Author: ae
Date: Thu Aug 15 13:44:33 2019
New Revision: 351071
URL: https://svnweb.freebsd.org/changeset/base/351071
Log:
Fix rule truncation on external action module unloading.
Obtained from: Yandex LLC
MFC after: 1 week
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/ip_fw_eaction.c
Modified: head/sys/netpfil/ipfw/ip_fw_eaction.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_eaction.c Thu Aug 15 13:27:57 2019
(r351070)
+++ head/sys/netpfil/ipfw/ip_fw_eaction.c Thu Aug 15 13:44:33 2019
(r351071)
@@ -391,19 +391,19 @@ ipfw_reset_eaction(struct ip_fw_chain *ch, struct ip_f
cmd->arg1 != eaction_id)
return (0);
/*
- * If instance_id is specified, we need to truncate the
- * rule length. Check if there is O_EXTERNAL_INSTANCE opcode.
+ * Check if there is O_EXTERNAL_INSTANCE opcode, we need
+ * to truncate the rule length.
*
* NOTE: F_LEN(cmd) must be 1 for O_EXTERNAL_ACTION opcode,
* and rule length should be enough to keep O_EXTERNAL_INSTANCE
* opcode, thus we do check for l > 1.
*/
l = rule->cmd + rule->cmd_len - cmd;
- if (instance_id != 0 && l > 1) {
+ if (l > 1) {
MPASS(F_LEN(cmd) == 1);
icmd = cmd + 1;
- if (icmd->opcode != O_EXTERNAL_INSTANCE ||
- icmd->arg1 != instance_id)
+ if (icmd->opcode == O_EXTERNAL_INSTANCE &&
+ instance_id != 0 && icmd->arg1 != instance_id)
return (0);
/*
* Since named_object related to this instance will be
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
