svn commit: r314990 - stable/11/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Fri Mar 10 05:44:16 UTC 2017
Author: ae
Date: Fri Mar 10 05:44:14 2017
New Revision: 314990
URL: https://svnweb.freebsd.org/changeset/base/314990
Log:
MFC r314614:
Fix matching table entry value. Use real table value instead of its index
in valuestate array.
When opcode has size equal to ipfw_insn_u32, this means that it should
additionally match value specified in d[0] with table entry value.
ipfw_table_lookup() returns table value index, use TARG_VAL() macro to
convert it to its value. The actual 32-bit value stored in the tag field
of table_value structure, where all unspecified u32 values are kept.
PR: 217262
Modified:
stable/11/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw2.c Fri Mar 10 04:49:40 2017 (r314989)
+++ stable/11/sys/netpfil/ipfw/ip_fw2.c Fri Mar 10 05:44:14 2017 (r314990)
@@ -1510,8 +1510,8 @@ do { \
if (!match)
break;
if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))
- match =
- ((ipfw_insn_u32 *)cmd)->d[0] == v;
+ match = ((ipfw_insn_u32 *)cmd)->d[0] ==
+ TARG_VAL(chain, v, tag);
else
tablearg = v;
} else if (is_ipv6) {
@@ -1523,7 +1523,8 @@ do { \
sizeof(struct in6_addr),
pkey, &v);
if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))
- match = ((ipfw_insn_u32 *)cmd)->d[0] == v;
+ match = ((ipfw_insn_u32 *)cmd)->d[0] ==
+ TARG_VAL(chain, v, tag);
if (match)
tablearg = v;
}
@@ -1535,7 +1536,8 @@ do { \
match = ipfw_lookup_table_extended(chain,
cmd->arg1, 0, &args->f_id, &v);
if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))
- match = ((ipfw_insn_u32 *)cmd)->d[0] == v;
+ match = ((ipfw_insn_u32 *)cmd)->d[0] ==
+ TARG_VAL(chain, v, tag);
if (match)
tablearg = v;
}
More information about the svn-src-all
mailing list