From nobody Mon Oct 6 21:35:38 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cgXcp2y7xz6BcMd; Mon, 06 Oct 2025 21:35:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cgXcp2Lpbz3T59; Mon, 06 Oct 2025 21:35:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1759786538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cbZ6RbwsUVUOhKcKYIEvOHKkLNx+mxUoITGcuKkvhuk=; b=tvJYQWTCyWBJdmU+/bpQef09duxO/dYPrR4/qcOKXiyrytFpxs1S1JmEaqQ90UaC42IDKm c/XCaIJ6ETu5uMhq6UysCKu8Fqhqb/TqnWHigGoVseQELc5Nd1uwQc3+GidNWF0zOYgfrk XTuxNDQsLnnvjsm1TcpZxPEPEA0FwEDKKlqi/IBj3uNqKfuYYTgXj2vPSxsyDKKKH/6j18 FwRO/FBdMm+nKg5Jq1IHp8Fl9BfTNASSAilXm2x54G048fNmkpKEnKdsl+6azuQc3i/YSl /bMO157M2S4Gqhotj2zggAs4bgQ2ufS28peqISPfW/peOwPxTIW2QOTGTy1qXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1759786538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cbZ6RbwsUVUOhKcKYIEvOHKkLNx+mxUoITGcuKkvhuk=; b=Q3Jv5BJwicKdMHy7nCn9A1JfPTqdG6RU8F12hcbsNcmhyqIKVVrPQLowExDcOxPG1G8zOx ygBHQCRAb9tkEc9r/pC80XO5tC6n3JV0tFK/ei079cGOu4u4Hl97lQJ6osObxGMlTQF6It lSN1cOUZMyPtwh6SpzS19+XRl0TBtBWg1K7/XH+sCZ2qRCHOs3uo9opY63afTR3fIAkDtY nqIzGRzLN61IZnK8PEKJlef2mCRs6q+s0Pz0C+mS85KhFesnX51nh9fl3L4hi9HeNFuG84 rnwuLnpqeN5W45bQZt6rEFEFTvDW0jd2wBKFDqUm9KK3W/k2Xfqp7duVYnnxjw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1759786538; a=rsa-sha256; cv=none; b=YDQlXAIIfG7TA6rS9r6kHuEwi1o/OAEzrwisDihFfRBpYamUkXitk72od08nUSe2zZdqhh Z952BCKyjQVtFarYS3zyt/8H3/UP2SRdUguFcFF6EDxW32IAenc8zuRqib9sNN6YG81eoj NEt1Hov5aKIC4o8t8FDKwU0IDl0oCmz6IvvUtTmy0VqTc0V5cPmLKh/dUcMFVb4jcu1ARB Kox2Io39Q4mKUHok75feRk8YSPNRZVhD3WmfgxkXdxPAjqCPO9uPWh9YzA+nmVLSub8gMq h7sbAE36Cd+nsoScViJ8HYxgs2pSalX4ADQMd/FCLZN5PR48xJI3wImJ+zQM+w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cgXcp1dv3z1qB; Mon, 06 Oct 2025 21:35:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 596LZcBY045297; Mon, 6 Oct 2025 21:35:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 596LZcv6045294; Mon, 6 Oct 2025 21:35:38 GMT (envelope-from git) Date: Mon, 6 Oct 2025 21:35:38 GMT Message-Id: <202510062135.596LZcv6045294@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 8fecb09bc58e - main - pfctl: store correct ticket type List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8fecb09bc58ea39833b57c88637036124d71e0ce Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8fecb09bc58ea39833b57c88637036124d71e0ce commit 8fecb09bc58ea39833b57c88637036124d71e0ce Author: Kristof Provost AuthorDate: 2025-10-06 09:45:59 +0000 Commit: Kristof Provost CommitDate: 2025-10-06 21:35:29 +0000 pfctl: store correct ticket type When loading a new rule only persist the ticket if we're actually looking at a filter rule. We need that ticket type later if we have to create tables, but we need the ticket for the correct ruleset. Fixes: 9dfc5e03da50 ("pfctl: allow tables to be defined inside anchors") Reported by: Florian Smeets MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 21562fa03e0d..998148f5e75f 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2183,6 +2183,7 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) { u_int8_t rs_num = pf_get_ruleset_number(r->action); char *name; + uint32_t ticket; char anchor[PF_ANCHOR_NAME_SIZE]; int len = strlen(path); int error; @@ -2192,7 +2193,9 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) if ((pf->opts & PF_OPT_NOACTION) == 0) { if (pf->trans == NULL) errx(1, "pfctl_load_rule: no transaction"); - pf->anchor->ruleset.tticket = pfctl_get_ticket(pf->trans, rs_num, path); + ticket = pfctl_get_ticket(pf->trans, rs_num, path); + if (rs_num == PF_RULESET_FILTER) + pf->anchor->ruleset.tticket = ticket; } if (strlcpy(anchor, path, sizeof(anchor)) >= sizeof(anchor)) errx(1, "pfctl_load_rule: strlcpy"); @@ -2225,7 +2228,7 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) return (1); if (pfctl_add_pool(pf, &r->route, PF_RT)) return (1); - error = pfctl_add_rule_h(pf->h, r, anchor, name, pf->anchor->ruleset.tticket, + error = pfctl_add_rule_h(pf->h, r, anchor, name, ticket, pf->paddr.ticket); switch (error) { case 0: