svn commit: r209589 - head/sys/netinet/ipfw
Gleb Smirnoff
glebius at FreeBSD.org
Tue Jun 29 16:57:31 UTC 2010
Author: glebius
Date: Tue Jun 29 16:57:30 2010
New Revision: 209589
URL: http://svn.freebsd.org/changeset/base/209589
Log:
After processing the O_SKIPTO opcode our cmd points to the next rule, and
"match" processing at the end of inner loop would look ahead into the next
rule, which is incorrect. Particularly, in the case when the next rule
started with F_NOT opcode it was skipped blindly.
To fix this, exit the inner loop with the continue operator forcibly and
explicitly.
PR: kern/147798
Modified:
head/sys/netinet/ipfw/ip_fw2.c
Modified: head/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw2.c Tue Jun 29 14:32:01 2010 (r209588)
+++ head/sys/netinet/ipfw/ip_fw2.c Tue Jun 29 16:57:30 2010 (r209589)
@@ -2012,14 +2012,15 @@ do { \
(1 << chain->map[f_pos]->set));
f_pos++)
;
- /* prepare to enter the inner loop */
+ /* Re-enter the inner loop at the skipto rule. */
f = chain->map[f_pos];
l = f->cmd_len;
cmd = f->cmd;
match = 1;
cmdlen = 0;
skip_or = 0;
- break;
+ continue;
+ break; /* not reached */
case O_REJECT:
/*
More information about the svn-src-all
mailing list