Date: Mon, 28 Mar 2022 11:47:29 GMT From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 2f968abce543 - main - pf: include anchor path when hashing a rule Message-ID: <202203281147.22SBlT0b090112@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=2f968abce5439d5a71b6b685416b219f0450fd5b commit 2f968abce5439d5a71b6b685416b219f0450fd5b Author: Mateusz Guzik <mjg@FreeBSD.org> AuthorDate: 2022-03-21 16:34:42 +0000 Commit: Mateusz Guzik <mjg@FreeBSD.org> CommitDate: 2022-03-28 11:44:39 +0000 pf: include anchor path when hashing a rule Otherwise all anchors hash to the same value. Note this can result in checksum mismatches between pfsynced hosts, but it has to be sorted out as the previously computed checksum would fail to indicate changed anchors. Reviewed by: kp Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 68307c9e7bb3..45f14fc92f7b 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1260,6 +1260,8 @@ pf_hash_rule(MD5_CTX *ctx, struct pf_krule *rule) PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); PF_MD5_UPD(rule, tos); + if (rule->anchor != NULL) + PF_MD5_UPD_STR(rule, anchor->path); } static bool
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203281147.22SBlT0b090112>