pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash
ClosedPublic
Actions

Authored by • franco_opnsense.org on Aug 5 2022, 11:41 AM.

Details

Reviewers

Commits

rG3c87f145d4e8: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash
rGc9554c4df514: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash
rG1e73fbd8b289: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash

Summary

pass inet proto icmp icmp-type {unreach}
pass route-to (if0 127.0.0.1/8) sticky-address inet

The wrong struct was being tested. The parser tries to prevent
"sticky-address sticky-address" syntax but was actually cross-
rule enforcing that ICMP filter cannot be before the use of
"sticky-address" in next rule.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

• franco_opnsense.org created this revision.Aug 5 2022, 11:41 AM

Herald added a subscriber: imp. · View Herald TranscriptAug 5 2022, 11:41 AM

• franco_opnsense.org requested review of this revision.Aug 5 2022, 11:41 AM

Harbormaster completed remote builds in B46759: Diff 108907.Aug 5 2022, 11:41 AM

This revision was not accepted when it landed; it landed in state Needs Review.Aug 6 2022, 2:43 PM

Closed by commit rG1e73fbd8b289: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash (authored by • franco_opnsense.org, committed by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rG1e73fbd8b289: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash.

kp added a commit: rGc9554c4df514: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash.Aug 20 2022, 7:17 AM

kp added a commit: rG3c87f145d4e8: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash.

Revision Contents
Changeset List

Path

Size

sbin/

pfctl/

parse.y

2 lines

Diff 108926

View Options

pfctl: fix FOM_ICMP/POM_STICKYADDRESS clashClosedPublicActions