pf: include anchor path when hashing a rule

Otherwise all anchors hash to the same value. Note this can result in checksum mismatches between pfsynced hosts, but it has to be sorted out as the previously computed checksum would fail to indicate changed anchors. Reviewed by: kp Sponsored by: Rubicon Communications, LLC ("Netgate")
2022-03-21 16:34:42 +00:00 · 2022-03-21 16:34:42 +00:00 · 2f968abce5
commit 2f968abce5
parent 1b8b69508b
1 changed files with 2 additions and 0 deletions
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@ -1260,6 +1260,8 @@ pf_hash_rule(MD5_CTX *ctx, struct pf_krule *rule)
 	PF_MD5_UPD(rule, allow_opts);
 	PF_MD5_UPD(rule, rt);
 	PF_MD5_UPD(rule, tos);
+	if (rule->anchor != NULL)
+		PF_MD5_UPD_STR(rule, anchor->path);
 }

 static bool