From nobody Thu Apr 23 11:46:45 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g1Z7b02mYz6ZXhw
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Thu, 23 Apr 2026 11:46:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4g1Z7Z5Dysz3JWH
	for <dev-commits-src-all@FreeBSD.org>; Thu, 23 Apr 2026 11:46:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1776944810;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0tTWi0GdrUBzHpaz98TC/t3FV2plBfec1joiGK/oT1U=;
	b=KzQ6yntYXDYSRmi5bd0Xr6UYfXmuknR9PHGEdcLBWA46RsVXzL2uzPjoDA6WcHbeG4WzJC
	l3T23rGRNVkxrVAKudC4uUAHj0hypZYlftrmEDFUksF1omTnWvwrXt5jAS8XMftSz6+1tt
	Kew0s840aHwTassRD2YMVUbOBGqhKIQl2TTd6fpkTrfRVyJuM9It2g6A1kkouXn6JR0jih
	YYETJxp2i1B7WyeKcFCjCRsv8HDkQufy3cuFLJMp5wJ69i57kzvxpcyRGWRTulKS70hMAg
	g0dVFc95IVPnEsyo8S6IoAHWozG+lL9zetolRzTam+92qLx+DU/ilskV1XqwMw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1776944810; a=rsa-sha256; cv=none;
	b=o5uTDHcSB95q0osDzZqLfTTb6fH/c577X5lMyA0nTfGQezYaN7xrirKpsWma861RK66NO2
	A5oF+qcLNJDbIFQs8EHvLjpBab2w2mIn7j8KWAbL4eSYH/tYX/FQCxZZirbfee+1x1MKl6
	XQv7HMkMc7LgmjJbf8WykILNUvOwFdZyxZp/5CYSDQ9pV/veYaVPe3bogIUzonohbyX8Gs
	qx2gupU0bzj1xN8uhpv9nCVCJN0ePasZA5mNP8+goNjqNbG46auTQl8vFuF/ITg+G8f5gz
	DsRPujShjha0wN6mYnDWfmnMQX2ZidbCvJTcG5F+E+UPQSGx9IcECgnquXsaJA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1776944810;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0tTWi0GdrUBzHpaz98TC/t3FV2plBfec1joiGK/oT1U=;
	b=lSGXbpooRoFDJqEWKuPqkrw+u1y3B6trgZxPB+c7mqAeO5bxzP0A11W2mqs50ljF6prjQj
	IL7W6nS3TvR3U7whBYuyhrnUeqFBXN0sDUMELIEd5mpRY9Z14WJFQ86f7uQkKqA/7vY1gs
	WCcNrlieNE1H1mhKtBL/AgKepZZv2xCDro7umsj6Q5P0JFcooOQzwUtGGHus5FAPeF7KlC
	Jnm0j1/FWBWGd2KGYp6F7UXDrIFfiJLD61VW0kN6LnG2cLxq64gBQQBPKTrrTVE0k9L2ow
	l8SzVaG8QzvOe9/KXV658hyW+kKBUkRQmW6k/nDgJuehQTD/2PNqr+hYG+mWCw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g1Z7Z4mRtzZ5
	for <dev-commits-src-all@FreeBSD.org>; Thu, 23 Apr 2026 11:46:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 45d4e
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 23 Apr 2026 11:46:45 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: fb8383527517 - main - pf: fix duplicate rule detection for automatic tables
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: fb838352751767e756bd45cd2040fa464ed4de20
Auto-Submitted: auto-generated
Date: Thu, 23 Apr 2026 11:46:45 +0000
Message-Id: <69ea06a5.45d4e.2f934756@gitrepo.freebsd.org>

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=fb838352751767e756bd45cd2040fa464ed4de20

commit fb838352751767e756bd45cd2040fa464ed4de20
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-04-09 16:11:41 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-04-23 09:11:38 +0000

    pf: fix duplicate rule detection for automatic tables
    
    We should look at the table name for automatic tables as well. These
    are different tables, so the rules using them are (or can be) different
    as well.
    
    MFC after:      3 days
    Reported by:    Michael Sinatra <michael@burnttofu.net>
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf_ioctl.c          |  4 +---
 tests/sys/netpfil/pf/pass_block.sh | 42 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 586d896d0e2d..d3e60b137c1a 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1354,9 +1354,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr)
 			PF_MD5_UPD(pfr, addr.iflags);
 			break;
 		case PF_ADDR_TABLE:
-			if (strncmp(pfr->addr.v.tblname, PF_OPTIMIZER_TABLE_PFX,
-			    strlen(PF_OPTIMIZER_TABLE_PFX)))
-				PF_MD5_UPD(pfr, addr.v.tblname);
+			PF_MD5_UPD(pfr, addr.v.tblname);
 			break;
 		case PF_ADDR_ADDRMASK:
 		case PF_ADDR_RANGE:
diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh
index f6d973de7cf4..a5cd04f1db22 100644
--- a/tests/sys/netpfil/pf/pass_block.sh
+++ b/tests/sys/netpfil/pf/pass_block.sh
@@ -488,6 +488,47 @@ addr_range_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "auto_tables" "cleanup"
+auto_tables_head()
+{
+	atf_set descr 'Test rulesets with different automatic tables'
+	atf_set require.user root
+}
+
+auto_tables_body()
+{
+	pft_init
+
+	epair=$(vnet_mkepair)
+	ifconfig ${epair}b 192.0.2.2/24 up
+
+	vnet_mkjail alcatraz ${epair}a
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	# Sanity check
+	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+	    "set ruleset-optimization basic" \
+	    "test_a = \"203.0.113.1 203.0.113.2 203.0.113.3 203.0.113.4
+	        203.0.113.5 203.0.113.6 203.0.113.7 203.0.113.8 203.0.113.9
+	        203.0.113.10\"" \
+	    "test_b = \"192.0.2.1 192.0.2.2 192.0.2.3 192.0.2.4 192.0.2.5
+	        192.0.2.6 192.0.2.7 192.0.2.8 192.0.2.9 192.0.2.10\"" \
+	    "block" \
+	    "pass inet from any to { \$test_a }" \
+	    "pass inet from 198.51.100.1 to 198.51.100.2 no state" \
+	    "pass inet from any to { \$test_b }"
+
+	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
+}
+
+auto_tables_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "enable_disable"
@@ -500,4 +541,5 @@ atf_init_test_cases()
 	atf_add_test_case "optimize_any"
 	atf_add_test_case "any_if"
 	atf_add_test_case "addr_range"
+	atf_add_test_case "auto_tables"
 }