FreeBSD Bugzilla – Attachment 205851 Details for
Bug 238796
ipfilter: failure to detect the same rules when arguments ordered differently
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
This should fix this PR.
PR238796.diff (text/plain), 2.67 KB, created by
Cy Schubert
on 2019-07-17 19:58:03 UTC
(
hide
)
Description:
This should fix this PR.
Filename:
MIME Type:
Creator:
Cy Schubert
Created:
2019-07-17 19:58:03 UTC
Size:
2.67 KB
patch
obsolete
>diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c >index f1c2e34e0cf..ebc8310c403 100644 >--- a/sys/contrib/ipfilter/netinet/fil.c >+++ b/sys/contrib/ipfilter/netinet/fil.c >@@ -4418,6 +4418,31 @@ ipf_matchicmpqueryreply(v, ic, icmp, rev) > } > > >+/* ------------------------------------------------------------------------ */ >+/* Function: ipf_ifnames_cmp */ >+/* Parameters: fr1(I) - first rule structure to compare */ >+/* fr2(I) - second rule structure to compare */ >+/* Returns: int - 0 == rules are the same, 1 == mismatch */ >+/* */ >+/* Compare two ifnames within frentry structures and return 0 if they */ >+/* match or 1 if they do not. */ >+/* ------------------------------------------------------------------------ */ >+static int >+ipf_ifnames_cmp(const frentry_t *fr1, const frentry_t *fr2) >+{ >+ int i, rc = 0; >+ >+ for (i = 0; i < 4; i++) { >+ if ((!fr1->fr_ifnames[i] && !fr2->fr_ifnames[i]) || >+ strcmp(FR_NAME(fr1, fr_ifnames[i]), >+ FR_NAME(fr2, fr_ifnames[i])) == 0) >+ continue; >+ rc = 1; >+ } >+ return (rc); >+} >+ >+ > /* ------------------------------------------------------------------------ */ > /* Function: ipf_rule_compare */ > /* Parameters: fr1(I) - first rule structure to compare */ >@@ -4439,13 +4464,15 @@ ipf_rule_compare(frentry_t *fr1, frentry_t *fr2) > if (bcmp((char *)&fr1->fr_func, (char *)&fr2->fr_func, FR_CMPSIZ(fr1)) > != 0) > return (4); >+ if (ipf_ifnames_cmp(fr1, fr2) != 0) >+ return (5); > if (!fr1->fr_data && !fr2->fr_data) > return (0); /* move along, nothing to see here */ > if (fr1->fr_data && fr2->fr_data) { > if (bcmp(fr1->fr_caddr, fr2->fr_caddr, fr1->fr_dsize) == 0) > return (0); /* same */ > } >- return (5); >+ return (6); > } > > >diff --git a/sys/contrib/ipfilter/netinet/ip_fil.h b/sys/contrib/ipfilter/netinet/ip_fil.h >index f4ffa53391c..8d3f114e4b0 100644 >--- a/sys/contrib/ipfilter/netinet/ip_fil.h >+++ b/sys/contrib/ipfilter/netinet/ip_fil.h >@@ -718,6 +718,7 @@ typedef struct frentry { > fripf_t *fru_ipf; > frentfunc_t fru_func; > } fr_dun; >+ int fr_ifnames[4]; > > /* > * Fields after this may not change whilst in the kernel. >@@ -735,7 +736,6 @@ typedef struct frentry { > u_char fr_icode; /* return ICMP code */ > int fr_group; /* group to which this rule belongs */ > int fr_grhead; /* group # which this rule starts */ >- int fr_ifnames[4]; > int fr_isctag; > int fr_rpc; /* XID Filtering */ > ipftag_t fr_nattag;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=205851">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 238796
:
205322
|
205341
|
205744
|
205808
|
205851
|
206344
|
206385