Diffusion FreeBSD src repository 91ed876385d4

ipfw: forbid adding keep-state rules that depend on tablearg
91ed876385d4
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

ipfw: forbid adding keep-state rules that depend on tablearg

tablearg value is determined after making table lookup. When we
applying rule action that uses dynamic state, such lookup was
not done and thus rule action can not determine what table and
what value should be used as tablearg.
To prevent this add check for such rules and return error when
they are added.

Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D51458

Details

Provenance

ae	Authored on Jul 22 2025, 8:02 AM

Differential Revision

D51458: ipfw: forbid add keep-state rules that depend from tablearg

Parents

rG12e61c31dbd5: ipfw: add numeric initializers to enum ipfw_opcodes

Branches

Unknown

Tags

Unknown

Event Timeline

ae committed rG91ed876385d4: ipfw: forbid adding keep-state rules that depend on tablearg (authored by ae).Aug 3 2025, 9:46 AM

ae added an edge: D51458: ipfw: forbid add keep-state rules that depend from tablearg.Aug 3 2025, 9:53 AM

Changes (2)

Path

Size

sys/

netpfil/

ipfw/

ip_fw_private.h

ip_fw_sockopt.c

rG91ed876385d4

sys/netpfil/ipfw/ip_fw_private.h

Loading...

sys/netpfil/ipfw/ip_fw_sockopt.c

Loading...