svn commit: r316329 - head/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Fri Mar 31 09:26:10 UTC 2017
Author: ae
Date: Fri Mar 31 09:26:08 2017
New Revision: 316329
URL: https://svnweb.freebsd.org/changeset/base/316329
Log:
Reset the cached state of last lookup in the dynamic states when an
external action is completed, but the rule search is continued.
External action handler can change the content of @args argument,
that is used for dynamic state lookup. Enforce the new lookup to be able
install new state, when the search is continued.
Obtained from: Yandex LLC
MFC after: 1 week
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/ip_fw2.c
Modified: head/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw2.c Fri Mar 31 09:10:05 2017 (r316328)
+++ head/sys/netpfil/ipfw/ip_fw2.c Fri Mar 31 09:26:08 2017 (r316329)
@@ -2616,8 +2616,17 @@ do { \
* consider this as rule matching and
* update counters.
*/
- if (retval == 0 && done == 0)
+ if (retval == 0 && done == 0) {
IPFW_INC_RULE_COUNTER(f, pktlen);
+ /*
+ * Reset the result of the last
+ * dynamic state lookup.
+ * External action can change
+ * @args content, and it may be
+ * used for new state lookup later.
+ */
+ dyn_dir = MATCH_UNKNOWN;
+ }
break;
default:
More information about the svn-src-all
mailing list