The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=2f968abce5439d5a71b6b685416b219f0450fd5b
commit 2f968abce5439d5a71b6b685416b219f0450fd5b Author: Mateusz Guzik <[email protected]> AuthorDate: 2022-03-21 16:34:42 +0000 Commit: Mateusz Guzik <[email protected]> CommitDate: 2022-03-28 11:44:39 +0000 pf: include anchor path when hashing a rule Otherwise all anchors hash to the same value. Note this can result in checksum mismatches between pfsynced hosts, but it has to be sorted out as the previously computed checksum would fail to indicate changed anchors. Reviewed by: kp Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 68307c9e7bb3..45f14fc92f7b 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1260,6 +1260,8 @@ pf_hash_rule(MD5_CTX *ctx, struct pf_krule *rule) PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); PF_MD5_UPD(rule, tos); + if (rule->anchor != NULL) + PF_MD5_UPD_STR(rule, anchor->path); } static bool
