svn commit: r326115 - head/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Thu Nov 23 05:55:54 UTC 2017
Author: ae
Date: Thu Nov 23 05:55:53 2017
New Revision: 326115
URL: https://svnweb.freebsd.org/changeset/base/326115
Log:
Rework rule ranges matching. Use comparison rule id with UINT32_MAX to
match all rules with the same rule number.
Obtained from: Yandex LLC
MFC after: 1 week
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/ip_fw_sockopt.c
Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_sockopt.c Thu Nov 23 05:54:04 2017 (r326114)
+++ head/sys/netpfil/ipfw/ip_fw_sockopt.c Thu Nov 23 05:55:53 2017 (r326115)
@@ -1021,10 +1021,9 @@ delete_range(struct ip_fw_chain *chain, ipfw_range_tlv
if ((rt->flags & IPFW_RCFLAG_RANGE) != 0) {
start = ipfw_find_rule(chain, rt->start_rule, 0);
- end = ipfw_find_rule(chain, rt->end_rule, 0);
- if (rt->end_rule != IPFW_DEFAULT_RULE)
- while (chain->map[end]->rulenum == rt->end_rule)
- end++;
+ if (rt->end_rule >= IPFW_DEFAULT_RULE)
+ rt->end_rule = IPFW_DEFAULT_RULE - 1;
+ end = ipfw_find_rule(chain, rt->end_rule, UINT32_MAX);
}
/* Allocate new map of the same size */
@@ -2401,9 +2400,9 @@ dump_config(struct ip_fw_chain *chain, ip_fw3_opheader
if ((rnum = hdr->start_rule) > IPFW_DEFAULT_RULE)
rnum = IPFW_DEFAULT_RULE;
da.b = ipfw_find_rule(chain, rnum, 0);
- rnum = hdr->end_rule;
- rnum = (rnum < IPFW_DEFAULT_RULE) ? rnum+1 : IPFW_DEFAULT_RULE;
- da.e = ipfw_find_rule(chain, rnum, 0) + 1;
+ rnum = (hdr->end_rule < IPFW_DEFAULT_RULE) ?
+ hdr->end_rule + 1: IPFW_DEFAULT_RULE;
+ da.e = ipfw_find_rule(chain, rnum, UINT32_MAX) + 1;
}
if (hdr->flags & IPFW_CFG_GET_STATIC) {
More information about the svn-src-head
mailing list