From nobody Sat Aug 20 07:17:22 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M8qh24pqvz4ZX07; Sat, 20 Aug 2022 07:17:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M8qh240hhz3mjV; Sat, 20 Aug 2022 07:17:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660979842; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8JYGBuLgXwUHUb5lePtgBdGEh9ZvCRXTzaOM7RGPM04=; b=Z0aMBTPsWwaGEosRQ+OzwDLB3FrKTsNjZObmR7950Gcv/AnpM45tn867VNWKtJmLjBY2Oc PQ7AdgsQYseVzSOMiqXnyh9UWRos05IUSIV0h/6dFw49wxPPbn6ohzVbQFEf70vuxFfp84 wksHIGT4CTonJ8gASVxVgT2uprQ1CfQmqIOfd0CzAtMUNKVzYA4ajH560WZxlDifPHikfr ykYYiizgLWant5OHo5jW7ZTLUDOQ8y9/FRc+iEr4NU1IWXacgc4l8IntQGG1My/RrzjeUv TsnflFzvkjPIt7RB4hbXHcr1ecS4vHvcxqtjtzTeAJR9kJP2/BX8z2QyqPmNBQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M8qh22lp1zP3f; Sat, 20 Aug 2022 07:17:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 27K7HMmA021011; Sat, 20 Aug 2022 07:17:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 27K7HMvd021010; Sat, 20 Aug 2022 07:17:22 GMT (envelope-from git) Date: Sat, 20 Aug 2022 07:17:22 GMT Message-Id: <202208200717.27K7HMvd021010@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: c9554c4df514 - stable/12 - pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: c9554c4df51481a5826111c9ca15a1e28b3d5ba5 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660979842; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8JYGBuLgXwUHUb5lePtgBdGEh9ZvCRXTzaOM7RGPM04=; b=wbDOyo8BR0pB2XBSvBBhee6+nL3fJjmrYQTr4QNYl/GdKp+vT0Qxa0mMvuVippR7NUDTNA KxphbPc0UalygsJ5zvP9jelLg4o7zGHg2V2O3xl03nU9VoBV3kzE5LnxmzE261GQf5ZFye vFwucoBn4fnsPEXHnJGPvUAoj71NTqucA5R6yhCbDfbjBEDTKc8DH2PDUgJR6TzALMB/c8 c1No2LalXW1ru6cubveaeExrMSJsUSukgw9odxBYnzoXaQ7zBE1ihg3ZnWYR1s9TtkVuIe vlty60RNa5FMp/sxiKJggV8S1SHGp3mfO6ut73+eIvO4oEvy26wYYilAnqk+Ug== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660979842; a=rsa-sha256; cv=none; b=u0J4qqbclTRmsu7surGP11kLJJSdF46kegnvnmWO7l2UZOpex+cT52kVqJ+5Ve4Y+Tl68t TP8RJlFWvcrSgARooHXxd++RQ9sn8AQbm7fPLYDCcOKmJA+8nk2YXA1E2mhm7ecXzfhFy3 B0oGPp+VZzkzc1bm83v/2WiSi+Uzb3ocB7aKdH9ANe87H+/ZZlQ6jFEP/meKAHeEtdylsw nDUyB4RfVX2HGbmRpaw2gcSiMDNzHh9wh0i7uYGe7IJWWT4nFs1USbW9CxeQYwq6EeyaQJ ifkevSleRRlHlBDYIVPoSATTJYS/P2ciz7MgMTxFr1SwHMJWvPuOHmw8kG52OQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=c9554c4df51481a5826111c9ca15a1e28b3d5ba5 commit c9554c4df51481a5826111c9ca15a1e28b3d5ba5 Author: Franco Fichtner AuthorDate: 2022-08-06 08:59:56 +0000 Commit: Kristof Provost CommitDate: 2022-08-20 07:14:31 +0000 pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash pass inet proto icmp icmp-type {unreach} pass route-to (if0 127.0.0.1/8) sticky-address inet The wrong struct was being tested. The parser tries to prevent "sticky-address sticky-address" syntax but was actually cross-rule enforcing that ICMP filter cannot be before the use of "sticky-address" in next rule. MFC after: 2 weeks Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D36050 (cherry picked from commit 1e73fbd8b28946cb1341b51292082864943f0a89) --- sbin/pfctl/parse.y | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 09bda751d356..1e65bcb6a9b3 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4075,7 +4075,7 @@ pool_opt : BITMASK { pool_opts.staticport = 1; } | STICKYADDRESS { - if (filter_opts.marker & POM_STICKYADDRESS) { + if (pool_opts.marker & POM_STICKYADDRESS) { yyerror("sticky-address cannot be redefined"); YYERROR; }