svn commit: r344870 - head/sys/netpfil/ipfw

Andrey V. Elsukov ae at FreeBSD.org
Thu Mar 7 04:40:45 UTC 2019


Author: ae
Date: Thu Mar  7 04:40:44 2019
New Revision: 344870
URL: https://svnweb.freebsd.org/changeset/base/344870

Log:
  Fix the problem with O_LIMIT states introduced in r344018.
  
  dyn_install_state() uses `rule` pointer when it creates state.
  For O_LIMIT states this pointer actually is not struct ip_fw,
  it is pointer to O_LIMIT_PARENT state, that keeps actual pointer
  to ip_fw parent rule. Thus we need to cache rule id and number
  before calling dyn_get_parent_state(), so we can use them later
  when the `rule` pointer is overrided.
  
  PR:		236292
  MFC after:	3 days

Modified:
  head/sys/netpfil/ipfw/ip_fw_dynamic.c

Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_dynamic.c	Thu Mar  7 03:53:48 2019	(r344869)
+++ head/sys/netpfil/ipfw/ip_fw_dynamic.c	Thu Mar  7 04:40:44 2019	(r344870)
@@ -1868,11 +1868,13 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint
     uint16_t kidx, uint8_t type)
 {
 	struct ipfw_flow_id id;
-	uint32_t hashval, parent_hashval;
+	uint32_t hashval, parent_hashval, ruleid, rulenum;
 	int ret;
 
 	MPASS(type == O_LIMIT || type == O_KEEP_STATE);
 
+	ruleid = rule->id;
+	rulenum = rule->rulenum;
 	if (type == O_LIMIT) {
 		/* Create masked flow id and calculate bucket */
 		id.addr_type = pkt->addr_type;
@@ -1927,11 +1929,11 @@ dyn_install_state(const struct ipfw_flow_id *pkt, uint
 
 	hashval = hash_packet(pkt);
 	if (IS_IP4_FLOW_ID(pkt))
-		ret = dyn_add_ipv4_state(rule, rule->id, rule->rulenum, pkt,
+		ret = dyn_add_ipv4_state(rule, ruleid, rulenum, pkt,
 		    ulp, pktlen, hashval, info, fibnum, kidx, type);
 #ifdef INET6
 	else if (IS_IP6_FLOW_ID(pkt))
-		ret = dyn_add_ipv6_state(rule, rule->id, rule->rulenum, pkt,
+		ret = dyn_add_ipv6_state(rule, ruleid, rulenum, pkt,
 		    zoneid, ulp, pktlen, hashval, info, fibnum, kidx, type);
 #endif /* INET6 */
 	else


More information about the svn-src-head mailing list