Differential D56745

pf: do not reject rules with colliding hashes
Needs ReviewPublic
Actions

Authored by kp on Thu, Apr 30, 11:44 AM.

Tags

None

Referenced Files

None

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

Group Reviewers

pfsense
network

Summary

We insert rules in pf_krule_global solely for the benefit of the
'keepcounters' feature. Failing to insert (beause the rule hash
collides, or an identical rule already exists) would be worse than
restoring counts to the wrong rule (or failing to restore them at all).

PR: 282863, 294860, 294859, 294858
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 72667
Build 69550: arc lint + arc unit

Event Timeline

kp created this revision.Thu, Apr 30, 11:44 AM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptThu, Apr 30, 11:44 AM

kp requested review of this revision.Thu, Apr 30, 11:44 AM

Harbormaster completed remote builds in B72667: Diff 176896.Thu, Apr 30, 11:44 AM

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

24 lines

tests/

sys/

netpfil/

pf/

36 lines

Diff 176896

sys/netpfil/pf/pf_ioctl.c

Loading...

tests/sys/netpfil/pf/match.sh

Loading...