From nobody Thu Dec 12 13:06:54 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y8CRL3RG1z5gFnc; Thu, 12 Dec 2024 13:06:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Y8CRL2nb0z4Qsg; Thu, 12 Dec 2024 13:06:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734008814; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xRYKdxY5GnSgiP6sbgdddItP2LjZK5nA1zWrm6HQVaY=; b=DA4BFUs2TiIIn12ALJEEiu6oNgPxLM7DCMPxMx3TM+nNHGVX+l7qALOV5xAhWvm3m6ZYfn 3NRSmWHHEhMvnyfS6oiL8sQxl5Wv5AiE5ENdFv6svlLFH4Cr+A6+Tb4qxBHdjyGyiYcp2b U+03hS6iX3VuCK8yC4icGaMRQp7HHqWSu62w15O/eIjH/VfIslATXYc9dbGxf0PiOIdsSp FX7eF0p850VudKRw9ukfwTnScVfY+WVQsVZRItDewRkpfSt8WQucUzVGy1JjZCZYGn3rXh hHL41C2AwNZfK3sC4HfllK1GibGz+x31qS4QHM4OpuFsOmc1evJekAeJ4JuOqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734008814; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xRYKdxY5GnSgiP6sbgdddItP2LjZK5nA1zWrm6HQVaY=; b=b51pGEzjaHq80jsT+ulTF/W0GRkmqYWCsHcwIqCR3g7f3352lo2XbsAN7cMYABWPw8RT+R lk0IssDXI1iEjdvFOQ5h5b6WcWkc4Edn+ggLsfrRLFGL++Yo1LGneWWQC071Qm2EmuUfr7 o0o4RNz6vXMdYlFaEjjlo8shcE37dzFvN5lblTcNOr7p0wtwmnoMMGBNx3pW2hamK2U3n2 eck/lenYX2nW13PcGcs8eme5vVtl2sva/+t+KURIvrkP7NdRsAioLKWaldh5k4zrUllfFK 4UG62+LNm4BakId7FSL7C4g/mHoBbpuf+7/D7luNBgV2PobZrOqcDAxQOrzK7Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734008814; a=rsa-sha256; cv=none; b=LGTcREOHRyEg+5VG2GB3G4ovGsAWVMp7pF1tRlu1XrnfoAsEMqKhXJASNu3jBs+a1Vkqct XHnHXl7NCwLvC3pilas+o7WFnIUhHnuxTWiA6C7OVtIY31CdVkV9gIo+HAMJzIEtzfPNv3 mBuUq8XCniifaKL44Cds2pHOP5AkVVCsv0cZCMT8f64xTaj5lSY/1D1qu3JhuQLuTn3gUN P8FjWv/EnBqFieyC07/4jqntkCMECuFcuuXtU05iGep1voro1YJ5/CsJK82Gj3fLX1SlUY eV8jVIFB1E6UvEAeotqMYNOV6DiwwnN+6H92aDo4yf8h8Y8wJ8YBL4Jsbbs+pA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Y8CRL2G1rztDq; Thu, 12 Dec 2024 13:06:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BCD6sIx017461; Thu, 12 Dec 2024 13:06:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BCD6sqR017458; Thu, 12 Dec 2024 13:06:54 GMT (envelope-from git) Date: Thu, 12 Dec 2024 13:06:54 GMT Message-Id: <202412121306.4BCD6sqR017458@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Andrey V. Elsukov" Subject: git: 9ea8d692f4cb - main - ipfw: use only needed TCP flags for state tracking List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ae X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9ea8d692f4cb552902b9e8394260d7f3cf4aefb0 Auto-Submitted: auto-generated The branch main has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=9ea8d692f4cb552902b9e8394260d7f3cf4aefb0 commit 9ea8d692f4cb552902b9e8394260d7f3cf4aefb0 Author: Andrey V. Elsukov AuthorDate: 2024-12-12 12:57:45 +0000 Commit: Andrey V. Elsukov CommitDate: 2024-12-12 12:57:45 +0000 ipfw: use only needed TCP flags for state tracking This fixes stateful firewall failures after adding TH_AE flag into TH_FLAGS. Reported by: ronald Fixes: 347dd05 MFC after: 2 weeks --- sys/netpfil/ipfw/ip_fw_dynamic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 34aae71c174b..ff55e3360c13 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -920,7 +920,8 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int dyn_type, #define _SEQ_GE(a,b) ((int)((a)-(b)) >= 0) #define BOTH_SYN (TH_SYN | (TH_SYN << 8)) #define BOTH_FIN (TH_FIN | (TH_FIN << 8)) -#define TCP_FLAGS (TH_FLAGS | (TH_FLAGS << 8)) +#define BOTH_RST (TH_RST | (TH_RST << 8)) +#define TCP_FLAGS (BOTH_SYN | BOTH_FIN | BOTH_RST) #define ACK_FWD 0x00010000 /* fwd ack seen */ #define ACK_REV 0x00020000 /* rev ack seen */ #define ACK_BOTH (ACK_FWD | ACK_REV)