Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Nov 2017 07:05:26 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r326117 - head/sys/netpfil/ipfw
Message-ID:  <201711230705.vAN75QoU051988@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Thu Nov 23 07:05:25 2017
New Revision: 326117
URL: https://svnweb.freebsd.org/changeset/base/326117

Log:
  Check that address family of state matches address family of packet.
  
  If it is not matched avoid comparing other state fields.
  
  Obtained from:	Yandex LLC
  MFC after:	1 week
  Sponsored by:	Yandex LLC

Modified:
  head/sys/netpfil/ipfw/ip_fw_dynamic.c

Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_dynamic.c	Thu Nov 23 06:04:57 2017	(r326116)
+++ head/sys/netpfil/ipfw/ip_fw_dynamic.c	Thu Nov 23 07:05:25 2017	(r326117)
@@ -609,6 +609,9 @@ lookup_dyn_rule_locked(struct ipfw_flow_id *pkt, int i
 		if (q->dyn_type == O_LIMIT_PARENT)
 			continue;
 
+		if (pkt->addr_type != q->id.addr_type)
+			continue;
+
 		if (pkt->proto != q->id.proto)
 			continue;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711230705.vAN75QoU051988>