svn commit: r351387 - stable/11/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Thu Aug 22 08:49:22 UTC 2019
Author: ae
Date: Thu Aug 22 08:49:21 2019
New Revision: 351387
URL: https://svnweb.freebsd.org/changeset/base/351387
Log:
MFC r351071:
Fix rule truncation on external action module unloading.
Modified:
stable/11/sys/netpfil/ipfw/ip_fw_eaction.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/ipfw/ip_fw_eaction.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw_eaction.c Thu Aug 22 08:47:18 2019 (r351386)
+++ stable/11/sys/netpfil/ipfw/ip_fw_eaction.c Thu Aug 22 08:49:21 2019 (r351387)
@@ -391,19 +391,19 @@ ipfw_reset_eaction(struct ip_fw_chain *ch, struct ip_f
cmd->arg1 != eaction_id)
return (0);
/*
- * If instance_id is specified, we need to truncate the
- * rule length. Check if there is O_EXTERNAL_INSTANCE opcode.
+ * Check if there is O_EXTERNAL_INSTANCE opcode, we need
+ * to truncate the rule length.
*
* NOTE: F_LEN(cmd) must be 1 for O_EXTERNAL_ACTION opcode,
* and rule length should be enough to keep O_EXTERNAL_INSTANCE
* opcode, thus we do check for l > 1.
*/
l = rule->cmd + rule->cmd_len - cmd;
- if (instance_id != 0 && l > 1) {
+ if (l > 1) {
MPASS(F_LEN(cmd) == 1);
icmd = cmd + 1;
- if (icmd->opcode != O_EXTERNAL_INSTANCE ||
- icmd->arg1 != instance_id)
+ if (icmd->opcode == O_EXTERNAL_INSTANCE &&
+ instance_id != 0 && icmd->arg1 != instance_id)
return (0);
/*
* Since named_object related to this instance will be
More information about the svn-src-all
mailing list