forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-01-03 2f7c68cb55ecb7331f2381deb497c27155f32faf 
 kernel/net/bridge/br_netfilter_hooks.c
....@@ -868,11 +868,17 @@
868868 {
869869 	struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
870870 
871
-	if (nf_bridge && !nf_bridge->in_prerouting &&
872
-	    !netif_is_l3_master(skb->dev) &&
873
-	    !netif_is_l3_slave(skb->dev)) {
874
-		state->okfn(state->net, state->sk, skb);
875
-		return NF_STOLEN;
871
+	if (nf_bridge) {
872
+		if (nf_bridge->sabotage_in_done)
873
+			return NF_ACCEPT;
874
+
875
+		if (!nf_bridge->in_prerouting &&
876
+		    !netif_is_l3_master(skb->dev) &&
877
+		    !netif_is_l3_slave(skb->dev)) {
878
+			nf_bridge->sabotage_in_done = 1;
879
+			state->okfn(state->net, state->sk, skb);
880
+			return NF_STOLEN;
881
+		}
876882 	}
877883 
878884 	return NF_ACCEPT;