git: f97839e05c06 - main - pfctl: Avoid optimizing empty rulesets
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Jul 2025 08:59:05 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=f97839e05c062a74940b2c501a08b1dd972cdc33
commit f97839e05c062a74940b2c501a08b1dd972cdc33
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-03 12:49:32 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-09 08:57:49 +0000
pfctl: Avoid optimizing empty rulesets
All optimizations work on actual rules; if there are none, return early.
While here, tell which ruleset/anchor is being optimized to make the debug
message actually useful.
OK mikeb
Obtained from: OpenBSD, kn <kn@openbsd.org>, 757f1589f1
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/pfctl_optimize.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index b58bace326c2..e727324bbf40 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -273,7 +273,10 @@ pfctl_optimize_ruleset(struct pfctl *pf, struct pfctl_ruleset *rs)
struct pfctl_rule *r;
struct pfctl_rulequeue *old_rules;
- DEBUG("optimizing ruleset");
+ if (TAILQ_EMPTY(rs->rules[PF_RULESET_FILTER].active.ptr))
+ return (0);
+
+ DEBUG("optimizing ruleset \"%s\"", rs->anchor->path);
memset(&table_buffer, 0, sizeof(table_buffer));
skip_init();
TAILQ_INIT(&opt_queue);