svn commit: r209795 - stable/8/sys/netinet/ipfw
Gleb Smirnoff
glebius at FreeBSD.org
Thu Jul 8 12:20:15 UTC 2010
Author: glebius
Date: Thu Jul 8 12:20:15 2010
New Revision: 209795
URL: http://svn.freebsd.org/changeset/base/209795
Log:
Merge 209589 from head:
After processing the O_SKIPTO opcode our cmd points to the next rule, and
"match" processing at the end of inner loop would look ahead into the next
rule, which is incorrect. Particularly, in the case when the next rule
started with F_NOT opcode it was skipped blindly.
To fix this, exit the inner loop with the continue operator forcibly and
explicitly.
PR: kern/147798
Modified:
stable/8/sys/netinet/ipfw/ip_fw2.c
Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_fw2.c Thu Jul 8 11:21:11 2010 (r209794)
+++ stable/8/sys/netinet/ipfw/ip_fw2.c Thu Jul 8 12:20:15 2010 (r209795)
@@ -2012,14 +2012,15 @@ do { \
(1 << chain->map[f_pos]->set));
f_pos++)
;
- /* prepare to enter the inner loop */
+ /* Re-enter the inner loop at the skipto rule. */
f = chain->map[f_pos];
l = f->cmd_len;
cmd = f->cmd;
match = 1;
cmdlen = 0;
skip_or = 0;
- break;
+ continue;
+ break; /* not reached */
case O_REJECT:
/*
More information about the svn-src-all
mailing list