Diffusion FreeBSD src repository c0382512bfce

ipfw: pmod: avoid further rule processing after tcp-mod failures
c0382512bfce
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

ipfw: pmod: avoid further rule processing after tcp-mod failures

m_pullup() here will have freed the mbuf chain, but we pass back an
IP_FW_DENY without any signal that the outer loop should finish. Thus,
rule processing continues without an mbuf and there's a chance that we
conclude that the packet may pass (but there's no mbuf remaining)
depending on the rules that follow it.

PR: 284606
Reviewed by: ae
MFC after: 1 week

Details

Provenance

Authored on Nov 1 2025, 5:34 PM

Parents

rG0726d6e87ad5: vchiq: fix compilation error on armv7 in CI and local armv7 builds

Branches

Unknown

Tags

Unknown

Event Timeline

kevans committed rGc0382512bfce: ipfw: pmod: avoid further rule processing after tcp-mod failures (authored by kevans).Nov 1 2025, 5:34 PM

kevans mentioned this in rG21d55ae111aa: ipfw: pmod: avoid further rule processing after tcp-mod failures.Nov 4 2025, 12:53 AM

kevans mentioned this in rGdeb684f9d1d6: ipfw: pmod: avoid further rule processing after tcp-mod failures.

kevans mentioned this in rG94360584542a: ipfw: pmod: avoid further rule processing after tcp-mod failures.

cperciva mentioned this in rG508f9b68379f: ipfw: pmod: avoid further rule processing after tcp-mod failures.Nov 5 2025, 7:38 PM

markj mentioned this in rG60026b06366f: ipfw: pmod: avoid further rule processing after tcp-mod failures.Tue, Dec 16, 11:43 PM

markj mentioned this in rGc0cb68169beb: ipfw: pmod: avoid further rule processing after tcp-mod failures.

Changes (1)

Path

Size

sys/

netpfil/

ipfw/

pmod/

rGc0382512bfce

sys/netpfil/ipfw/pmod/tcpmod.c

Loading...