Fixed incorrrect rule count max check for IPv6 rules

netfoundry · Aug 16, 2024 · 08e2e3d · 08e2e3d
1 parent 6f92a70
commit 08e2e3d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file. The format
 - Added Outbound tracking for IPv4 and IPv6 ICMP Echo
 - Added Masquerade for passthrough icmp echos.
 - Fixed an issue where both the packages and Makefile were limiting egress rule entries to 100 instead of 100000.
+- Fixed issue where incorrect count check was being performed on insert for ipv6 rules to verify if they had reached
+  BPF_MAX_ENTRIES.
 
 ###
 # [0.8.12] - 2024-08-07

diff --git a/src/zfw.c b/src/zfw.c
@@ -311,6 +311,7 @@ void open_range_map();
 void if_list_ext_delete_key(struct port_extension_key key);
 bool interface_map();
 void interface_map6();
+int get_key_count6();
 void close_maps(int code);
 void if_delete_key(uint32_t key);
 void if6_delete_key(uint32_t key);
@@ -3641,7 +3642,7 @@ void map_insert6()
         printf("INSERT FAILURE -- INVALID PORT RANGE: low_port(%u) > high_port(%u)\n", low_port, high_port);
         close_maps(1);
     }
-    if (get_key_count() == BPF_MAX_ENTRIES)
+    if (get_key_count6() == BPF_MAX_ENTRIES)
     {
         printf("INSERT FAILURE -- MAX PREFIX TUPLES REACHED\n");
         close_maps(1);