Page MenuHomeFreeBSD
Differential D56745

pf: do not reject rules with colliding hashes
ClosedPublic
Actions

Authored by kp on Apr 30 2026, 11:44 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jun 4, 8:43 AM
Unknown Object (File)
Tue, May 26, 2:09 AM
Unknown Object (File)
Tue, May 26, 2:04 AM
Unknown Object (File)
Mon, May 25, 5:28 PM
Unknown Object (File)
Mon, May 25, 5:22 PM
Unknown Object (File)
Mon, May 25, 2:56 AM
Unknown Object (File)
May 18 2026, 1:19 AM
Unknown Object (File)
May 18 2026, 1:12 AM
View All 27 Files
Subscribers
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
mjg
Group Reviewers
pfsense
network
Commits
rG0cd655f71b46: pf: do not reject rules with colliding hashes
rGfab9bfc92751: pf: do not reject rules with colliding hashes
rGa0e4c65f1814: pf: do not reject rules with colliding hashes
Summary

We insert rules in pf_krule_global solely for the benefit of the
'keepcounters' feature. Failing to insert (beause the rule hash
collides, or an identical rule already exists) would be worse than
restoring counts to the wrong rule (or failing to restore them at all).

PR: 282863, 294860, 294859, 294858
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
24 lines
tests/
sys/
netpfil/
pf/
36 lines

Diff 177273

View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

tests/sys/netpfil/pf/match.sh

Loading...