MFC r316329:

Reset the cached state of last lookup in the dynamic states when an external action is completed, but the rule search is continued. External action handler can change the content of @args argument, that is used for dynamic state lookup. Enforce the new lookup to be able install new state, when the search is continued. Obtained from: Yandex LLC Sponsored by: Yandex LLC (cherry picked from commit 7317fc9c0522c902a4a0a67b17c5c5d25d04bff9)
author: ae <ae@FreeBSD.org> 2017-04-07 10:45:28 +0000
committer: Luiz Souza <luiz@netgate.com> 2017-07-15 11:15:33 -0500
commit: 755da72db81475fcf31715ae0cecc49968b8d008 (patch)
tree: 5ed58170498e95b0c57406cb8f1b0dfb7005062b
parent: 6d4158777f7427cfa95335e8af0fab0dba5b25be (diff)
download: FreeBSD-src-755da72db81475fcf31715ae0cecc49968b8d008.zip
FreeBSD-src-755da72db81475fcf31715ae0cecc49968b8d008.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index 2c5eabf..664119a 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -2624,8 +2624,17 @@ do {								\
 				 * consider this as rule matching and
 				 * update counters.
 				 */
-				if (retval == 0 && done == 0)
+				if (retval == 0 && done == 0) {
 					IPFW_INC_RULE_COUNTER(f, pktlen);
+					/*
+					 * Reset the result of the last
+					 * dynamic state lookup.
+					 * External action can change
+					 * @args content, and it may be
+					 * used for new state lookup later.
+					 */
+					dyn_dir = MATCH_UNKNOWN;
+				}
 				break;
 
 			default:
author	ae <ae@FreeBSD.org>	2017-04-07 10:45:28 +0000
committer	Luiz Souza <luiz@netgate.com>	2017-07-15 11:15:33 -0500
commit	755da72db81475fcf31715ae0cecc49968b8d008 (patch)
tree	5ed58170498e95b0c57406cb8f1b0dfb7005062b
parent	6d4158777f7427cfa95335e8af0fab0dba5b25be (diff)
download	FreeBSD-src-755da72db81475fcf31715ae0cecc49968b8d008.zip FreeBSD-src-755da72db81475fcf31715ae0cecc49968b8d008.tar.gz