From nobody Mon Apr 08 19:04:37 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VCz6Z2Cl3z5HYY6; Mon, 8 Apr 2024 19:04:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VCz6Y6WV6z4glY; Mon, 8 Apr 2024 19:04:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1712603077; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7OuVP1OfwWji1rWNfcVcKLNJwhH9j+Pqd5qrWClBCbk=; b=N6ZZYpnvVUWnNi1c3y8nBTdg7Gv9zERIB/N8tzs7M8hiwvJ1vokVg0Lc2s1OhG2pc0C7F1 0vAHl06uZ77L6bZZrTjM01VgOFPJCCugDKN2QUzbmepe78CbmSgusx7gihW08D2WcfzfkW xhoOCTFJqxK6m7AHhPKRE46T02RjJjnjF2k/66qyrJA3vKT2vS493oeHF2Qs6uHzeZkLxx Uv78pGUlHz6P93KqgCrzPiQK0nNplhQ92Y51QxayZCoveqv4/dqhv88HvpYt4IKSqg4Qs8 bLfGpDVSJjWDSQfazg87P8848ESZ6+H73xDzQUX5t/IzuOcePkQEK0rjL20SPQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1712603077; a=rsa-sha256; cv=none; b=qU0ENO+Wz5TVKmlVPDGk+iSTkDWKSx3mldU5qFtba19ljZ09ZPtRBIVq0olVf3SwjhRJNk EmQ+cndLKzISfYFqp5UDwVXD31PFVqWiixlkbzxbInC0HDjdcA6gUorFvQ1WJLtlCjnWQK xrfqbZsvTGLbGFn+jCSord7G29ppmwYFh2CWvlT1AOdviGLUAODSfILUVthaWaNTWM7vSi taf7FsAs8ceJQou8BlQV6hT1DwcvsOjveK7cAhKq0I7QiNZ0dEyntVBBZCf4t79qFEMBSU w9AVWw2LSTVHKpZpbpcz4YijBME0uXpF9wuTPYT0N4F+gzYHLhPvxypye5Mv/Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1712603077; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7OuVP1OfwWji1rWNfcVcKLNJwhH9j+Pqd5qrWClBCbk=; b=GmLn0f/jHG4498BrJ1NKfpNjgWjqG47D4KFFCecb+OuqVLnThwJP8WU6/PArF+8bfLEiD2 HeGsn9VdnwRjXwvZIJKFbu6Rhfwe2XJ+DbEeg5j7Jghh6mNiV/8KeSF41o9GjpYYxWAkTs Dac3VI1sSI9Xzf5egP3PFnhsU/8S2be6UfO3g76bL3BujrrzKhMavDT79Wh2nt8PKcC1pP lQx5MY4toNktvHBYruJ03Chgt9T/O3IvMRHHa9+CwAGssDT+GqJdmZ361wPoeF95s/66vM 1prByFDQPuKFn/rbQKto+Dktp+HVkfireVYVTPoN388w1kPEm2MP6CS3OzWXjw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VCz6Y67b9zN1G; Mon, 8 Apr 2024 19:04:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 438J4bWh094675; Mon, 8 Apr 2024 19:04:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 438J4bF9094672; Mon, 8 Apr 2024 19:04:37 GMT (envelope-from git) Date: Mon, 8 Apr 2024 19:04:37 GMT Message-Id: <202404081904.438J4bF9094672@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: d2c8cb41d1a2 - stable/14 - ipfw: Skip to the start of the loop when following a keep-state rule List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: d2c8cb41d1a2e531737a6da4cb9958bc497477c3 Auto-Submitted: auto-generated The branch stable/14 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=d2c8cb41d1a2e531737a6da4cb9958bc497477c3 commit d2c8cb41d1a2e531737a6da4cb9958bc497477c3 Author: Karim Fodil-Lemelin AuthorDate: 2024-02-16 01:57:51 +0000 Commit: John Baldwin CommitDate: 2024-04-08 17:57:53 +0000 ipfw: Skip to the start of the loop when following a keep-state rule When a packet matches an existing dynamic rule for a keep-state rule, the matching engine advances the "instruction pointer" to the action portion of the rule skipping over the match conditions. However, the code was merely breaking out of the switch statement rather than doing a continue, so the remainder of the loop body after the switch was still executed. If the first action opcode contains an F_NOT but not an F_OR (such as an "untag" action), then match is toggled to 0, and the code exits the inner loop via a break which aborts processing of the actions. To fix, just use a continue instead of a break. PR: 276732 Reviewed by: jhb, ae MFC after: 2 weeks (cherry picked from commit 62b1faa3b7495de22a3225e42dabe6ce8c371e86) --- sys/netpfil/ipfw/ip_fw2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index d2b01fde6944..e43d1a8fbbff 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -2886,8 +2886,7 @@ do { \ cmd = ACTION_PTR(f); l = f->cmd_len - f->act_ofs; cmdlen = 0; - match = 1; - break; + continue; } /* * Dynamic entry not found. If CHECK_STATE,