fef510763d
broken ipfilter rule matches (upstream bug #554). The upstream patch was incomplete, it resolved all but one rule compare issue. The issue fixed here is when "{to, reply-to, dup-to} interface" are used in conjuncion with "on interface". The match was only made if the on keyword was specified in the same order in each case referencing the same rule. This commit fixes this. The reason for this is that interface name strings and comment keyword comments are stored in a a variable length field starting at fr_names in the frentry struct. These strings are placed into this variable length in the order they are encountered by ipf_y.y and indexed through index pointers in fr_ifnames, fr_comment or one of the frdest struct fd_name fields. (Three frdest structs are within frentry.) Order matters and this patch takes this into account. While in here it was discovered that though ipfilter is designed to support multiple interface specifiations per rule (up to four), this undocumented (the man page makes no mention of it) feature does not work. A todo is to fix the multiple interfaces feature at a later date. To understand the design decision as to why only four were intended, it is suspected that the decision was made because Sun workstations and PCs rarely if ever exceeded four NICs at the time, this is not true in 2019. PR: 238796 Reported by: WHR <msl0000023508@gmail.com> MFC after: 2 weeks |
||
|---|---|---|
| .. | ||
| alpine-hal | ||
| ck | ||
| cloudabi | ||
| dev | ||
| edk2 | ||
| ena-com | ||
| ipfilter/netinet | ||
| libb2 | ||
| libfdt | ||
| libnv | ||
| libsodium | ||
| ncsw | ||
| ngatm | ||
| octeon-sdk | ||
| rdma/krping | ||
| v4l | ||
| vchiq/interface | ||
| x86emu | ||
| xz-embedded | ||
| zlib | ||
| zstd | ||