Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Jul 2025 15:08:04 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 0ccf78da3bd4 - main - pfctl: Always check for namespace collisions on table commands
Message-ID:  <202507071508.567F84OP016926@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=0ccf78da3bd4f273f203deb4c237d1a3c046fac0

commit 0ccf78da3bd4f273f203deb4c237d1a3c046fac0
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-02 15:08:33 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-07 15:06:51 +0000

    pfctl: Always check for namespace collisions on table commands
    
    `-t table -T add|replace ...' would only check for duplicate tables in case
    addresses where actually to the table.
    
    Instead of using a positive number of added addresses as prove for
    successful table operations, rely on the fact that CREATE_TABLE() is
    guaranteed to be called only if pf(4) can be accessed, that is
    warn_duplicate_tables() will return.
    
    This improves duplicate detection rate as warnings are now also emitted
    even when table commands eventually leave tables unchanged.
    
    OK benno sashan
    
    Obtained from:  OpenBSD, kn <kn@openbsd.org>, 898866c293
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl_table.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c
index d1f20761a4f4..0842b042df41 100644
--- a/sbin/pfctl/pfctl_table.c
+++ b/sbin/pfctl/pfctl_table.c
@@ -85,6 +85,8 @@ static const char	*istats_text[2][2][2] = {
 	} while (0)
 
 #define CREATE_TABLE do {						\
+		warn_duplicate_tables(table.pfrt_name,			\
+		    table.pfrt_anchor);					\
 		table.pfrt_flags |= PFR_TFLAG_PERSIST;			\
 		if ((!(opts & PF_OPT_NOACTION) ||			\
 		    (opts & PF_OPT_DUMMYACTION)) &&			\
@@ -94,8 +96,6 @@ static const char	*istats_text[2][2][2] = {
 			goto _error;					\
 		}							\
 		if (nadd) {						\
-			warn_duplicate_tables(table.pfrt_name,		\
-			    table.pfrt_anchor);				\
 			xprintf(opts, "%d table created", nadd);	\
 			if (opts & PF_OPT_NOACTION)			\
 				return (0);				\

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202507071508.567F84OP016926>