Date: Thu, 4 Jun 2020 14:15:39 +0000 (UTC) From: Eugene Grosbein <eugen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361789 - head/sys/netpfil/ipfw Message-ID: <202006041415.054EFdlu029197@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eugen Date: Thu Jun 4 14:15:39 2020 New Revision: 361789 URL: https://svnweb.freebsd.org/changeset/base/361789 Log: ipfw: unbreak matching with big table type flow. Test case: # n=32769 # ipfw -q table 1 create type flow:proto,dst-ip,dst-port # jot -w 'table 1 add tcp,127.0.0.1,' $n 1 | ipfw -q /dev/stdin # ipfw -q add 5 unreach filter-prohib flow 'table(1)' The rule 5 matches nothing without the fix if n>=32769. With the fix, it works: # telnet localhost 10001 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Permission denied telnet: Unable to connect to remote host MFC after: 2 weeks Discussed with: ae, melifaro Modified: head/sys/netpfil/ipfw/ip_fw_table_algo.c Modified: head/sys/netpfil/ipfw/ip_fw_table_algo.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_table_algo.c Thu Jun 4 13:18:21 2020 (r361788) +++ head/sys/netpfil/ipfw/ip_fw_table_algo.c Thu Jun 4 14:15:39 2020 (r361789) @@ -3204,7 +3204,8 @@ ta_lookup_fhash(struct table_info *ti, void *key, uint struct fhashentry *ent; struct fhashentry4 *m4; struct ipfw_flow_id *id; - uint16_t hash, hsize; + uint32_t hsize; + uint16_t hash; id = (struct ipfw_flow_id *)key; head = (struct fhashbhead *)ti->state;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006041415.054EFdlu029197>