From ae873d8d583cd59060708e0e9dbd5d0c8ffa8428 Mon Sep 17 00:00:00 2001 From: bdrewery Date: Fri, 4 Dec 2015 17:33:33 +0000 Subject: [PATCH] MFC r291001: ipfw: Fix dynamic IPv6 rules showing junk for non-specified address masks. Relnotes: yes git-svn-id: svn://svn.freebsd.org/base/stable/10@291772 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/netpfil/ipfw/ip_fw_dynamic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index a166d1219..81c1b2c7e 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -715,6 +715,9 @@ ipfw_install_state(struct ip_fw *rule, ipfw_insn_limit *cmd, id.fib = M_GETFIB(args->m); if (IS_IP6_FLOW_ID (&(args->f_id))) { + bzero(&id.src_ip6, sizeof(id.src_ip6)); + bzero(&id.dst_ip6, sizeof(id.dst_ip6)); + if (limit_mask & DYN_SRC_ADDR) id.src_ip6 = args->f_id.src_ip6; if (limit_mask & DYN_DST_ADDR) -- 2.45.0