ipfw: unbreak matching with big table type flow.

Test case: # n=32769 # ipfw -q table 1 create type flow:proto,dst-ip,dst-port # jot -w 'table 1 add tcp,127.0.0.1,' $n 1 | ipfw -q /dev/stdin # ipfw -q add 5 unreach filter-prohib flow 'table(1)' The rule 5 matches nothing without the fix if n>=32769. With the fix, it works: # telnet localhost 10001 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Permission denied telnet: Unable to connect to remote host MFC after: 2 weeks Discussed with: ae, melifaro
2020-06-04 14:15:39 +00:00 · 2020-06-04 14:15:39 +00:00 · 47cb0632e8
commit 47cb0632e8
parent e84d431622
1 changed files with 2 additions and 1 deletions
--- a/sys/netpfil/ipfw/ip_fw_table_algo.c
+++ b/sys/netpfil/ipfw/ip_fw_table_algo.c
@ -3204,7 +3204,8 @@ ta_lookup_fhash(struct table_info *ti, void *key, uint32_t keylen,
 	struct fhashentry *ent;
 	struct fhashentry4 *m4;
 	struct ipfw_flow_id *id;
-	uint16_t hash, hsize;
+	uint32_t hsize;
+	uint16_t hash;

 	id = (struct ipfw_flow_id *)key;
 	head = (struct fhashbhead *)ti->state;