svn commit: r344870 - head/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Thu Mar 7 04:40:45 UTC 2019
Author: ae
Date: Thu Mar 7 04:40:44 2019
New Revision: 344870
URL: https://svnweb.freebsd.org/changeset/base/344870
Log:
Fix the problem with O_LIMIT states introduced in r344018.
dyn_install_state() uses `rule` pointer when it creates state.
For O_LIMIT states this pointer actually is not struct ip_fw,
it is pointer to O_LIMIT_PARENT state, that keeps actual pointer
to ip_fw parent rule. Thus we need to cache rule id and number
before calling dyn_get_parent_state(), so we can use them later
when the `rule` pointer is overrided.
PR: 236292
MFC after: 3 days
Modified:
head/sys/netpfil/ipfw/ip_fw_dynamic.c
Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_dynamic.c Thu Mar 7 03:53:48 2019 (r344869)
+++ head/sys/netpfil/ipfw/ip_fw_dynamic.c Thu Mar 7 04:40:44 2019 (r344870)
@@ -1868,11 +1868,13 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint
uint16_t kidx, uint8_t type)
{
struct ipfw_flow_id id;
- uint32_t hashval, parent_hashval;
+ uint32_t hashval, parent_hashval, ruleid, rulenum;
int ret;
MPASS(type == O_LIMIT || type == O_KEEP_STATE);
+ ruleid = rule->id;
+ rulenum = rule->rulenum;
if (type == O_LIMIT) {
/* Create masked flow id and calculate bucket */
id.addr_type = pkt->addr_type;
@@ -1927,11 +1929,11 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint
hashval = hash_packet(pkt);
if (IS_IP4_FLOW_ID(pkt))
- ret = dyn_add_ipv4_state(rule, rule->id, rule->rulenum, pkt,
+ ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
ulp, pktlen, hashval, info, fibnum, kidx, type);
#ifdef INET6
else if (IS_IP6_FLOW_ID(pkt))
- ret = dyn_add_ipv6_state(rule, rule->id, rule->rulenum, pkt,
+ ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
zoneid, ulp, pktlen, hashval, info, fibnum, kidx, type);
#endif /* INET6 */
else
More information about the svn-src-all
mailing list