From nobody Sun Apr 26 10:12:27 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g3MvJ1Llmz6bRCs for ; Sun, 26 Apr 2026 10:12:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4g3MvH68wJz3GsP for ; Sun, 26 Apr 2026 10:12:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777198347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LnNM9JcfJqB+U5ODBtP22MtCit7YohTgrQqIqy7dZnc=; b=mZMesqyxb+ds22zz+FsBwY4WDRKXFWx5ehVwycEUtf5690FdNEfG1zx6QqnYC+dahEMxRr TsINe9NxS8lThY4MFORS92cQJt4hdU0S1QY7leWArfVZHpfPMHzgC0YcZUoy7RjAa0aA1w YHV2gIFZHSW+gucaJAhXXxNtJIpgdLE+d2lYXI4VC87WNm675anCgbe4jUM8hWm4rYEYFt Z1omq7kertaOplpr/821ii+b4LF90FafzKTZsOyx2xpzXu3H2T8lCluaE1QwfZUYAOzKn/ b6Z/VeVSSA2VI2gpk+Pq1Xu9YFE2gsVs4/a+d9CJbB/ZfPXVSWBErmn32hiDTg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777198347; a=rsa-sha256; cv=none; b=J0TB1dtVE6rJsqi6jopglfuqspOOzsH278rgFo3uaI8J898ppR3fNeVQCLIA+e/5+H533d 0JqRRxqDPEk7mlwq/2JP+0hO7mgmYYyNMiaashlRtsxqInp5BlzdW55Aa+0b6hkzFJiegV lLtpRnNtB9fn6Ts9yq0mn2bOwOrlHXKZKyQnahsWZldKg6kAGH4s3IxI+UW9dSit8q56eX wJg+SEwXnM7JUXR3HO/cDt2tGMYe9Z7ff5JvciUnuo5SuVISsq2dmA8jKHr8+L4+KcYKD+ NNi+JRuhLOKUGOk0AOhuP1RmGuPpnG/GkQAKmUfBJ84QIGenOItVkp6zgjMbDg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777198347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LnNM9JcfJqB+U5ODBtP22MtCit7YohTgrQqIqy7dZnc=; b=xYa0kvif9f7B3T3OLspDMnwGGJcYih2XooiFEqJ+ypAwTSSjlvGFlG/ZPK677Fl1Xak9Dw 9zq9SVVijeIbbdlc3foif9gxDExHUHyzY4zBLFWPuz8zxFCCiYAzEBE2t6xrH9Lz5iGb/U Z5gT6rN3U7KJnq0TNcv6yfBWVMtIk5xpRYvTuQ0zyooQGgmsCSc681W5687PaDMxJXZeTe WGpWgwzH4OWDKJV7NQhvCbNF8hdOqBDMaiHoTygmVgipCgEJSCNdr6hnNCpS6Syax8iC98 MApfwGH0VdHL4k8XDMJxSrrRdFy0CIeps45JDTHr268Uz17sR7QnXMbwvn0jEA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g3MvH5fF8z1FT for ; Sun, 26 Apr 2026 10:12:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3c931 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sun, 26 Apr 2026 10:12:27 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 4fc1503f8617 - stable/14 - pf: fix duplicate rule detection for automatic tables List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 4fc1503f86177259c140c42eacb073bd17f9f72e Auto-Submitted: auto-generated Date: Sun, 26 Apr 2026 10:12:27 +0000 Message-Id: <69ede50b.3c931.3ee282aa@gitrepo.freebsd.org> The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=4fc1503f86177259c140c42eacb073bd17f9f72e commit 4fc1503f86177259c140c42eacb073bd17f9f72e Author: Kristof Provost AuthorDate: 2026-04-09 16:11:41 +0000 Commit: Kristof Provost CommitDate: 2026-04-26 10:12:03 +0000 pf: fix duplicate rule detection for automatic tables We should look at the table name for automatic tables as well. These are different tables, so the rules using them are (or can be) different as well. MFC after: 3 days Reported by: Michael Sinatra Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit fb838352751767e756bd45cd2040fa464ed4de20) --- tests/sys/netpfil/pf/pass_block.sh | 42 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh index b91ba7f9ee68..0ebbfcfaf699 100644 --- a/tests/sys/netpfil/pf/pass_block.sh +++ b/tests/sys/netpfil/pf/pass_block.sh @@ -292,6 +292,47 @@ addr_range_cleanup() pft_cleanup } +atf_test_case "auto_tables" "cleanup" +auto_tables_head() +{ + atf_set descr 'Test rulesets with different automatic tables' + atf_set require.user root +} + +auto_tables_body() +{ + pft_init + + epair=$(vnet_mkepair) + ifconfig ${epair}b 192.0.2.2/24 up + + vnet_mkjail alcatraz ${epair}a + jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up + + # Sanity check + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "set ruleset-optimization basic" \ + "test_a = \"203.0.113.1 203.0.113.2 203.0.113.3 203.0.113.4 + 203.0.113.5 203.0.113.6 203.0.113.7 203.0.113.8 203.0.113.9 + 203.0.113.10\"" \ + "test_b = \"192.0.2.1 192.0.2.2 192.0.2.3 192.0.2.4 192.0.2.5 + 192.0.2.6 192.0.2.7 192.0.2.8 192.0.2.9 192.0.2.10\"" \ + "block" \ + "pass inet from any to { \$test_a }" \ + "pass inet from 198.51.100.1 to 198.51.100.2 no state" \ + "pass inet from any to { \$test_b }" + + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 +} + +auto_tables_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4" @@ -300,4 +341,5 @@ atf_init_test_cases() atf_add_test_case "nested_inline" atf_add_test_case "urpf" atf_add_test_case "addr_range" + atf_add_test_case "auto_tables" }