From nobody Thu Apr 23 11:46:45 2026
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g1Z7T55jfz6ZXhs
	for <dev-commits-src-main@mlmmj.nyi.freebsd.org>; Thu, 23 Apr 2026 11:46:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4g1Z7T4SKJz3JKV
	for <dev-commits-src-main@FreeBSD.org>; Thu, 23 Apr 2026 11:46:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1776944805;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0tTWi0GdrUBzHpaz98TC/t3FV2plBfec1joiGK/oT1U=;
	b=BXHXdu+0OtHpeKjFPxCJHm2GNWpcmTNm+jpQRmGzIDgJMtpyxEA2yQAJlJBhPaV7auDJob
	NHUNyOwkMkknmCd8K9BhuiE7xAjy1dOFuHturty7YqlqIRbDOvPNB3MrevShaDZbepoV4p
	sfajbgs3fLwhsQ2JjGi3ZczZgdDtV36e7mh3jg6kC51zxzUs7rFC575icNvYkaWu2uHTIl
	rRChbVGmek6M3WHGp0iR7EeUQcZyHc6uquieCXqrxi5F3JGRs85wno4oZD2toJ3MLgVPLv
	tvBvpCSJyjJUhAXzSp8MMwSvS28gROuAk7ENkuT8EL7+pZTGYtaetC0ncmcttQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1776944805; a=rsa-sha256; cv=none;
	b=hrVkPD5GBNgVnDVNLI7GZl5rZXio7WQ3p81K398Aig2MbEpMxxu5eI2OLqzHgqcmoHbhsY
	S425ISGU/iT7rXqs2e+dnlLq49vn7pSNeaPVsQnQWaRDjvsbY3qx1PLvBV9K8YANI0YOFz
	FOtCgy55bVrwE7ck1/g3dew9MDgLJyn3AB2NQSiNJw+aondAoQoIei0onUXzEo6U//nNOb
	rQFZiVN9+U+/arzEEFuN/vUsutUDGPxv3GVQpXQXwZsmVGBKfnrT1CCJ+IeFAls9Ui6FVx
	CyeM8w+D8vtjmLjZHRJdsW1flyzszSoZgh8jyPbKYjPgQlM9ZCGs8R73CRHmHw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1776944805;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0tTWi0GdrUBzHpaz98TC/t3FV2plBfec1joiGK/oT1U=;
	b=g9xNyYU2zrhAkDS4Tc0B2vVvQ0ZQV0Ip4BsxWMNz0b6S8GPGvBk312M7ALExH36IbZXOUb
	OxV7DqNISbrS/QHBr9OhSd246vIr3oABopqax3iXXPobAb16m6v1uO2Tz+8R1htpUhxMrB
	BK7JjtJDHGiXA8txPieo+ErVCIyglCKWX0Yty+xl3pUfmooCcdYPtseAE8SXHRNyvlJ4DH
	tP/gqqaWq0OcCbmO/9dgra4dkGSWt1ZCzcP8hNo0COdyGrfM5f+te56VxWdSiNGaOImdx9
	7FtqBzEkqAqdUOn2mpg/dhT0KxxE/61NdLWjW07w9ybOm8Ef0ZqHwZ1tGbflOg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g1Z7T43Fpz1Cx
	for <dev-commits-src-main@FreeBSD.org>; Thu, 23 Apr 2026 11:46:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 45d4e
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 23 Apr 2026 11:46:45 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: fb8383527517 - main - pf: fix duplicate rule detection for automatic tables
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: fb838352751767e756bd45cd2040fa464ed4de20
Auto-Submitted: auto-generated
Date: Thu, 23 Apr 2026 11:46:45 +0000
Message-Id: <69ea06a5.45d4e.2f934756@gitrepo.freebsd.org>

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=fb838352751767e756bd45cd2040fa464ed4de20

commit fb838352751767e756bd45cd2040fa464ed4de20
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-04-09 16:11:41 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-04-23 09:11:38 +0000

    pf: fix duplicate rule detection for automatic tables
    
    We should look at the table name for automatic tables as well. These
    are different tables, so the rules using them are (or can be) different
    as well.
    
    MFC after:      3 days
    Reported by:    Michael Sinatra <michael@burnttofu.net>
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf_ioctl.c          |  4 +---
 tests/sys/netpfil/pf/pass_block.sh | 42 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 586d896d0e2d..d3e60b137c1a 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1354,9 +1354,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr)
 			PF_MD5_UPD(pfr, addr.iflags);
 			break;
 		case PF_ADDR_TABLE:
-			if (strncmp(pfr->addr.v.tblname, PF_OPTIMIZER_TABLE_PFX,
-			    strlen(PF_OPTIMIZER_TABLE_PFX)))
-				PF_MD5_UPD(pfr, addr.v.tblname);
+			PF_MD5_UPD(pfr, addr.v.tblname);
 			break;
 		case PF_ADDR_ADDRMASK:
 		case PF_ADDR_RANGE:
diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh
index f6d973de7cf4..a5cd04f1db22 100644
--- a/tests/sys/netpfil/pf/pass_block.sh
+++ b/tests/sys/netpfil/pf/pass_block.sh
@@ -488,6 +488,47 @@ addr_range_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "auto_tables" "cleanup"
+auto_tables_head()
+{
+	atf_set descr 'Test rulesets with different automatic tables'
+	atf_set require.user root
+}
+
+auto_tables_body()
+{
+	pft_init
+
+	epair=$(vnet_mkepair)
+	ifconfig ${epair}b 192.0.2.2/24 up
+
+	vnet_mkjail alcatraz ${epair}a
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	# Sanity check
+	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+	    "set ruleset-optimization basic" \
+	    "test_a = \"203.0.113.1 203.0.113.2 203.0.113.3 203.0.113.4
+	        203.0.113.5 203.0.113.6 203.0.113.7 203.0.113.8 203.0.113.9
+	        203.0.113.10\"" \
+	    "test_b = \"192.0.2.1 192.0.2.2 192.0.2.3 192.0.2.4 192.0.2.5
+	        192.0.2.6 192.0.2.7 192.0.2.8 192.0.2.9 192.0.2.10\"" \
+	    "block" \
+	    "pass inet from any to { \$test_a }" \
+	    "pass inet from 198.51.100.1 to 198.51.100.2 no state" \
+	    "pass inet from any to { \$test_b }"
+
+	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
+}
+
+auto_tables_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "enable_disable"
@@ -500,4 +541,5 @@ atf_init_test_cases()
 	atf_add_test_case "optimize_any"
 	atf_add_test_case "any_if"
 	atf_add_test_case "addr_range"
+	atf_add_test_case "auto_tables"
 }