The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=d90854a60a919fc574d1786486f85394f53ce2dd
commit d90854a60a919fc574d1786486f85394f53ce2dd
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-01-09 13:31:22 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-01-14 08:54:20 +0000
pf: reset index if it's outside the table
when table content changes we need to reset index
to the initial value and do not use the counter;
reported by Sebastian Benoit and Daniel Krambrock,
tested by Sebastian Benoit, ok henning zinke
Obtained from: OpenBSD, mikeb <mi...@openbsd.org>, dba347c9d1
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf_table.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c
index 35c9bd4ab655..03efa0b738da 100644
--- a/sys/netpfil/pf/pf_table.c
+++ b/sys/netpfil/pf/pf_table.c
@@ -2269,10 +2269,10 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct
pf_addr *counter,
return (-1);
idx = *pidx;
- if (idx >= 0)
- use_counter = 1;
- if (idx < 0)
+ if (idx < 0 || idx >= kt->pfrkt_cnt)
idx = 0;
+ else if (counter != NULL)
+ use_counter = 1;
startidx = idx;
_next_block:
