svn commit: r361789 - head/sys/netpfil/ipfw
Eugene Grosbein
eugen at FreeBSD.org
Thu Jun 4 14:15:39 UTC 2020
Author: eugen
Date: Thu Jun 4 14:15:39 2020
New Revision: 361789
URL: https://svnweb.freebsd.org/changeset/base/361789
Log:
ipfw: unbreak matching with big table type flow.
Test case:
# n=32769
# ipfw -q table 1 create type flow:proto,dst-ip,dst-port
# jot -w 'table 1 add tcp,127.0.0.1,' $n 1 | ipfw -q /dev/stdin
# ipfw -q add 5 unreach filter-prohib flow 'table(1)'
The rule 5 matches nothing without the fix if n>=32769.
With the fix, it works:
# telnet localhost 10001
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Permission denied
telnet: Unable to connect to remote host
MFC after: 2 weeks
Discussed with: ae, melifaro
Modified:
head/sys/netpfil/ipfw/ip_fw_table_algo.c
Modified: head/sys/netpfil/ipfw/ip_fw_table_algo.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table_algo.c Thu Jun 4 13:18:21 2020 (r361788)
+++ head/sys/netpfil/ipfw/ip_fw_table_algo.c Thu Jun 4 14:15:39 2020 (r361789)
@@ -3204,7 +3204,8 @@ ta_lookup_fhash(struct table_info *ti, void *key, uint
struct fhashentry *ent;
struct fhashentry4 *m4;
struct ipfw_flow_id *id;
- uint16_t hash, hsize;
+ uint32_t hsize;
+ uint16_t hash;
id = (struct ipfw_flow_id *)key;
head = (struct fhashbhead *)ti->state;
More information about the svn-src-head
mailing list