From owner-svn-src-stable-11@freebsd.org  Fri Apr  7 10:45:29 2017
Return-Path: <owner-svn-src-stable-11@freebsd.org>
Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 740ADD32983;
 Fri,  7 Apr 2017 10:45:29 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 45AC6AD5;
 Fri,  7 Apr 2017 10:45:29 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v37AjShT095988;
 Fri, 7 Apr 2017 10:45:28 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v37AjSur095987;
 Fri, 7 Apr 2017 10:45:28 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201704071045.v37AjSur095987@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Fri, 7 Apr 2017 10:45:28 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r316605 - stable/11/sys/netpfil/ipfw
X-SVN-Group: stable-11
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-11@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for only the 11-stable src tree
 <svn-src-stable-11.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-11>, 
 <mailto:svn-src-stable-11-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-11/>
List-Post: <mailto:svn-src-stable-11@freebsd.org>
List-Help: <mailto:svn-src-stable-11-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-11>, 
 <mailto:svn-src-stable-11-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 10:45:29 -0000

Author: ae
Date: Fri Apr  7 10:45:28 2017
New Revision: 316605
URL: https://svnweb.freebsd.org/changeset/base/316605

Log:
  MFC r316329:
    Reset the cached state of last lookup in the dynamic states when an
    external action is completed, but the rule search is continued.
  
    External action handler can change the content of @args argument,
    that is used for dynamic state lookup. Enforce the new lookup to be able
    install new state, when the search is continued.
  
    Obtained from:	Yandex LLC
    Sponsored by:	Yandex LLC

Modified:
  stable/11/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw2.c	Fri Apr  7 09:13:26 2017	(r316604)
+++ stable/11/sys/netpfil/ipfw/ip_fw2.c	Fri Apr  7 10:45:28 2017	(r316605)
@@ -2616,8 +2616,17 @@ do {								\
 				 * consider this as rule matching and
 				 * update counters.
 				 */
-				if (retval == 0 && done == 0)
+				if (retval == 0 && done == 0) {
 					IPFW_INC_RULE_COUNTER(f, pktlen);
+					/*
+					 * Reset the result of the last
+					 * dynamic state lookup.
+					 * External action can change
+					 * @args content, and it may be
+					 * used for new state lookup later.
+					 */
+					dyn_dir = MATCH_UNKNOWN;
+				}
 				break;
 
 			default: