d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
95033af923
freebsd-dev/sys/netpfil/ipfw
History
Eugene Grosbein 47cb0632e8 ipfw: unbreak matching with big table type flow. 
Test case:

# n=32769
# ipfw -q table 1 create type flow:proto,dst-ip,dst-port
# jot -w 'table 1 add tcp,127.0.0.1,' $n 1 | ipfw -q /dev/stdin
# ipfw -q add 5 unreach filter-prohib flow 'table(1)'

The rule 5 matches nothing without the fix if n>=32769.

With the fix, it works:
# telnet localhost 10001
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Permission denied
telnet: Unable to connect to remote host

MFC after:	2 weeks
Discussed with: ae, melifaro
2020-06-04 14:15:39 +00:00
..
nat64 Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
nptv6 Use epoch(9) directly instead of obsoleted KPI. 2019-10-14 16:37:41 +00:00
pmod Use host byte order when comparing mss values. 2018-08-08 17:32:02 +00:00
test
dn_aqm_codel.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
dn_aqm_codel.h
dn_aqm_pie.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
dn_aqm_pie.h
dn_aqm.h
dn_heap.c
dn_heap.h
dn_sched_fifo.c
dn_sched_fq_codel_helper.h
dn_sched_fq_codel.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
dn_sched_fq_codel.h
dn_sched_fq_pie.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
dn_sched_prio.c
dn_sched_qfq.c
dn_sched_rr.c
dn_sched_wf2q.c
dn_sched.h
dummynet.txt
ip_dn_glue.c
ip_dn_io.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
ip_dn_private.h Remove 'dir' argument from dummynet_io(). This makes it possible to make 2019-03-14 22:32:50 +00:00
ip_dummynet.c Use NET_TASK_INIT() and NET_GROUPTASK_INIT() for drivers that process 2020-02-18 19:53:36 +00:00
ip_fw2.c Fix O_IP_FLOW_LOOKUP opcode handling. 2020-05-29 10:37:42 +00:00
ip_fw_bpf.c Eliminate rmlock from ipfw's BPF code. 2019-07-23 12:52:36 +00:00
ip_fw_dynamic.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
ip_fw_eaction.c Fix rule truncation on external action module unloading. 2019-08-15 13:44:33 +00:00
ip_fw_iface.c Revert r316461: Remove "IPFW static rules" rmlock, and use pfil's global lock. 2019-01-31 21:04:50 +00:00
ip_fw_log.c PFIL_MEMPTR for ipfw link level hook 2019-03-14 22:52:16 +00:00
ip_fw_nat.c Use epoch(9) directly instead of obsoleted KPI. 2019-10-14 16:37:41 +00:00
ip_fw_pfil.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
ip_fw_private.h dd ipfw_get_action() function to get the pointer to action opcode. 2019-07-29 15:09:12 +00:00
ip_fw_sockopt.c dd ipfw_get_action() function to get the pointer to action opcode. 2019-07-29 15:09:12 +00:00
ip_fw_table_algo.c ipfw: unbreak matching with big table type flow. 2020-06-04 14:15:39 +00:00
ip_fw_table_value.c ipfw: Don't rollback state in alloc_table_vidx() if atomicity is not required. 2019-12-19 10:22:16 +00:00
ip_fw_table.c ipfw: Don't rollback state in alloc_table_vidx() if atomicity is not required. 2019-12-19 10:22:16 +00:00
ip_fw_table.h ipfw: Don't rollback state in alloc_table_vidx() if atomicity is not required. 2019-12-19 10:22:16 +00:00