From nobody Tue Jan 21 11:46:39 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YclmH5x2sz5kypH; Tue, 21 Jan 2025 11:46:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YclmH57Y7z3dl3; Tue, 21 Jan 2025 11:46:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737459999; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7HeA7KqQUQ/Wg6v7WuGhSaN26OC5iRraNaFRehi6pXI=; b=j6s072FAFotWoeZe0muR01b/M4qhxWcuG8TZw9+5MUjDRtbF9eeyWdgczPoL0mx2mfrqKb wmPM5M0mxCiTu6JGahurK8jrT++mpcdhvK11e6Z5ADtkiQ/bkViO6WAOLG02uKb0Zzlc1E rItAoMUptc+pLlkowXnyZyGLUns5TmUwzEL0ftpio3m21wQnb0ONf8tdR/m34Q1dmmvpZk 3qQZys7MqAMlq8us/XuiLoo/hRoO4OfUZNGW7X8R88nT9ZCiXg28hWxfiinJrmWZskA2tN ZcuhOz+XtPVBgtyzScYIchMuLAf6wzpt83KfPv32rFeimUnpO/OGyyyjrzWOyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737459999; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7HeA7KqQUQ/Wg6v7WuGhSaN26OC5iRraNaFRehi6pXI=; b=fIx4ZZXDkN6Poz7H38hAJtzjFTO+O95E0jHipU5kizKl2OnTRtYYsJqIiJ1g+7xZS5rgFg 5iM2X27/ljPaOgXJYko/ZZoJQyXLtuvOvXABI9UGXBZX62ua4269gRrBevoKrjRABB8r3U VamFtmIyF4BLVbrbEkGNGwNWzc0dhpfr4wJRbAgM7A5j7CV+BhV0DMTtCJvgW2aXy7YKI7 0AC2UfScXy8t/jXhunm0k9QFLUsIhSfEyaXs4oIAjK1Uz5xc4bEW13VIj3qe3hdbERvylq OWCYc1VihM58IKvvQ6nIgTxeOdUHDWeorUVZnElyLyz7cly0H6rqQe+i//wjMw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1737459999; a=rsa-sha256; cv=none; b=psCMtEvwXqZLHLWfDiQeB9OpN0X2O9FcmgIW1yNe2oFLLg1/mKn4C2SorFC08v8YncOY0c z29mXOhCF7aUgx+u6WG0OqNqhjd7XRjU+8K9/9ZWpC75CZq5o2hXcz2dNM3HKsD/8acBHn t4HHMiVmDGAt3BW/jkdF1//tbw8gWY8PQVCP63bB6XIf2eI6Br3hHF3D34DOBJnfOiA2Cf VYtQgpjTji1SRsxlJTBXmdln2SgLOfMbcl7MkhZ+oT2cr0lQxGD84zwx9wRH6fCqqdgQXt thmq4cbXhKqMuzBwimzbhGdiOsbp+i9NVDavTSjpiKs1pC2IqU2VpPUN7R0+xg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YclmH46zMz14st; Tue, 21 Jan 2025 11:46:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50LBkdZ3085708; Tue, 21 Jan 2025 11:46:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50LBkdsa085705; Tue, 21 Jan 2025 11:46:39 GMT (envelope-from git) Date: Tue, 21 Jan 2025 11:46:39 GMT Message-Id: <202501211146.50LBkdsa085705@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Andrey V. Elsukov" Subject: git: e98f79cc71a3 - stable/13 - ipfw: use only needed TCP flags for state tracking List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ae X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: e98f79cc71a35c25a83788f8ac9ba3375baaf149 Auto-Submitted: auto-generated The branch stable/13 has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=e98f79cc71a35c25a83788f8ac9ba3375baaf149 commit e98f79cc71a35c25a83788f8ac9ba3375baaf149 Author: Andrey V. Elsukov AuthorDate: 2024-12-12 12:57:45 +0000 Commit: Andrey V. Elsukov CommitDate: 2025-01-21 11:45:09 +0000 ipfw: use only needed TCP flags for state tracking This fixes stateful firewall failures after adding TH_AE flag into TH_FLAGS. Reported by: ronald Fixes: 347dd05 (cherry picked from commit 9ea8d692f4cb552902b9e8394260d7f3cf4aefb0) --- sys/netpfil/ipfw/ip_fw_dynamic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 29ffe4f320ab..a100101f87d4 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -920,7 +920,8 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int dyn_type, #define _SEQ_GE(a,b) ((int)((a)-(b)) >= 0) #define BOTH_SYN (TH_SYN | (TH_SYN << 8)) #define BOTH_FIN (TH_FIN | (TH_FIN << 8)) -#define TCP_FLAGS (TH_FLAGS | (TH_FLAGS << 8)) +#define BOTH_RST (TH_RST | (TH_RST << 8)) +#define TCP_FLAGS (BOTH_SYN | BOTH_FIN | BOTH_RST) #define ACK_FWD 0x00010000 /* fwd ack seen */ #define ACK_REV 0x00020000 /* rev ack seen */ #define ACK_BOTH (ACK_FWD | ACK_REV)