From nobody Fri Apr 17 11:55:41 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fxtcY2xFNz6ZdLM for ; Fri, 17 Apr 2026 11:55:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fxtcY0dFzz46wc for ; Fri, 17 Apr 2026 11:55:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1776426941; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DyFFMkFb720sklFjHEq+C0+n2G27kwyydu0e5XVy5rs=; b=r6gfx+tJIZzdbLbh+r7ZshoiSYMWEssxiA6xV0DaYA2bO5h1ToE1Nw50zbUsuR+xu6BqGk ggjSxf93TtwxIT7mbMWPDoTxa7nNnYEurd9gpfelhmUOL3Pvm5P8kC5Y65uUhGHlsbVA33 1itkcUcPox/S3XhZ6T4TMdX7Dqf6vbfZGaqfcTXMk6qR0Veu2CEtNkOyHmhAgNa9eQCDhj PBjf2TkX1OJYi8ZKBUB5KdRpP6dylWujD3DG4VJ0pGY6jF89LMYCiCT3ihAwMOonHnQld7 0Ha6BDboBfWlljPN2/YJGchArHWjniqw36Yq3Jo0Jz2TFDkoocqd03jyI7J8TQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1776426941; a=rsa-sha256; cv=none; b=fAJkQBdO1jM0ctBUcFy7T1QqtmfMylUqG6SpOa5t0GEUdAvxY8m60zKyKMtRfRK5/la+hE 7zOJlxjbNcYzOLFJOW1A7kwP5b9YJD1HaXBWNON3OjBa/MEp9o++CXm3Xb1lEYWXpeErwS CAtK1h0oLSeeLRCV5um505mb8p9bPTUZXyk0ZYdETWRPzzohEaBnFTpZp49fG+QESTgS4H oY3Lqf949qaT4r59zeYcUXVRLPvvuTOGvuX57Dcs1KpYW5vSeBhxxVmV0kKGpjLZzbxIXT 4Pf7KHqDiqfxgu4pTvmDwr7GuCPPxC+nXyPuJjwv/yx4idyDU1vozZOzZ0l37g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1776426941; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DyFFMkFb720sklFjHEq+C0+n2G27kwyydu0e5XVy5rs=; b=cadReKoHDKqxLQmDVtOmSZ6aO2xSiclPHfHo+znCsf9jXAya8yvXCyQFaTh1p1+b5RvqEA AzNlX4eMo24bKZzG27QUrx/K9RS/H6kf8n1SyW3ov7jlAHD+9pUBtmraQK4zsOEP6l7gry Ke/ieDItri2TDOoILjaXpf2ovGnrbHcARyfF6ksRhYSImhouO/5GP3ix2n5ClVk2XhBzoj sL7HwNjEImUsqjlXHvbFUCsAPokxEF4M3lq8PeGJF2cabDRHu0E/0D9sLS9Cm6hssiFFoN TpiYRloROmNDk+WG/4XwgWpXM3Am8AbEfqfbapI5DoNtXLBj9T7d9Z6+R23CVA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fxtcY06Xhzt15 for ; Fri, 17 Apr 2026 11:55:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3a5d8 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 17 Apr 2026 11:55:41 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 6f8ea66cbcf2 - main - pfctl: fix how source and state limiters are wired into rbtrees List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6f8ea66cbcf2e2e5bc82e8f0c2e0038a3c7d6a9e Auto-Submitted: auto-generated Date: Fri, 17 Apr 2026 11:55:41 +0000 Message-Id: <69e21fbd.3a5d8.262dc858@gitrepo.freebsd.org> The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6f8ea66cbcf2e2e5bc82e8f0c2e0038a3c7d6a9e commit 6f8ea66cbcf2e2e5bc82e8f0c2e0038a3c7d6a9e Author: Kristof Provost AuthorDate: 2026-04-16 09:16:29 +0000 Commit: Kristof Provost CommitDate: 2026-04-17 11:55:05 +0000 pfctl: fix how source and state limiters are wired into rbtrees i messed up when we added support for names on these things. the id and names are each supposed to be unique, which is checked by putting the one limiter into an rb tree based on their id and another based on their name. unfortunately i used the same RBT_ENTRY fields for both trees, which meant using both trees on the same limiter corrupted the topology, which goes badly when you want to use multiple limiters. found by, tested, and ok dgl@ (who is not me, this is not a typo) ok jmatthew@ Obtained from: OpenBSD, dlg , f951d642cc Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.c | 21 ++++++++++++--------- sbin/pfctl/pfctl_parser.h | 6 ++++-- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index a7bba4055b06..48e6a053a842 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -152,13 +152,13 @@ int pfctl_call_cleartables(int, int, struct pfr_anchoritem *); int pfctl_call_clearanchors(int, int, struct pfr_anchoritem *); int pfctl_call_showtables(int, int, struct pfr_anchoritem *); -RB_PROTOTYPE(pfctl_statelim_ids, pfctl_statelim, entry, +RB_PROTOTYPE(pfctl_statelim_ids, pfctl_statelim, id_entry, pfctl_statelim_id_cmp); -RB_PROTOTYPE(pfctl_statelim_nms, pfctl_statelim, entry, +RB_PROTOTYPE(pfctl_statelim_nms, pfctl_statelim, nm_entry, pfctl_statelim_nm_cmp); -RB_PROTOTYPE(pfctl_sourcelim_ids, pfctl_sourcelim, entry, +RB_PROTOTYPE(pfctl_sourcelim_ids, pfctl_sourcelim, id_entry, pfctl_sourcelim_id_cmp); -RB_PROTOTYPE(pfctl_sourcelim_nms, pfctl_sourcelim, entry, +RB_PROTOTYPE(pfctl_sourcelim_nms, pfctl_sourcelim, nm_entry, pfctl_sourcelim_nm_cmp); enum showopt_id { @@ -4187,7 +4187,8 @@ pfctl_statelim_id_cmp(const struct pfctl_statelim *a, return (0); } -RB_GENERATE(pfctl_statelim_ids, pfctl_statelim, entry, pfctl_statelim_id_cmp); +RB_GENERATE(pfctl_statelim_ids, pfctl_statelim, id_entry, + pfctl_statelim_id_cmp); static inline int pfctl_statelim_nm_cmp(const struct pfctl_statelim *a, @@ -4196,7 +4197,8 @@ pfctl_statelim_nm_cmp(const struct pfctl_statelim *a, return (strcmp(a->ioc.name, b->ioc.name)); } -RB_GENERATE(pfctl_statelim_nms, pfctl_statelim, entry, pfctl_statelim_nm_cmp); +RB_GENERATE(pfctl_statelim_nms, pfctl_statelim, nm_entry, + pfctl_statelim_nm_cmp); int pfctl_add_statelim(struct pfctl *pf, struct pfctl_statelim *stlim) @@ -4253,7 +4255,7 @@ pfctl_sourcelim_id_cmp(const struct pfctl_sourcelim *a, return (0); } -RB_GENERATE(pfctl_sourcelim_ids, pfctl_sourcelim, entry, +RB_GENERATE(pfctl_sourcelim_ids, pfctl_sourcelim, id_entry, pfctl_sourcelim_id_cmp); static inline int @@ -4263,7 +4265,7 @@ pfctl_sourcelim_nm_cmp(const struct pfctl_sourcelim *a, return (strcmp(a->ioc.name, b->ioc.name)); } -RB_GENERATE(pfctl_sourcelim_nms, pfctl_sourcelim, entry, +RB_GENERATE(pfctl_sourcelim_nms, pfctl_sourcelim, nm_entry, pfctl_sourcelim_nm_cmp); int @@ -4272,8 +4274,9 @@ pfctl_add_sourcelim(struct pfctl *pf, struct pfctl_sourcelim *srlim) struct pfctl_sourcelim *osrlim; osrlim = RB_INSERT(pfctl_sourcelim_ids, &pf->sourcelim_ids, srlim); - if (osrlim != NULL) + if (osrlim != NULL) { return (-1); + } osrlim = RB_INSERT(pfctl_sourcelim_nms, &pf->sourcelim_nms, srlim); if (osrlim != NULL) { diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 8934238da148..631a6b9a32ea 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -77,7 +77,8 @@ struct pfr_buffer; /* forward definition */ struct pfctl_statelim { struct pfctl_state_lim ioc; - RB_ENTRY(pfctl_statelim) entry; + RB_ENTRY(pfctl_statelim) id_entry; + RB_ENTRY(pfctl_statelim) nm_entry; }; RB_HEAD(pfctl_statelim_ids, pfctl_statelim); @@ -85,7 +86,8 @@ RB_HEAD(pfctl_statelim_nms, pfctl_statelim); struct pfctl_sourcelim { struct pfctl_source_lim ioc; - RB_ENTRY(pfctl_sourcelim) entry; + RB_ENTRY(pfctl_sourcelim) id_entry; + RB_ENTRY(pfctl_sourcelim) nm_entry; }; RB_HEAD(pfctl_sourcelim_ids, pfctl_sourcelim);