From nobody Fri Feb 16 02:10:47 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tbb4m0DjVz51s68; Fri, 16 Feb 2024 02:10:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Tbb4l6v4vz43T6; Fri, 16 Feb 2024 02:10:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708049448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Q+r6RCSIyzXFlNVAJHsCFxolXV1V11sPU0PGzbEdmcE=; b=ZNwfqSunz8Qr/SZa/cGHvtZPKw1t8+IqkBbCaUrmuab81fK3TOHsaasgO1C3Ku9Bfn5qse 2tgyNwB5BGLV5KAwamSmrXm9XXEAAy0IIpQ74K84tBBIY4+1IGVCoLsR/T4lIdhfV8ILjj mPJ9iKFn1rmm4LmvBTYeqRj4o4uV4smH8GKxwVtkuucyzSVUe/aFTDdiAFMqXwcri/59mK P5Wz4NTonZKAp0N6wnLPHEaCemnW9gw+oDi6zZR2RuMaWWEmNhFVkU5/4tL0oNwhinx9wS GwGyk7+NENYT8Qgsfn8k8F7ufjcEVlwErYsPOFeHMM3L6qbWAjNp957KE99xfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708049448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Q+r6RCSIyzXFlNVAJHsCFxolXV1V11sPU0PGzbEdmcE=; b=HB/FfioovvDR1rFn5Beb88hF+uW91fd/c3kOQPtOWtC1LIwG8Pv2IWzYgGB1WCLfz1a1ph 9p517kTwmVjDy/JU3SuT1SGvxfg5ENnMXoYiuT8LHdKKwpLARB5pgxQkAWTl0WUEtbOEt2 WvTS/kl+LjJ9n54mBRbei5WRpEFvOJ5ugtkgT5U/5oeexqKccmMBl+BejQuTgzlJhk1DMC TRBO0+jot/p8cSy0qxB27sMTPQLNLdPqMocAEhWDHyx+6N+pisOp7hrVaK6afSRe3ONKxO loyN+UWTgyedyLucW+XSFb3i+UdU9LM7KDsLWrwete+uNADQEoyPHtJ+XbX1zQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708049448; a=rsa-sha256; cv=none; b=C9cFOZ4vt+xnVh5gj9w2AiSceFJYwIYUopOPLWKK91zXPSVMIbR1sRZEs/eCjr42JGN3Xi NSEEfm1FYfpxMsMoN33sp0VFfeo2N56Nzu64HWzFuD11T6ZN/rEsDGOSG9JZZEGRZEIWA/ Nv8VUWAhnnxhQviqgHbg2pnR2wGAAkHGNMSNr0xVFuCEHka72gRgWT9d7XNPX4bpxtKC/3 Amvr0KezqzTMVJysnCVRLJpBtsN+Nag8hCCQ2TOaYOiFzr54PYS6Rm07NZVeeiTBr4/y+r mYp3x2VPti/W/dFRTiQewXH8ksz3g74feBkdkXY+YCv1GIkvlMyUocZagWe2+g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Tbb4l5y8Dz160F; Fri, 16 Feb 2024 02:10:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41G2AlZA033076; Fri, 16 Feb 2024 02:10:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41G2Alrp033073; Fri, 16 Feb 2024 02:10:47 GMT (envelope-from git) Date: Fri, 16 Feb 2024 02:10:47 GMT Message-Id: <202402160210.41G2Alrp033073@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 62b1faa3b749 - main - ipfw: Skip to the start of the loop when following a keep-state rule List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 62b1faa3b7495de22a3225e42dabe6ce8c371e86 Auto-Submitted: auto-generated The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=62b1faa3b7495de22a3225e42dabe6ce8c371e86 commit 62b1faa3b7495de22a3225e42dabe6ce8c371e86 Author: Karim Fodil-Lemelin AuthorDate: 2024-02-16 01:57:51 +0000 Commit: John Baldwin CommitDate: 2024-02-16 01:57:51 +0000 ipfw: Skip to the start of the loop when following a keep-state rule When a packet matches an existing dynamic rule for a keep-state rule, the matching engine advances the "instruction pointer" to the action portion of the rule skipping over the match conditions. However, the code was merely breaking out of the switch statement rather than doing a continue, so the remainder of the loop body after the switch was still executed. If the first action opcode contains an F_NOT but not an F_OR (such as an "untag" action), then match is toggled to 0, and the code exits the inner loop via a break which aborts processing of the actions. To fix, just use a continue instead of a break. PR: 276732 Reviewed by: jhb, ae MFC after: 2 weeks --- sys/netpfil/ipfw/ip_fw2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index d2b01fde6944..e43d1a8fbbff 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -2886,8 +2886,7 @@ do { \ cmd = ACTION_PTR(f); l = f->cmd_len - f->act_ofs; cmdlen = 0; - match = 1; - break; + continue; } /* * Dynamic entry not found. If CHECK_STATE,