mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-10-18 02:19:39 +00:00
Code Issues Releases Activity

pfctl: fix FOM_ICMP/POM_STICKYADDRESS clash

Browse Source 
pass inet proto icmp icmp-type {unreach}
	pass route-to (if0 127.0.0.1/8) sticky-address inet

The wrong struct was being tested. The parser tries to prevent
"sticky-address sticky-address" syntax but was actually cross-rule
enforcing that ICMP filter cannot be before the use of "sticky-address"
in next rule.

MFC after:	2 weeks
Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D36050

(cherry picked from commit 1e73fbd8b2)
This commit is contained in:
Franco Fichtner 2022-08-06 10:59:56 +02:00 committed by Kristof Provost
parent baa6a68cbe
commit 3c87f145d4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sbin/pfctl/parse.y
View File

@ -4083,7 +4083,7 @@ pool_opt : BITMASK {
pool_opts.staticport = 1;
}
| STICKYADDRESS {
if (filter_opts.marker & POM_STICKYADDRESS) {
if (pool_opts.marker & POM_STICKYADDRESS) {
yyerror("sticky-address cannot be redefined");
YYERROR;
}