svn commit: r326115 - head/sys/netpfil/ipfw

Andrey V. Elsukov ae at FreeBSD.org
Thu Nov 23 05:55:54 UTC 2017


Author: ae
Date: Thu Nov 23 05:55:53 2017
New Revision: 326115
URL: https://svnweb.freebsd.org/changeset/base/326115

Log:
  Rework rule ranges matching. Use comparison rule id with UINT32_MAX to
  match all rules with the same rule number.
  
  Obtained from:	Yandex LLC
  MFC after:	1 week
  Sponsored by:	Yandex LLC

Modified:
  head/sys/netpfil/ipfw/ip_fw_sockopt.c

Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_sockopt.c	Thu Nov 23 05:54:04 2017	(r326114)
+++ head/sys/netpfil/ipfw/ip_fw_sockopt.c	Thu Nov 23 05:55:53 2017	(r326115)
@@ -1021,10 +1021,9 @@ delete_range(struct ip_fw_chain *chain, ipfw_range_tlv
 	if ((rt->flags & IPFW_RCFLAG_RANGE) != 0) {
 		start = ipfw_find_rule(chain, rt->start_rule, 0);
 
-		end = ipfw_find_rule(chain, rt->end_rule, 0);
-		if (rt->end_rule != IPFW_DEFAULT_RULE)
-			while (chain->map[end]->rulenum == rt->end_rule)
-				end++;
+		if (rt->end_rule >= IPFW_DEFAULT_RULE)
+			rt->end_rule = IPFW_DEFAULT_RULE - 1;
+		end = ipfw_find_rule(chain, rt->end_rule, UINT32_MAX);
 	}
 
 	/* Allocate new map of the same size */
@@ -2401,9 +2400,9 @@ dump_config(struct ip_fw_chain *chain, ip_fw3_opheader
 		if ((rnum = hdr->start_rule) > IPFW_DEFAULT_RULE)
 			rnum = IPFW_DEFAULT_RULE;
 		da.b = ipfw_find_rule(chain, rnum, 0);
-		rnum = hdr->end_rule;
-		rnum = (rnum < IPFW_DEFAULT_RULE) ? rnum+1 : IPFW_DEFAULT_RULE;
-		da.e = ipfw_find_rule(chain, rnum, 0) + 1;
+		rnum = (hdr->end_rule < IPFW_DEFAULT_RULE) ?
+		    hdr->end_rule + 1: IPFW_DEFAULT_RULE;
+		da.e = ipfw_find_rule(chain, rnum, UINT32_MAX) + 1;
 	}
 
 	if (hdr->flags & IPFW_CFG_GET_STATIC) {


More information about the svn-src-head mailing list