From owner-svn-src-head@freebsd.org Fri Mar 31 09:26:10 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0AFBED26453; Fri, 31 Mar 2017 09:26:10 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CE5E7EAD; Fri, 31 Mar 2017 09:26:09 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2V9Q8vJ069577; Fri, 31 Mar 2017 09:26:08 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2V9Q8ip069576; Fri, 31 Mar 2017 09:26:08 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201703310926.v2V9Q8ip069576@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Fri, 31 Mar 2017 09:26:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r316329 - head/sys/netpfil/ipfw X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2017 09:26:10 -0000 Author: ae Date: Fri Mar 31 09:26:08 2017 New Revision: 316329 URL: https://svnweb.freebsd.org/changeset/base/316329 Log: Reset the cached state of last lookup in the dynamic states when an external action is completed, but the rule search is continued. External action handler can change the content of @args argument, that is used for dynamic state lookup. Enforce the new lookup to be able install new state, when the search is continued. Obtained from: Yandex LLC MFC after: 1 week Sponsored by: Yandex LLC Modified: head/sys/netpfil/ipfw/ip_fw2.c Modified: head/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw2.c Fri Mar 31 09:10:05 2017 (r316328) +++ head/sys/netpfil/ipfw/ip_fw2.c Fri Mar 31 09:26:08 2017 (r316329) @@ -2616,8 +2616,17 @@ do { \ * consider this as rule matching and * update counters. */ - if (retval == 0 && done == 0) + if (retval == 0 && done == 0) { IPFW_INC_RULE_COUNTER(f, pktlen); + /* + * Reset the result of the last + * dynamic state lookup. + * External action can change + * @args content, and it may be + * used for new state lookup later. + */ + dyn_dir = MATCH_UNKNOWN; + } break; default: