Fix O_IP_FLOW_LOOKUP opcode handling.
Do not check table value matching when table lookup has failed. Reported by: Sergey Lobanov MFC after: 1 week
This commit is contained in:
parent
4d3aef0780
commit
e43ae8dcb5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=361624
@ -2106,6 +2106,8 @@ do { \
|
|||||||
uint32_t v = 0;
|
uint32_t v = 0;
|
||||||
match = ipfw_lookup_table(chain,
|
match = ipfw_lookup_table(chain,
|
||||||
cmd->arg1, 0, &args->f_id, &v);
|
cmd->arg1, 0, &args->f_id, &v);
|
||||||
|
if (!match)
|
||||||
|
break;
|
||||||
if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))
|
if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))
|
||||||
match = ((ipfw_insn_u32 *)cmd)->d[0] ==
|
match = ((ipfw_insn_u32 *)cmd)->d[0] ==
|
||||||
TARG_VAL(chain, v, tag);
|
TARG_VAL(chain, v, tag);
|
||||||
|
Loading…
Reference in New Issue
Block a user