diff options
| author | Mateusz Guzik <mjg@FreeBSD.org> | 2022-03-21 16:34:42 +0000 |
|---|---|---|
| committer | Mateusz Guzik <mjg@FreeBSD.org> | 2022-03-28 11:44:39 +0000 |
| commit | 2f968abce5439d5a71b6b685416b219f0450fd5b (patch) | |
| tree | 4ed1f78b20465c9a10806dc0c88c9b4c5443e176 | |
| parent | 1b8b69508bc55a797ba344f95f05978408629e25 (diff) | |
| download | src-2f968abce5439d5a71b6b685416b219f0450fd5b.tar.gz src-2f968abce5439d5a71b6b685416b219f0450fd5b.zip | |
pf: include anchor path when hashing a rule
Otherwise all anchors hash to the same value.
Note this can result in checksum mismatches between pfsynced hosts,
but it has to be sorted out as the previously computed checksum
would fail to indicate changed anchors.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 68307c9e7bb3..45f14fc92f7b 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1260,6 +1260,8 @@ pf_hash_rule(MD5_CTX *ctx, struct pf_krule *rule) PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); PF_MD5_UPD(rule, tos); + if (rule->anchor != NULL) + PF_MD5_UPD_STR(rule, anchor->path); } static bool |