ipfw: forbid add keep-state rules that depend from tablearg
ClosedPublic
Actions

Authored by ae on Jul 22 2025, 8:03 AM.

Details

Reviewers

glebius
melifaro
zlei

Commits

rG91ed876385d4: ipfw: forbid adding keep-state rules that depend on tablearg

Summary

tablearg is determined after making table lookup. When we applying
rule action that uses dynamic state, such lookup was not done and
thus action can not determine what table and what value should be used.
Instead we check such rules when they are added and return error.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

ae created this revision.Jul 22 2025, 8:03 AM

ae held this revision as a draft.

Herald added subscribers: vegeta_tuxpowered.net, glebius, donner and 2 others. · View Herald TranscriptJul 22 2025, 8:03 AM

Harbormaster completed remote builds in B65611: Diff 158886.Jul 22 2025, 8:03 AM

ae published this revision for review.Jul 22 2025, 8:04 AM

ae added reviewers: glebius, melifaro, zlei.

ae retitled this revision from ipfw: forbid add keep-state rules that depends from tablearg to ipfw: forbid add keep-state rules that depend from tablearg.

This revision was not accepted when it landed; it landed in state Needs Review.Aug 3 2025, 9:53 AM

Closed by commit rG91ed876385d4: ipfw: forbid adding keep-state rules that depend on tablearg (authored by ae). · Explain Why

This revision was automatically updated to reflect the committed changes.

ae added a commit: rG91ed876385d4: ipfw: forbid adding keep-state rules that depend on tablearg.