From nobody Mon Mar 28 11:47:29 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A13AE1A425BB; Mon, 28 Mar 2022 11:47:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KRrXd48X2z4SW5; Mon, 28 Mar 2022 11:47:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648468049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=knjdiAOapuTpovHmrdgyKQQILhNgk+yN4VHCXs4NIyc=; b=VFp89cEXPKIBdCZJI/z4mI4ALSZHmtqmwyXDC8wIgCknG3hE7Ri31z3mbSK+XM/GjLmKHq SZjExERnxXulFUcef2Mwy1CEqOyNs3PQoMyznBZYtyN04B3K5ZGBhxGqQyymSLET0yErv6 JchRZSibUNGdOFYiPDMBMMgQtrOBdiKGCsypHQXTWuYedd87vcOiBYcgdS2ZpLxXaQrz9q FtFfpegt9QnxsuOS8Q7/yzAVQp6+eEIhpv2Wn+OTuqO/A1vVglfp4DZyhtfxYpxIlM4e/5 +xiQoY3e8cPWokbf8naIeIx+0yheH3FVlmTFWe5JAWVrC1rXbxnwMfefrt8lwQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6E69A1140; Mon, 28 Mar 2022 11:47:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22SBlTpj090113; Mon, 28 Mar 2022 11:47:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22SBlT0b090112; Mon, 28 Mar 2022 11:47:29 GMT (envelope-from git) Date: Mon, 28 Mar 2022 11:47:29 GMT Message-Id: <202203281147.22SBlT0b090112@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mateusz Guzik Subject: git: 2f968abce543 - main - pf: include anchor path when hashing a rule List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mjg X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2f968abce5439d5a71b6b685416b219f0450fd5b Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648468049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=knjdiAOapuTpovHmrdgyKQQILhNgk+yN4VHCXs4NIyc=; b=LLB99vbZKZFsfwk4nn92OKen6yEgaCGVyXxgdA0waMbM8Z4lcxzZ8lylomb60tVaUz7hOW xkCHEqtLXinVlCRAe6WQCBetbuUErR809zToQ/6vFJSsbOkEjFPHv63UxOFBBVw+RqMHeX 7kNoeRvjvJvZVd3mSLvI7rvnTXApRLjseK43c8jjv03+5f9AWDP8gBwZx2npc+s8gDaWCB 2YAFNzEo/ErEp71m/x90awEyZmQCrQ5HvrmEFl07adCC8bxNUy4siwM4jaL23ZGdpBt1wu dxdUBJVVK89+HgMFsfwASuuzjF0aouXnFNIxrUUI98EBb37OT2Ziwm2x+jcxtQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648468049; a=rsa-sha256; cv=none; b=ZfKHPWM4P2n3XKN6BUqMb5H6fC+94unbl31KW1Sauow3bNyJdVTuZxXZXX8DetFfv+kVKd tCvuendbeX8Z5F6fESHjun0ci3iYoKLluPQ4EOtZIbf3ezsSwMyA42C7kflKloILuHeVuf 53OTfb2ggJmb5nsSJaLB4voLEKbT3KSEUkfLkmfYPkqPRbmM5Sq4rGGx6r9SNrJvhxkN3A 6TySxc/V48+78L+Qc3Z0uCF5y9iLDTjdRSauWFh+WKWGx+zSkoUrJ438GkPUkMBfDuD9mp ytvCP86htqFm/Mz+2oAKhcQdE3X4bKQeT6m4RVAIGoyxSsqBuA+nhn1Y0Jzikw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=2f968abce5439d5a71b6b685416b219f0450fd5b commit 2f968abce5439d5a71b6b685416b219f0450fd5b Author: Mateusz Guzik AuthorDate: 2022-03-21 16:34:42 +0000 Commit: Mateusz Guzik CommitDate: 2022-03-28 11:44:39 +0000 pf: include anchor path when hashing a rule Otherwise all anchors hash to the same value. Note this can result in checksum mismatches between pfsynced hosts, but it has to be sorted out as the previously computed checksum would fail to indicate changed anchors. Reviewed by: kp Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 68307c9e7bb3..45f14fc92f7b 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1260,6 +1260,8 @@ pf_hash_rule(MD5_CTX *ctx, struct pf_krule *rule) PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); PF_MD5_UPD(rule, tos); + if (rule->anchor != NULL) + PF_MD5_UPD_STR(rule, anchor->path); } static bool