Date: Sat, 20 Jul 2019 12:02:15 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 238796] ipfilter: failure to detect the same rules when arguments ordered differently Message-ID: <bug-238796-7501-03C7seAw3b@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-238796-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-238796-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238796 --- Comment #30 from WHR <msl0000023508@gmail.com> --- (In reply to Cy Schubert from comment #29) I think this because your patch (attachment 205851) only fixed comparing indexes in 'fr_ifnames', but not indexes in 'fr_tifs' and 'fr_dif'. The order of strings in 'fr_names' doesn't necessary be identical between 2 rule objects that representing same rule; for example the argument for keyw= ard 'on' and 'reply-to' both stored in 'fr_names', but the offsets may differ between 2 objects. The correct comparison should at first check the index numbers in 'fr_tifs'= and 'fr_dif', then compare the actual strings referenced by the indexes, in each rule objects, not the indexes itself. And in you last patch, function ipf_ifnames_cmp: > if ((!fr1->fr_ifnames[i] && !fr2->fr_ifnames[i]) || Testing for 0 is incorrect; shouldn't the invalid index be -1? > rc =3D 1; Why not simply 'return 1;' when a difference is already found? --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238796-7501-03C7seAw3b>