git: 2f968abce543 - main - pf: include anchor path when hashing a rule
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 28 Mar 2022 11:47:29 UTC
The branch main has been updated by mjg:
URL: https://cgit.FreeBSD.org/src/commit/?id=2f968abce5439d5a71b6b685416b219f0450fd5b
commit 2f968abce5439d5a71b6b685416b219f0450fd5b
Author: Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2022-03-21 16:34:42 +0000
Commit: Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2022-03-28 11:44:39 +0000
pf: include anchor path when hashing a rule
Otherwise all anchors hash to the same value.
Note this can result in checksum mismatches between pfsynced hosts,
but it has to be sorted out as the previously computed checksum
would fail to indicate changed anchors.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf_ioctl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 68307c9e7bb3..45f14fc92f7b 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1260,6 +1260,8 @@ pf_hash_rule(MD5_CTX *ctx, struct pf_krule *rule)
PF_MD5_UPD(rule, allow_opts);
PF_MD5_UPD(rule, rt);
PF_MD5_UPD(rule, tos);
+ if (rule->anchor != NULL)
+ PF_MD5_UPD_STR(rule, anchor->path);
}
static bool