Date: Fri, 17 Apr 2026 11:55:41 +0000 From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 6f8ea66cbcf2 - main - pfctl: fix how source and state limiters are wired into rbtrees Message-ID: <69e21fbd.3a5d8.262dc858@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6f8ea66cbcf2e2e5bc82e8f0c2e0038a3c7d6a9e commit 6f8ea66cbcf2e2e5bc82e8f0c2e0038a3c7d6a9e Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2026-04-16 09:16:29 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2026-04-17 11:55:05 +0000 pfctl: fix how source and state limiters are wired into rbtrees i messed up when we added support for names on these things. the id and names are each supposed to be unique, which is checked by putting the one limiter into an rb tree based on their id and another based on their name. unfortunately i used the same RBT_ENTRY fields for both trees, which meant using both trees on the same limiter corrupted the topology, which goes badly when you want to use multiple limiters. found by, tested, and ok dgl@ (who is not me, this is not a typo) ok jmatthew@ Obtained from: OpenBSD, dlg <dlg@openbsd.org>, f951d642cc Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.c | 21 ++++++++++++--------- sbin/pfctl/pfctl_parser.h | 6 ++++-- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index a7bba4055b06..48e6a053a842 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -152,13 +152,13 @@ int pfctl_call_cleartables(int, int, struct pfr_anchoritem *); int pfctl_call_clearanchors(int, int, struct pfr_anchoritem *); int pfctl_call_showtables(int, int, struct pfr_anchoritem *); -RB_PROTOTYPE(pfctl_statelim_ids, pfctl_statelim, entry, +RB_PROTOTYPE(pfctl_statelim_ids, pfctl_statelim, id_entry, pfctl_statelim_id_cmp); -RB_PROTOTYPE(pfctl_statelim_nms, pfctl_statelim, entry, +RB_PROTOTYPE(pfctl_statelim_nms, pfctl_statelim, nm_entry, pfctl_statelim_nm_cmp); -RB_PROTOTYPE(pfctl_sourcelim_ids, pfctl_sourcelim, entry, +RB_PROTOTYPE(pfctl_sourcelim_ids, pfctl_sourcelim, id_entry, pfctl_sourcelim_id_cmp); -RB_PROTOTYPE(pfctl_sourcelim_nms, pfctl_sourcelim, entry, +RB_PROTOTYPE(pfctl_sourcelim_nms, pfctl_sourcelim, nm_entry, pfctl_sourcelim_nm_cmp); enum showopt_id { @@ -4187,7 +4187,8 @@ pfctl_statelim_id_cmp(const struct pfctl_statelim *a, return (0); } -RB_GENERATE(pfctl_statelim_ids, pfctl_statelim, entry, pfctl_statelim_id_cmp); +RB_GENERATE(pfctl_statelim_ids, pfctl_statelim, id_entry, + pfctl_statelim_id_cmp); static inline int pfctl_statelim_nm_cmp(const struct pfctl_statelim *a, @@ -4196,7 +4197,8 @@ pfctl_statelim_nm_cmp(const struct pfctl_statelim *a, return (strcmp(a->ioc.name, b->ioc.name)); } -RB_GENERATE(pfctl_statelim_nms, pfctl_statelim, entry, pfctl_statelim_nm_cmp); +RB_GENERATE(pfctl_statelim_nms, pfctl_statelim, nm_entry, + pfctl_statelim_nm_cmp); int pfctl_add_statelim(struct pfctl *pf, struct pfctl_statelim *stlim) @@ -4253,7 +4255,7 @@ pfctl_sourcelim_id_cmp(const struct pfctl_sourcelim *a, return (0); } -RB_GENERATE(pfctl_sourcelim_ids, pfctl_sourcelim, entry, +RB_GENERATE(pfctl_sourcelim_ids, pfctl_sourcelim, id_entry, pfctl_sourcelim_id_cmp); static inline int @@ -4263,7 +4265,7 @@ pfctl_sourcelim_nm_cmp(const struct pfctl_sourcelim *a, return (strcmp(a->ioc.name, b->ioc.name)); } -RB_GENERATE(pfctl_sourcelim_nms, pfctl_sourcelim, entry, +RB_GENERATE(pfctl_sourcelim_nms, pfctl_sourcelim, nm_entry, pfctl_sourcelim_nm_cmp); int @@ -4272,8 +4274,9 @@ pfctl_add_sourcelim(struct pfctl *pf, struct pfctl_sourcelim *srlim) struct pfctl_sourcelim *osrlim; osrlim = RB_INSERT(pfctl_sourcelim_ids, &pf->sourcelim_ids, srlim); - if (osrlim != NULL) + if (osrlim != NULL) { return (-1); + } osrlim = RB_INSERT(pfctl_sourcelim_nms, &pf->sourcelim_nms, srlim); if (osrlim != NULL) { diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 8934238da148..631a6b9a32ea 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -77,7 +77,8 @@ struct pfr_buffer; /* forward definition */ struct pfctl_statelim { struct pfctl_state_lim ioc; - RB_ENTRY(pfctl_statelim) entry; + RB_ENTRY(pfctl_statelim) id_entry; + RB_ENTRY(pfctl_statelim) nm_entry; }; RB_HEAD(pfctl_statelim_ids, pfctl_statelim); @@ -85,7 +86,8 @@ RB_HEAD(pfctl_statelim_nms, pfctl_statelim); struct pfctl_sourcelim { struct pfctl_source_lim ioc; - RB_ENTRY(pfctl_sourcelim) entry; + RB_ENTRY(pfctl_sourcelim) id_entry; + RB_ENTRY(pfctl_sourcelim) nm_entry; }; RB_HEAD(pfctl_sourcelim_ids, pfctl_sourcelim);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69e21fbd.3a5d8.262dc858>