ipfw: unbreak matching with big table type flow.
Test case:
# n=32769
# ipfw -q table 1 create type flow:proto,dst-ip,dst-port
# jot -w 'table 1 add tcp,127.0.0.1,' $n 1 | ipfw -q /dev/stdin
# ipfw -q add 5 unreach filter-prohib flow 'table(1)'
The rule 5 matches nothing without the fix if n>=32769.
With the fix, it works:
# telnet localhost 10001
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Permission denied
telnet: Unable to connect to remote host
MFC after: 2 weeks
Discussed with: ae, melifaro
47cb0632e8