Date: Thu, 12 Dec 2024 18:13:09 +0100 From: FreeBSD User <freebsd@walstatt-de.de> To: "Andrey V. Elsukov" <ae@FreeBSD.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org, freebsd-current@freebsd.org Subject: Re: git: 9ea8d692f4cb - main - ipfw: use only needed TCP flags for state tracking Message-ID: <20241212181336.01db53f2@thor.intern.walstatt.dynvpn.de> In-Reply-To: <202412121306.4BCD6sqR017458@gitrepo.freebsd.org> References: <202412121306.4BCD6sqR017458@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am Thu, 12 Dec 2024 13:06:54 GMT "Andrey V. Elsukov" <ae@FreeBSD.org> schrieb: > The branch main has been updated by ae: > > URL: https://cgit.FreeBSD.org/src/commit/?id=9ea8d692f4cb552902b9e8394260d7f3cf4aefb0 > > commit 9ea8d692f4cb552902b9e8394260d7f3cf4aefb0 > Author: Andrey V. Elsukov <ae@FreeBSD.org> > AuthorDate: 2024-12-12 12:57:45 +0000 > Commit: Andrey V. Elsukov <ae@FreeBSD.org> > CommitDate: 2024-12-12 12:57:45 +0000 > > ipfw: use only needed TCP flags for state tracking > > This fixes stateful firewall failures after adding TH_AE flag > into TH_FLAGS. > > Reported by: ronald > Fixes: 347dd05 > MFC after: 2 weeks > --- > sys/netpfil/ipfw/ip_fw_dynamic.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c > index 34aae71c174b..ff55e3360c13 100644 > --- a/sys/netpfil/ipfw/ip_fw_dynamic.c > +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c > @@ -920,7 +920,8 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int dyn_type, > #define _SEQ_GE(a,b) ((int)((a)-(b)) >= 0) > #define BOTH_SYN (TH_SYN | (TH_SYN << 8)) > #define BOTH_FIN (TH_FIN | (TH_FIN << 8)) > -#define TCP_FLAGS (TH_FLAGS | (TH_FLAGS << 8)) > +#define BOTH_RST (TH_RST | (TH_RST << 8)) > +#define TCP_FLAGS (BOTH_SYN | BOTH_FIN | BOTH_RST) > #define ACK_FWD 0x00010000 /* fwd ack seen */ > #define ACK_REV 0x00020000 /* rev ack seen */ > #define ACK_BOTH (ACK_FWD | ACK_REV) > The problem reported is now also present in 14-STABLE! -- O. Hartmann
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20241212181336.01db53f2>