From nobody Tue Dec 2 15:29:04 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dLPnX5X0bz6HcyM for ; Tue, 02 Dec 2025 15:29:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dLPnX45Hgz4FpV for ; Tue, 02 Dec 2025 15:29:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764689344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/J9KRZluuEmUKGHFiDc8caLkbUCi/ViIS6PWxsTcvTA=; b=rVxRhqzd52HfiOyAgJSSLbq0VqgkpdfmwcevssVem8Zi3Lx5YgpV+l2vgH812cDa9F2UtG yaLKzjSBy3wbspmFB9utCdiDHwWxJ04IpNltOzOfkE7dZ4F3UYWUz2Hmp0w+ffhQvTmcSC 2ZjnlavO1GDdHQk9eTAXi31u6NbQeFIkEn3Jb2sUAfHJhTVtsxMIw00qaGBY/F5OdbIqZV gGPAghfGWn3pOkDV/Qil7dhEa7u99cDv4LMOu+ULXQDh7uY54Mony3s83XuKzyeaHpK/Qa DKVLc0KVBr4EtNel3Nq8objrhfBv0SSn80iUaFmfcZp3B+iRPdsgKXe8abiQ3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764689344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/J9KRZluuEmUKGHFiDc8caLkbUCi/ViIS6PWxsTcvTA=; b=B66z+F+03MNEkFaSEalKVu4YVK3/0oKkzVZxyCaQqNV5skBFuRI594Run8p3r0xrZq3Tei c7AQ6lOjewy/Bpu1OQANqJ3mufYr0J/3ZFcVbvuCeaYGssdD6pCzkj2CsUgl/6QFw07Xqq brGTka+DzNLMQ0j7C7BBcimtua/6cmxEDXCON2McpnMZmMXSuiMYg4xkSx+VbwTfk+iz2q MiNzuVfIivPELpsdrj4mvuldDPrYgecinNaLsCWYt45Qrd0Dy4COvFjqGhbTcehTagLikb d7hkNTqldhhAtEycbcEEMNmszbyRUPD8PP+tG3FNPQsJ+GWO7o57b7CM/bcsXg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1764689344; a=rsa-sha256; cv=none; b=fE1tC5Qqsut05zzC9bGCQOQaHPBtp8aTs3YVLbNJs89Cd+Vy+PovNSEF5dCmdlD5A6N7Eq NjWV6PBO5+bLOklPhaFEsxJsiMx0GqKI5nLmVEJaSllyJMmrpNGC1lNOT0CDfsGJLQ8VT+ f4TTKJq2jFAT9VTbNki0QYOqEEb9fRlAthe0EuKQjZHiVxDpNzM1bZrOVuPdRpI2P6Qoxk ubazDYYcxErEVLlbjlU0qrhhxXinAmrhAkmOqSnmXHWXCWkgfJu1WQzxya9uH149rR0xWp NBgfdv0L+q1aysjSq8MHFqbTeCKG5zOP4u1Ge/Vqx4c3wN/czLFUhnHsnickxg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dLPnX3gQDz1BWx for ; Tue, 02 Dec 2025 15:29:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 34a80 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 02 Dec 2025 15:29:04 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: c7cfc16f7ce0 - stable/13 - ipfilter: Load optionlist prior to ippool invocation List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c7cfc16f7ce08ae91b9ec6544348d750d08e65c1 Auto-Submitted: auto-generated Date: Tue, 02 Dec 2025 15:29:04 +0000 Message-Id: <692f05c0.34a80.76077ad6@gitrepo.freebsd.org> The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=c7cfc16f7ce08ae91b9ec6544348d750d08e65c1 commit c7cfc16f7ce08ae91b9ec6544348d750d08e65c1 Author: Cy Schubert AuthorDate: 2025-11-26 19:40:36 +0000 Commit: Cy Schubert CommitDate: 2025-12-02 15:28:55 +0000 ipfilter: Load optionlist prior to ippool invocation As a safety precaution df381bec2d2b limits ippool hash table size to 1K. This causes any legitimely large hash table to fail to load. The htable_size_max ipf tuneable adjusts this but the adjustment is made in the ipfilter rc script, invoked after the ippool script (because it depends on ippool). Let's load the ipfilter_optionlist in ippool as well. ipfilter_optionlist load will also occur in the ipfilter rc script in case the user uses ipfilter without ippool. Fixes: df381bec2d2b (cherry picked from commit d5d005e9bf4933d5680dd0bb5d42bdf440122aa4) --- libexec/rc/rc.d/ippool | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 42cef3faf7eb..527e1fc780b2 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -23,6 +23,9 @@ required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" + if [ -n "${ifilter_optionlist}" ]; then + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + fi } ippool_reload()