d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix O_IP_FLOW_LOOKUP opcode handling.

Browse Source 
Do not check table value matching when table lookup has failed.

Reported by:	Sergey Lobanov
MFC after:	1 week
This commit is contained in:
Andrey V. Elsukov 2020-05-29 10:37:42 +00:00
parent 4d3aef0780
commit e43ae8dcb5
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=361624
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/netpfil/ipfw/ip_fw2.c
View File

@ -2106,6 +2106,8 @@ do { \
uint32_t v = 0;
match = ipfw_lookup_table(chain,
cmd->arg1, 0, &args->f_id, &v);
if (!match)
break;
if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))
match = ((ipfw_insn_u32 *)cmd)->d[0] ==
TARG_VAL(chain, v, tag);