Date: Thu, 15 Aug 2019 13:44:33 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r351071 - head/sys/netpfil/ipfw Message-ID: <201908151344.x7FDiXLC092328@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Aug 15 13:44:33 2019 New Revision: 351071 URL: https://svnweb.freebsd.org/changeset/base/351071 Log: Fix rule truncation on external action module unloading. Obtained from: Yandex LLC MFC after: 1 week Sponsored by: Yandex LLC Modified: head/sys/netpfil/ipfw/ip_fw_eaction.c Modified: head/sys/netpfil/ipfw/ip_fw_eaction.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_eaction.c Thu Aug 15 13:27:57 2019 (r351070) +++ head/sys/netpfil/ipfw/ip_fw_eaction.c Thu Aug 15 13:44:33 2019 (r351071) @@ -391,19 +391,19 @@ ipfw_reset_eaction(struct ip_fw_chain *ch, struct ip_f cmd->arg1 != eaction_id) return (0); /* - * If instance_id is specified, we need to truncate the - * rule length. Check if there is O_EXTERNAL_INSTANCE opcode. + * Check if there is O_EXTERNAL_INSTANCE opcode, we need + * to truncate the rule length. * * NOTE: F_LEN(cmd) must be 1 for O_EXTERNAL_ACTION opcode, * and rule length should be enough to keep O_EXTERNAL_INSTANCE * opcode, thus we do check for l > 1. */ l = rule->cmd + rule->cmd_len - cmd; - if (instance_id != 0 && l > 1) { + if (l > 1) { MPASS(F_LEN(cmd) == 1); icmd = cmd + 1; - if (icmd->opcode != O_EXTERNAL_INSTANCE || - icmd->arg1 != instance_id) + if (icmd->opcode == O_EXTERNAL_INSTANCE && + instance_id != 0 && icmd->arg1 != instance_id) return (0); /* * Since named_object related to this instance will be
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908151344.x7FDiXLC092328>