1 files changed, 83 insertions, 8 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 1fff0667aa1a..5617207d28f9 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1269,6 +1269,12 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr)
 			PF_MD5_UPD(pfr, addr.v.a.addr.addr32);
 			PF_MD5_UPD(pfr, addr.v.a.mask.addr32);
 			break;
+		case PF_ADDR_NOROUTE:
+		case PF_ADDR_URPFFAILED:
+			/* These do not use any address data. */
+			break;
+		default:
+			panic("Unknown address type %d", pfr->addr.type);
 	}
 
 	PF_MD5_UPD(pfr, port[0]);
@@ -1278,6 +1284,28 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr)
 }
 
 static void
+pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool)
+{
+	uint16_t x;
+	int y;
+
+	if (pool->cur) {
+		PF_MD5_UPD(pool, cur->addr);
+		PF_MD5_UPD_STR(pool, cur->ifname);
+	}
+	PF_MD5_UPD(pool, key);
+	PF_MD5_UPD(pool, counter);
+
+	PF_MD5_UPD(pool, mape.offset);
+	PF_MD5_UPD(pool, mape.psidlen);
+	PF_MD5_UPD_HTONS(pool, mape.psid, x);
+	PF_MD5_UPD_HTONL(pool, tblidx, y);
+	PF_MD5_UPD_HTONS(pool, proxy_port[0], x);
+	PF_MD5_UPD_HTONS(pool, proxy_port[1], x);
+	PF_MD5_UPD(pool, opts);
+}
+
+static void
 pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule)
 {
 	u_int16_t x;
@@ -1287,37 +1315,84 @@ pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule)
 	pf_hash_rule_addr(ctx, &rule->dst);
 	for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++)
 		PF_MD5_UPD_STR(rule, label[i]);
+	PF_MD5_UPD_HTONL(rule, ridentifier, y);
 	PF_MD5_UPD_STR(rule, ifname);
+	PF_MD5_UPD_STR(rule, qname);
+	PF_MD5_UPD_STR(rule, pqname);
+	PF_MD5_UPD_STR(rule, tagname);
 	PF_MD5_UPD_STR(rule, match_tagname);
-	PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
+
+	PF_MD5_UPD_STR(rule, overload_tblname);
+
+	pf_hash_pool(ctx, &rule->rpool);
+
 	PF_MD5_UPD_HTONL(rule, os_fingerprint, y);
+
+	PF_MD5_UPD_HTONL(rule, rtableid, y);
+	for (int i = 0; i < PFTM_MAX; i++)
+		PF_MD5_UPD_HTONL(rule, timeout[i], y);
+	PF_MD5_UPD_HTONL(rule, max_states, y);
+	PF_MD5_UPD_HTONL(rule, max_src_nodes, y);
+	PF_MD5_UPD_HTONL(rule, max_src_states, y);
+	PF_MD5_UPD_HTONL(rule, max_src_conn, y);
+	PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y);
+	PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y);
+	PF_MD5_UPD_HTONS(rule, qid, x);
+	PF_MD5_UPD_HTONS(rule, pqid, x);
+	PF_MD5_UPD_HTONS(rule, dnpipe, x);
+	PF_MD5_UPD_HTONS(rule, dnrpipe, x);
+	PF_MD5_UPD_HTONL(rule, free_flags, y);
 	PF_MD5_UPD_HTONL(rule, prob, y);
+
+	PF_MD5_UPD_HTONS(rule, return_icmp, x);
+	PF_MD5_UPD_HTONS(rule, return_icmp6, x);
+	PF_MD5_UPD_HTONS(rule, max_mss, x);
+	PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */
+	PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
+	PF_MD5_UPD_HTONS(rule, scrub_flags, x);
+
+	PF_MD5_UPD(rule, uid.op);
 	PF_MD5_UPD_HTONL(rule, uid.uid[0], y);
 	PF_MD5_UPD_HTONL(rule, uid.uid[1], y);
-	PF_MD5_UPD(rule, uid.op);
+	PF_MD5_UPD(rule, gid.op);
 	PF_MD5_UPD_HTONL(rule, gid.gid[0], y);
 	PF_MD5_UPD_HTONL(rule, gid.gid[1], y);
-	PF_MD5_UPD(rule, gid.op);
+
 	PF_MD5_UPD_HTONL(rule, rule_flag, y);
+	PF_MD5_UPD_HTONL(rule, rule_ref, y);
 	PF_MD5_UPD(rule, action);
 	PF_MD5_UPD(rule, direction);
-	PF_MD5_UPD(rule, af);
+	PF_MD5_UPD(rule, log);
+	PF_MD5_UPD(rule, logif);
 	PF_MD5_UPD(rule, quick);
 	PF_MD5_UPD(rule, ifnot);
 	PF_MD5_UPD(rule, match_tag_not);
 	PF_MD5_UPD(rule, natpass);
+
 	PF_MD5_UPD(rule, keep_state);
+	PF_MD5_UPD(rule, af);
 	PF_MD5_UPD(rule, proto);
-	PF_MD5_UPD(rule, type);
-	PF_MD5_UPD(rule, code);
+	PF_MD5_UPD_HTONS(rule, type, x);
+	PF_MD5_UPD_HTONS(rule, code, x);
 	PF_MD5_UPD(rule, flags);
 	PF_MD5_UPD(rule, flagset);
+	PF_MD5_UPD(rule, min_ttl);
 	PF_MD5_UPD(rule, allow_opts);
 	PF_MD5_UPD(rule, rt);
+	PF_MD5_UPD(rule, return_ttl);
 	PF_MD5_UPD(rule, tos);
-	PF_MD5_UPD(rule, scrub_flags);
-	PF_MD5_UPD(rule, min_ttl);
 	PF_MD5_UPD(rule, set_tos);
+	PF_MD5_UPD(rule, anchor_relative);
+	PF_MD5_UPD(rule, anchor_wildcard);
+
+	PF_MD5_UPD(rule, flush);
+	PF_MD5_UPD(rule, prio);
+	PF_MD5_UPD(rule, set_prio[0]);
+	PF_MD5_UPD(rule, set_prio[1]);
+
+	PF_MD5_UPD(rule, divert.addr);
+	PF_MD5_UPD_HTONS(rule, divert.port, x);
+
 	if (rule->anchor != NULL)
 		PF_MD5_UPD_STR(rule, anchor->path);
 }