Diffusion FreeBSD src repository 1e73fbd8b289

pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash
1e73fbd8b289
Actions

Description

pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash

pass inet proto icmp icmp-type {unreach}
pass route-to (if0 127.0.0.1/8) sticky-address inet

The wrong struct was being tested. The parser tries to prevent
"sticky-address sticky-address" syntax but was actually cross-rule
enforcing that ICMP filter cannot be before the use of "sticky-address"
in next rule.

MFC after: 2 weeks
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D36050

Details

Provenance

franco_opnsense.org	Authored on Aug 6 2022, 8:59 AM
kp	Committed on Aug 6 2022, 12:22 PM

Reviewer

Differential Revision

D36050: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash

Parents

rG93dd3adac7d8: fib_algo: set vnet when destroying algo instance

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG1e73fbd8b289: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash (authored by franco_opnsense.org).Aug 6 2022, 12:22 PM

kp added an edge: D36050: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash.Aug 6 2022, 2:43 PM

kp mentioned this in rG63167eb48c9f: pfctl tests: test case for the POM_STICKYADDRESS fix.Aug 8 2022, 12:47 PM

kp mentioned this in rGc9554c4df514: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash.Aug 20 2022, 7:17 AM

kp mentioned this in rG3c87f145d4e8: pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash.

kp mentioned this in rGc4c0c782f709: pfctl tests: test case for the POM_STICKYADDRESS fix.Aug 22 2022, 7:22 AM

Changes (1)

Path

Size

sbin/

pfctl/

parse.y

rG1e73fbd8b289

View Options