Date: Tue, 21 Jan 2025 11:46:39 GMT From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: e98f79cc71a3 - stable/13 - ipfw: use only needed TCP flags for state tracking Message-ID: <202501211146.50LBkdsa085705@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=e98f79cc71a35c25a83788f8ac9ba3375baaf149 commit e98f79cc71a35c25a83788f8ac9ba3375baaf149 Author: Andrey V. Elsukov <ae@FreeBSD.org> AuthorDate: 2024-12-12 12:57:45 +0000 Commit: Andrey V. Elsukov <ae@FreeBSD.org> CommitDate: 2025-01-21 11:45:09 +0000 ipfw: use only needed TCP flags for state tracking This fixes stateful firewall failures after adding TH_AE flag into TH_FLAGS. Reported by: ronald Fixes: 347dd05 (cherry picked from commit 9ea8d692f4cb552902b9e8394260d7f3cf4aefb0) --- sys/netpfil/ipfw/ip_fw_dynamic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 29ffe4f320ab..a100101f87d4 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -920,7 +920,8 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int dyn_type, #define _SEQ_GE(a,b) ((int)((a)-(b)) >= 0) #define BOTH_SYN (TH_SYN | (TH_SYN << 8)) #define BOTH_FIN (TH_FIN | (TH_FIN << 8)) -#define TCP_FLAGS (TH_FLAGS | (TH_FLAGS << 8)) +#define BOTH_RST (TH_RST | (TH_RST << 8)) +#define TCP_FLAGS (BOTH_SYN | BOTH_FIN | BOTH_RST) #define ACK_FWD 0x00010000 /* fwd ack seen */ #define ACK_REV 0x00020000 /* rev ack seen */ #define ACK_BOTH (ACK_FWD | ACK_REV)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501211146.50LBkdsa085705>