From nobody Sat Aug 20 07:17:21 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M8qh16cFRz4ZXCp; Sat, 20 Aug 2022 07:17:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M8qh167m5z3mww; Sat, 20 Aug 2022 07:17:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660979841; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3GdC9oYjnYvT0vQ7+cPqLpTEhPb5OFlUcH0TLHK4VnA=; b=M+aT4cMAvilgdlw3mie7B8uSc2OTMTYZrnSlsIkx1VAr0NkQfgFCcsfi7M1P2L1w6MIhGD VpwXlWSv6cbdBZ2KomCuNWhuhXb9bczKEZC3q1CJV0c/iOUx5/+ku3nrwUKfdGwklotGxy SeHHrRjdvVRy38rWHfPN7HPtqkOLHC7utdENFQfIRZrVhdMvRDY+Eyffjc+RSvHwkD6abJ /YbLGettz1oOHpMfflYPZBswmhuCGT8OnWAxtA2AEPk2aH7cD1qXucFlIUgYjrK3IgFtQu pw3Tngzs0jtQraF/IkwRIJgg0js6VEgmqvUgT2CpD1Q+CscQ2C1QtyIpoyn8EQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M8qh1544dzNpf; Sat, 20 Aug 2022 07:17:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 27K7HL3P020932; Sat, 20 Aug 2022 07:17:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 27K7HLMX020931; Sat, 20 Aug 2022 07:17:21 GMT (envelope-from git) Date: Sat, 20 Aug 2022 07:17:21 GMT Message-Id: <202208200717.27K7HLMX020931@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 3c87f145d4e8 - stable/13 - pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3c87f145d4e82c26b8dd73274831f9ce6a9c7a16 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660979841; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3GdC9oYjnYvT0vQ7+cPqLpTEhPb5OFlUcH0TLHK4VnA=; b=RGndvcyrgVbUZeEZmPmKwp3+4RDsNXPL1RJfW54vxQE0pTG2ImPOqWWxMutmxKsGJ/3myf b85kWjMcmacFEer6DIhhG7Svktbro69JEfD7PShOdZ+X0BBhQJAs/IJ7XyP4RFWagOkeFU Uy/ukEWZsIbZRuiHnkvx8xRBieu0C5H1vPrVU0O3SwV517xoIdxTR9Q+NI2kHwJn8lnJY5 56UHqLyDjIoKR26jnrfRjkOhZF1I7iE6al9o/63pqLuE8Sk/xZcRHqsAsLoPUNsjQ7J6eQ YtRYbNZGLwab1I0AsuASqA1RDdUPJ0jAx66P0JL4YMKryr0k89sUbfx4qvJj+w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660979841; a=rsa-sha256; cv=none; b=b127JUgP+yQreo8sWRKgy03byiZtkMUhVPHBox6BwB17n2VvMBsNBirfi5o451OcwWY03F o+hFmJZ1Wd7xO8CtpNKRx9SdMuJa5R1QjkUzdLFtDMdZ9qlATDz3G7YyN4RUz/G9/VYK9a b3Km/sM8DZHHAwuFbvwNdCRK+GCmttRGQxe9OkYRvXvXwskvuWV2/ZaZqKZlDQMnj3aRQL k2HmzkBdko8ltT3Iys7IIRK6RpcXj+dg5/S0bGUMVe84yfkUR0QnRBQyH7perWpZxv+s1I oSYE1/65fqWY7LodIme16eO5ID7874lOavhd5gPGqZ4IelPNFXhD1bt/t05Xgw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=3c87f145d4e82c26b8dd73274831f9ce6a9c7a16 commit 3c87f145d4e82c26b8dd73274831f9ce6a9c7a16 Author: Franco Fichtner AuthorDate: 2022-08-06 08:59:56 +0000 Commit: Kristof Provost CommitDate: 2022-08-20 07:14:27 +0000 pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash pass inet proto icmp icmp-type {unreach} pass route-to (if0 127.0.0.1/8) sticky-address inet The wrong struct was being tested. The parser tries to prevent "sticky-address sticky-address" syntax but was actually cross-rule enforcing that ICMP filter cannot be before the use of "sticky-address" in next rule. MFC after: 2 weeks Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D36050 (cherry picked from commit 1e73fbd8b28946cb1341b51292082864943f0a89) --- sbin/pfctl/parse.y | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index eafc637951fc..e08996a54250 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4083,7 +4083,7 @@ pool_opt : BITMASK { pool_opts.staticport = 1; } | STICKYADDRESS { - if (filter_opts.marker & POM_STICKYADDRESS) { + if (pool_opts.marker & POM_STICKYADDRESS) { yyerror("sticky-address cannot be redefined"); YYERROR; }