From nobody Tue Dec 2 15:58:30 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dLQRV3g0nz6HgbY for ; Tue, 02 Dec 2025 15:58:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dLQRV35hNz4NGk for ; Tue, 02 Dec 2025 15:58:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764691110; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fZ7QOeSLHYHzpAuy8A1LndNovnNNhWnHIBXbblUCdp8=; b=D4FF8cGUdbYB7IrDO9rdFqlyY/Ex/NVIbzK+h80eOMO5ERxBbrPiAWQu9+v52VTY48SDdQ 4Bn7HB2t4VbHD9mzJYdBYeT3P5Plcn15j/E77UNA05BO7mON3LxgGNVm/Fk6bzOeFP16qa jjbvWy1gfpvZyFfB3xygAEKPCPG90SHPz9EUMy6+rpJVJ3xquC68au5B6EDBmVzdAZEN9O PBGZ++/Mh0uKN0eeBe1y+s5TnWKhgjeeIRXlwPCSK1axxXVI1L5snqBfL/jpeaiUp41Y3Z pRy+rIBu/bUh4YuLYRH9YmsXC23fOKxMra4OU9hTx4uAnDeiFtDWw0mqLjUNDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764691110; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fZ7QOeSLHYHzpAuy8A1LndNovnNNhWnHIBXbblUCdp8=; b=pTl82XUftDwpniu4kdR6E2RGuTNxsEoRbLAYG6vqvCAQn/aqy6GVCYPiBg5Jf7e32X1yhs y08Epu0v/GzyUrcrdxRrQrhkw+Bt1iKP1ZD2PrQM4sXLKIsV8U0vVegrhKmn/Mz4bFy/If 4/+T0bWjIhgAuniLqR/4O5Tst2ZXUvUL+hae0i3Tfjf1bXJqV9LtUgB4HIgouWTfixbl22 jTq1WkiGPjL4eG1f+2LWFmssHpPsYJ4j6+q1P772SYv9dkup0oTA9oHElIa3rqdm8gffvD fCKP55JYBDbmkprXaNYlfNlTrhI9U98sHd0I8WfwgffWeVP/DxE8e9ByQNWGOA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1764691110; a=rsa-sha256; cv=none; b=m5ovcYbXR39D4xj6Ecv1w+krS16ZuMqPGIG/mIbX4fGX+hJjXDwa1B8abuTcQNPwoIcB4L YOnm6o4je0PjuI8GHkhbD0fdxxe119KfPIsReAtTP4SQYxGHGhG6mx7Dsj09LQzSMseQ+F Rd53b7ka20uvW5mWBwY0FbZjs+S04yIN1bliK0jjTWwBEfp4LeVL9CRTa4d531iZCEZ4vE hL+Eq2VLPhMXha018bCwcrNG6cdJWtCikla4ukYmtB26srqfqFiuVx46o8+TgfVgDgVUlL 4dyRmIiO+CYLRu/5wAiYjwODH9B+sqKnlZ2S9uI7utyKDxL64wljh1CVX+egyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dLQRV2Zzvz1CXR for ; Tue, 02 Dec 2025 15:58:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 37371 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 02 Dec 2025 15:58:30 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: 38eec1fc77cd - stable/14 - ipfilter: Load optionlist prior to ippool invocation List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 38eec1fc77cd15377f8908ce9937c9982d4ea9d1 Auto-Submitted: auto-generated Date: Tue, 02 Dec 2025 15:58:30 +0000 Message-Id: <692f0ca6.37371.53687d65@gitrepo.freebsd.org> The branch stable/14 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=38eec1fc77cd15377f8908ce9937c9982d4ea9d1 commit 38eec1fc77cd15377f8908ce9937c9982d4ea9d1 Author: Cy Schubert AuthorDate: 2025-11-26 19:40:36 +0000 Commit: Cy Schubert CommitDate: 2025-12-02 15:28:46 +0000 ipfilter: Load optionlist prior to ippool invocation As a safety precaution df381bec2d2b limits ippool hash table size to 1K. This causes any legitimely large hash table to fail to load. The htable_size_max ipf tuneable adjusts this but the adjustment is made in the ipfilter rc script, invoked after the ippool script (because it depends on ippool). Let's load the ipfilter_optionlist in ippool as well. ipfilter_optionlist load will also occur in the ipfilter rc script in case the user uses ipfilter without ippool. Fixes: df381bec2d2b (cherry picked from commit d5d005e9bf4933d5680dd0bb5d42bdf440122aa4) --- libexec/rc/rc.d/ippool | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 42cef3faf7eb..527e1fc780b2 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -23,6 +23,9 @@ required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" + if [ -n "${ifilter_optionlist}" ]; then + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + fi } ippool_reload()