app-sfe luci-app-flowoffload luci-app-nlbwmon luci-app-usb-printer luci-app-accesscontrol luci-app-ipsec-vpnd luci-app-xlnetacc # For nas targets DEFAULT_PACKAGES.nas:=fdisk lsblk mdadm automount autosamba luci-app-usb-printer # For router targets diff --git a/target/linux/generic/hack-4.14/953-use-nf_ct_helper_log.patch b/target/linux/generic/hack-4.14/953-use-nf_ct_helper_log.patch new file mode 100644 index 000000000..4e951b59b --- /dev/null +++ b/target/linux/generic/hack-4.14/953-use-nf_ct_helper_log.patch @@ -0,0 +1,33 @@ +diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c +index c8ac57f..7f7d847 100644 +--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c ++++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c +@@ -1196,7 +1196,7 @@ static int snmp_translate(struct nf_conn + + if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr), + paylen, &map, &udph->check)) { +- net_warn_ratelimited("bsalg: parser failed\n"); ++ nf_ct_helper_log(skb, ct, "parser failed\n"); + return NF_DROP; + } + return NF_ACCEPT; +@@ -1230,13 +1230,14 @@ static int help(struct sk_buff *skb, uns + * can mess around with the payload. + */ + if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) { +- net_warn_ratelimited("SNMP: dropping malformed packet src=%pI4 dst=%pI4\n", +- &iph->saddr, &iph->daddr); +- return NF_DROP; ++ nf_ct_helper_log(skb, ct, "dropping malformed packet\n"); ++ return NF_DROP;; + } + +- if (!skb_make_writable(skb, skb->len)) +- return NF_DROP; ++ if (!skb_make_writable(skb, skb->len)) { ++ nf_ct_helper_log(skb, ct, "cannot mangle packet"); ++ return NF_DROP; ++ } + + spin_lock_bh(&snmp_lock); + ret = snmp_translate(ct, ctinfo, skb);