Date: Mon, 6 Oct 2025 21:35:38 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 8fecb09bc58e - main - pfctl: store correct ticket type Message-ID: <202510062135.596LZcv6045294@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8fecb09bc58ea39833b57c88637036124d71e0ce commit 8fecb09bc58ea39833b57c88637036124d71e0ce Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-10-06 09:45:59 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-10-06 21:35:29 +0000 pfctl: store correct ticket type When loading a new rule only persist the ticket if we're actually looking at a filter rule. We need that ticket type later if we have to create tables, but we need the ticket for the correct ruleset. Fixes: 9dfc5e03da50 ("pfctl: allow tables to be defined inside anchors") Reported by: Florian Smeets <flo@smeets.xyz> MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 21562fa03e0d..998148f5e75f 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2183,6 +2183,7 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) { u_int8_t rs_num = pf_get_ruleset_number(r->action); char *name; + uint32_t ticket; char anchor[PF_ANCHOR_NAME_SIZE]; int len = strlen(path); int error; @@ -2192,7 +2193,9 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) if ((pf->opts & PF_OPT_NOACTION) == 0) { if (pf->trans == NULL) errx(1, "pfctl_load_rule: no transaction"); - pf->anchor->ruleset.tticket = pfctl_get_ticket(pf->trans, rs_num, path); + ticket = pfctl_get_ticket(pf->trans, rs_num, path); + if (rs_num == PF_RULESET_FILTER) + pf->anchor->ruleset.tticket = ticket; } if (strlcpy(anchor, path, sizeof(anchor)) >= sizeof(anchor)) errx(1, "pfctl_load_rule: strlcpy"); @@ -2225,7 +2228,7 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) return (1); if (pfctl_add_pool(pf, &r->route, PF_RT)) return (1); - error = pfctl_add_rule_h(pf->h, r, anchor, name, pf->anchor->ruleset.tticket, + error = pfctl_add_rule_h(pf->h, r, anchor, name, ticket, pf->paddr.ticket); switch (error) { case 0:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510062135.596LZcv6045294>