From nobody Sat Aug 6 14:43:12 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M0QDw445Zz4Xxqt; Sat, 6 Aug 2022 14:43:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M0QDw3SPCz3H1N; Sat, 6 Aug 2022 14:43:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659796992; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ws4ttFQKZ0PjKs27P+aZ3PKldkoTjxfPjq7GplXb4Bg=; b=mpKJRbzFoddRUsc4BElns2gboTkga5uucYH5ho3yN9yTYvGmBwcIAbx/wMBY0mc6YE8xhy T0+wEc9RXDiUR1wWh3d/kfYBcj9hZOlrATDd8uTO48Mg43jRnJqcv2rsAUDQFFOguls0yJ hM0S0HkT7HBYKoxyHIGAU4KkkJiMo1Sd5OfdI+zV+qhKFJ962qUqzlT1/hUKE0fXkRysx/ tofSEQoGOeDqiP42x0087NQrtfRkQzRti3wTWUouZcwuLYEXwpWvF21lQkJ+DOpJZLy5TP 6o9V+Z/F/wTI6PWQzrjVs/36CcS2235RRvJxXmcAw2QEGSCUa1N0Cd1kMiAa5w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M0QDw2VB6zcsQ; Sat, 6 Aug 2022 14:43:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 276EhCIj034103; Sat, 6 Aug 2022 14:43:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 276EhCdW034102; Sat, 6 Aug 2022 14:43:12 GMT (envelope-from git) Date: Sat, 6 Aug 2022 14:43:12 GMT Message-Id: <202208061443.276EhCdW034102@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 1e73fbd8b289 - main - pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1e73fbd8b28946cb1341b51292082864943f0a89 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659796992; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ws4ttFQKZ0PjKs27P+aZ3PKldkoTjxfPjq7GplXb4Bg=; b=Ps28pZbdMOBwQXhIEIcrWn8MP5IFUeVSWb9rYiYEweLUs13Y3sq3WYB9lOZxF1Fr98MKYE uZ9GZPIj1e8chsLaHnWcQJHDPUwUybsjiqFG0xKrqx1RLzffPqYUuETonrjsyE+qlQ7xgG HRN3lTYCVyafpgJ5/sy/pgtsxHuZWVmyQTRBxFlvtYwBhxwoTk382ho/ywYd6u5h0OXp/7 4NZkk33yXfOXpKB3u5ypZq13BgFg1ADr3Azejv4Nmv848MXxzKM8S+A13KeJdn9xz0Wh8x i/jszrzgaTFjZIA/bNxb4zfOuxPb3q9V8wnhijriMYTGtf0AnNsslXglSZPR/g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659796992; a=rsa-sha256; cv=none; b=nXpwJahqNNbpnj5kvat6GQDn7M1FODsJIzbiPV2kRyAOlBX3H18xnHWqWq/+6koBKe1bX5 6doBoP+aOrzmqwrbfXyA1glheiov922lrxloUG0eEyDjDpvtXztrFcDlNMF6E99HCwS5Dm KRC903B0+CyaLOw2OIpLW2DykJG91wCaqfZID7mU5nreDIc9D7sLl/RxNSSXN3ebGPjrl8 /76Ddznn0Vq/nq9qVxizqVlqbfjmWgcLWH9L/2a+qn8L5G0QvsJgv0xRWKWvBRI7mSvb6V nZaXSojpBOX30l/8BkHG3TU8cecQagwLeUSjYUuH/6TNUEr5Itjt0TIkyqBLIQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1e73fbd8b28946cb1341b51292082864943f0a89 commit 1e73fbd8b28946cb1341b51292082864943f0a89 Author: Franco Fichtner AuthorDate: 2022-08-06 08:59:56 +0000 Commit: Kristof Provost CommitDate: 2022-08-06 12:22:42 +0000 pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash pass inet proto icmp icmp-type {unreach} pass route-to (if0 127.0.0.1/8) sticky-address inet The wrong struct was being tested. The parser tries to prevent "sticky-address sticky-address" syntax but was actually cross-rule enforcing that ICMP filter cannot be before the use of "sticky-address" in next rule. MFC after: 2 weeks Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D36050 --- sbin/pfctl/parse.y | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 506716bca689..7bb6223319c4 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4466,7 +4466,7 @@ pool_opt : BITMASK { pool_opts.staticport = 1; } | STICKYADDRESS { - if (filter_opts.marker & POM_STICKYADDRESS) { + if (pool_opts.marker & POM_STICKYADDRESS) { yyerror("sticky-address cannot be redefined"); YYERROR; }