From nobody Thu Jun 26 13:11:46 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bSfGW4KnSz60Y0l;
	Thu, 26 Jun 2025 13:11:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bSfGW1GTLz3J6w;
	Thu, 26 Jun 2025 13:11:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1750943507;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=au5yGXPR+VCwioD1j28xQ9VsjVB6jvnGq2OyH3LU6Uk=;
	b=oM8tMMNjIuiNkuCt/hnkc7fF4iqEU40cufnVejDLMBHXdxYWgOmc+Ncg1t4UKTx70h4BtK
	qnZ6Xpv4UjxmcNMC9bfk44Zi0X4HoblBHBnDoxbhdMukraC4B//qZSx9CPOLHyZd8GFI4M
	fxnQoIbozELv1zRsSTws4XiKUDt+JQb8eAuAnFPcz3fzHlHxXpii/vKHjxHoDYJ+kSlWnw
	DF298WFv9WWpQdys83WY9wp0QngT+AgOCcugcBASZRDrtA7WL9LJs3Q4FDIvsbaH6ZZdF/
	6Jo5gqhYbNTWUQKYFfhTzXcWOrXSJlIofnJjbBjzl74e/YfMpWG5qqOs4zoqvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1750943507;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=au5yGXPR+VCwioD1j28xQ9VsjVB6jvnGq2OyH3LU6Uk=;
	b=bsm5do6aRtPLzhmridxiDZoSP0gTKWCY6kzugcXuuE6d8RNnK72I1fPtCnyzp/f9IhnNi8
	6pjdCXeR334CB5ZKvC7RKzHJVWxMfjDS69dtaj1mm7V2qyy65wMdM8MPvbaoIYQp4fXPNt
	McrQ++UuLxiG8Bn1dh2redPTxS4AYLnTuk66gqcM86d9WAb30Abk9cDfNs+W/TlAmKt008
	L08/zIhFmS5OgGZYdEePTGM4a2LHcijIq0jh3GWv+f0ExpCxaUQhhpAHo3sdhkNqDEhkFv
	D0HFFFHpjrDd5KidqKCxeD3np1uqkPN2hXku9gDINjG0nN1MRdW7VoW0UuU1Tw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750943507; a=rsa-sha256; cv=none;
	b=fNPjxmdkmZgDjqVEKzOtmhluIf1SO8nzftaPxHHyJ8GMWICxGsRxNibY1apIon2vz5bTij
	Yd5z/Brf62Hye7ACLL5Vx1rA7kb4otfdnVK6vicVOKHuicaEXpWHofgcvr+wL8l5xkkwxv
	nbQYgPOZKUwE3rTl7uZ1bsEKYNwOBP+fy8oIYxq+t5mfDp5hyIaACah0drY8sJnNESLX4q
	JsgAlrw4+LT0FIVVNfv8QzDMApehOXN6cKhKQzNhzZzQ3cinYa7QWcfOna66dEUbUdvzVh
	ETgHMXuhiDzHsWyaj+3yKJlOzUE9kleIwbQ1h+yoTu8d2YYKUd3mIK5zTUWWEw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bSfGW0B0Zz13G7;
	Thu, 26 Jun 2025 13:11:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55QDBk6d022644;
	Thu, 26 Jun 2025 13:11:46 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55QDBkaH022641;
	Thu, 26 Jun 2025 13:11:46 GMT
	(envelope-from git)
Date: Thu, 26 Jun 2025 13:11:46 GMT
Message-Id: <202506261311.55QDBkaH022641@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: fed2e93b0a00 - main - pf: fix regression in pflog
  output
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: fed2e93b0a00b2110d25ffb13da235941a14c505
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=fed2e93b0a00b2110d25ffb13da235941a14c505

commit fed2e93b0a00b2110d25ffb13da235941a14c505
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-06-23 09:36:24 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-06-26 13:11:01 +0000

    pf: fix regression in pflog output
    
    pf_match_rule() must remember current anchor before descents
    towards leaf. it must restore anchor as it ascents towards root.
    Bug pointed out and fix also tested by Matthias Pitzl from genua.
    
    OK bluhm@
    
    Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, 73e0536f0e
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index a40e1744cbc8..6533b06c5d9d 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -4665,9 +4665,9 @@ pf_step_into_anchor(struct pf_test_ctx *ctx, struct pf_krule *r)
 			rv = pf_match_rule(ctx, &child->ruleset);
 			if ((rv == PF_TEST_QUICK) || (rv == PF_TEST_FAIL)) {
 				/*
-				 * we either hit a rule qith quick action
+				 * we either hit a rule with quick action
 				 * (more likely), or hit some runtime
-				 * error (e.g. pool_get() faillure).
+				 * error (e.g. pool_get() failure).
 				 */
 				break;
 			}
@@ -5512,6 +5512,8 @@ pf_match_rule(struct pf_test_ctx *ctx, struct pf_kruleset *ruleset)
 {
 	struct pf_krule_item	*ri;
 	struct pf_krule		*r;
+	struct pf_krule		*save_a;
+	struct pf_kruleset	*save_aruleset;
 	struct pf_pdesc		*pd = ctx->pd;
 	u_short			 transerror;
 
@@ -5681,13 +5683,22 @@ pf_match_rule(struct pf_test_ctx *ctx, struct pf_kruleset *ruleset)
 				break;
 			}
 		} else {
+			save_a = ctx->a;
+			save_aruleset = ctx->aruleset;
+
 			ctx->a = r;			/* remember anchor */
 			ctx->aruleset = ruleset;	/* and its ruleset */
 			if (ctx->a->quick)
 				ctx->test_status = PF_TEST_QUICK;
+			/*
+			 * Note: we don't need to restore if we are not going
+			 * to continue with ruleset evaluation.
+			 */
 			if (pf_step_into_anchor(ctx, r) != PF_TEST_OK) {
 				break;
 			}
+			ctx->a = save_a;
+			ctx->aruleset = save_aruleset;
 		}
 		r = TAILQ_NEXT(r, entries);
 	}