svn commit: r316605 - stable/11/sys/netpfil/ipfw

Andrey V. Elsukov ae at FreeBSD.org
Fri Apr 7 10:45:29 UTC 2017


Author: ae
Date: Fri Apr  7 10:45:28 2017
New Revision: 316605
URL: https://svnweb.freebsd.org/changeset/base/316605

Log:
  MFC r316329:
    Reset the cached state of last lookup in the dynamic states when an
    external action is completed, but the rule search is continued.
  
    External action handler can change the content of @args argument,
    that is used for dynamic state lookup. Enforce the new lookup to be able
    install new state, when the search is continued.
  
    Obtained from:	Yandex LLC
    Sponsored by:	Yandex LLC

Modified:
  stable/11/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw2.c	Fri Apr  7 09:13:26 2017	(r316604)
+++ stable/11/sys/netpfil/ipfw/ip_fw2.c	Fri Apr  7 10:45:28 2017	(r316605)
@@ -2616,8 +2616,17 @@ do {								\
 				 * consider this as rule matching and
 				 * update counters.
 				 */
-				if (retval == 0 && done == 0)
+				if (retval == 0 && done == 0) {
 					IPFW_INC_RULE_COUNTER(f, pktlen);
+					/*
+					 * Reset the result of the last
+					 * dynamic state lookup.
+					 * External action can change
+					 * @args content, and it may be
+					 * used for new state lookup later.
+					 */
+					dyn_dir = MATCH_UNKNOWN;
+				}
 				break;
 
 			default:


More information about the svn-src-all mailing list