From nobody Tue Dec 2 15:58:30 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dLQRb4tx8z6HgmS for ; Tue, 02 Dec 2025 15:58:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dLQRb35Drz4NKm for ; Tue, 02 Dec 2025 15:58:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764691115; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fZ7QOeSLHYHzpAuy8A1LndNovnNNhWnHIBXbblUCdp8=; b=sjB23snqJN2ObDsLWLgcuY0tj+D1HwuMLIbf41JSneNhBMt+/kBzgOg9UC3WgvrP4joRpV YNFOPuOGq1B5JsGOINiwI8H94jDdS7xQ9M+j8UqlKKG8ycTIfmVBT9JrCEUSuu6ik8AMq3 5Q1LAxKc9fcWnVyXN4KoKZCPAo+KEIUAEJzukm6xgRT18WagFVSxMMmBvucINg2nxJTonW nAi3TNqHV1MDm9UunAXKj+l4+xUF6+uNQ/lf10aa8e5jKE0s2OFPofOs4rV6gkwre8/PNB mg+CmtCZmqPgC1bwpJPzaePd/SLKZTJbJ4WSg3lNzS+oik75Akx/KhiSOSPm+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764691115; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fZ7QOeSLHYHzpAuy8A1LndNovnNNhWnHIBXbblUCdp8=; b=lFJJIwR2FFiWVrWtgHfUnFm29aqnlt5XwY0+IjCY2X/vc1k6d1QN6na/DXAoMtYUnblR74 7D7fFbEyH/UfF6a7ENYyvEk/AIroufvASNjP6RV79UDKgDsRLsRj7J7QmVMcCIMGuUJFhK YOeBI8RE1S9Y0FV/kz4X++THmKLdNB4v97+5nmB/3MHw2e4urRyH2avbOHJtrI+/Ewn9Yx CjnZaJxTn1HBlDlU7jpv5o36TWYmdKQkNkG63UXMupAYapg4V+r5/SWm2ClTWIPYvrBs6p bMx0GxTD3MhiaLu4JyIxNi5qL1JINNHAcxU5e4J6/EMCrQmqfQz0/NeGdfj/YQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1764691115; a=rsa-sha256; cv=none; b=rP76PTWjicANBrJMD9I++bxRxNarxe5tdWX0hADyyUnp7uAMSru3NS86SybtaFNZmlrveH TIiJ8yMI8B/lloYZ6loLwtIhJ06Ce0hAQF+/H9M5y2S/jhVJKup771zxs8sByKBb3dTP6i v3/4AiWqJ1kRP5xC8OCV33TeXW5kQTdzTrE2zwNYn52w4TkTuUdCeuzfCOWaqw+3BPz0L4 AOdg82UGGzXsnS1SnPUprq8kWpAsFjTogWu1xys08jA5LeoX6piyIuDoZclumL5zLFQXoT i2726ZPC2VP/NAVm5uXDBrGI5i5yDsBASVwD3MJtm7x1/4cgsB4GMKmF7c5oOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dLQRb2ZYjz1Cm7 for ; Tue, 02 Dec 2025 15:58:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 37371 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 02 Dec 2025 15:58:30 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: 38eec1fc77cd - stable/14 - ipfilter: Load optionlist prior to ippool invocation List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 38eec1fc77cd15377f8908ce9937c9982d4ea9d1 Auto-Submitted: auto-generated Date: Tue, 02 Dec 2025 15:58:30 +0000 Message-Id: <692f0ca6.37371.53687d65@gitrepo.freebsd.org> The branch stable/14 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=38eec1fc77cd15377f8908ce9937c9982d4ea9d1 commit 38eec1fc77cd15377f8908ce9937c9982d4ea9d1 Author: Cy Schubert AuthorDate: 2025-11-26 19:40:36 +0000 Commit: Cy Schubert CommitDate: 2025-12-02 15:28:46 +0000 ipfilter: Load optionlist prior to ippool invocation As a safety precaution df381bec2d2b limits ippool hash table size to 1K. This causes any legitimely large hash table to fail to load. The htable_size_max ipf tuneable adjusts this but the adjustment is made in the ipfilter rc script, invoked after the ippool script (because it depends on ippool). Let's load the ipfilter_optionlist in ippool as well. ipfilter_optionlist load will also occur in the ipfilter rc script in case the user uses ipfilter without ippool. Fixes: df381bec2d2b (cherry picked from commit d5d005e9bf4933d5680dd0bb5d42bdf440122aa4) --- libexec/rc/rc.d/ippool | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 42cef3faf7eb..527e1fc780b2 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -23,6 +23,9 @@ required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" + if [ -n "${ifilter_optionlist}" ]; then + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + fi } ippool_reload()