From nobody Sat Jul 12 13:38:59 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bfV6W58whz61stk; Sat, 12 Jul 2025 13:38:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bfV6W1lP7z3CmD; Sat, 12 Jul 2025 13:38:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1752327539; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wQfmzB2jnVastGX9Kro1/jI2dZ4mmcFEi57YUclnK3U=; b=a3KwwVAkFruhm40Qmq9qGtIHqJmcZJba6dqRwd9BqpIXd7sEqLNuWO6VP+s8F5w1w24S/X hNA9yOLRdIDQnJOmmlgZXqyyEpUm+WdTwaMM9JlWalW4QahNICb8EyTrZlvPC07mRJe8Ko krG//B9s5T9qhHk1DJjVnmgNUCI19+40VQBZHZE4DNwEWtiGcU7O4q0BbdYUmYrho4r2J9 eGWbkBS27WIOwLhQfcfLI4s2sJKAe9NsxHT0EsXgJYLZZj33CT7xgBvi7A1HoUFst1v0CB 3Ahqht9Jio2U5XgJ8JfBnEyGvEJ8k2Z6lLOEsUGjqQxAmpeveOwOrr3fquLdpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1752327539; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wQfmzB2jnVastGX9Kro1/jI2dZ4mmcFEi57YUclnK3U=; b=jV+xDVwTsd/Q12t+PNPFG6mqz2+AuUb4yROuz+TsKh8c1coOsSmT6SHSj8xQe+cWG1WwyZ JuoBiSv4sI6Rhu9LfFp2zD8p3ZDZswY5yKfUTKgEgIeIvJTrF37VF30Lr2dW0SZm5h6Qtf TdRUvmVQEtzc6giBbZM4y+zpzLG5TDP9LU0Hqowb1rkRHKdRoO/UX0LAjT510ZEo19xNPM hA4zmrgFCAbEOz4Ck6pUAxfIC0gIv4IKOtWm48F3fTFc85Xu/0koqCyUKc9ZstQ5rWLQGp WQES2tgmrSVismpl1MS7UbrkjE6dDDkCkwgXF9FpMV3m6iqD/zd1PL0WSMwSUw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1752327539; a=rsa-sha256; cv=none; b=mvYEdvL9rjdXtxNqWFTEniSS1BqY09qt8zzeieS6hlTSxuUG2C35z7qxMH+okojwUATKUf w2+vSzeQIKLegy+Td8UviES5v9P43nz0HlYrjAhwgHpQZ0lDXY4Xd/Mxuqh+PI27XamLuL jBDQ1svnkGTTlMWOChD480IJqSUMwq0x8gAGI0iiDFSpJbAQyxPzsSEjdI3tsQiJriPGkZ y+l23uLGqPsJ7jAAbvKdA1yurDgvnkGA7LnHV9Wh/WWkmCwVVBwbX9G9vxYhE4XlRGEiz/ BNVRUEbp46Ox/ubZRzCSIZZljNpgoTQLC8vij8zRJLIPu9RXhQaiMyY7rlZmjQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bfV6W1J8bz9H2; Sat, 12 Jul 2025 13:38:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 56CDcx71089180; Sat, 12 Jul 2025 13:38:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 56CDcxpo089177; Sat, 12 Jul 2025 13:38:59 GMT (envelope-from git) Date: Sat, 12 Jul 2025 13:38:59 GMT Message-Id: <202507121338.56CDcxpo089177@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 116eabaa0b5d - main - pf: when calculating the ruleset's checksum, skip automatic table names. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 116eabaa0b5df490be19715fc032affbcda3f016 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=116eabaa0b5df490be19715fc032affbcda3f016 commit 116eabaa0b5df490be19715fc032affbcda3f016 Author: Kristof Provost AuthorDate: 2025-07-07 09:40:49 +0000 Commit: Kristof Provost CommitDate: 2025-07-12 09:57:52 +0000 pf: when calculating the ruleset's checksum, skip automatic table names. the checksum is exclusively used for pfsync to verify rulesets are identical on all nodes. the automatic table names are random and have a near zero chance to match. found at a customer in zurich ok sashan kn Obtained from: OpenBSD, henning , 7f1a6fd2a8 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index c96741023db9..c14211edf10f 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1274,7 +1274,9 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.iflags); break; case PF_ADDR_TABLE: - PF_MD5_UPD(pfr, addr.v.tblname); + if (strncmp(pfr->addr.v.tblname, PF_OPTIMIZER_TABLE_PFX, + strlen(PF_OPTIMIZER_TABLE_PFX))) + PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: /* XXX ignore af? */