The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7ed8e4be23664cb8b112a405114c9e4958d78fca
commit 7ed8e4be23664cb8b112a405114c9e4958d78fca
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-02-06 18:26:11 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-02-12 19:38:39 +0000
pf: rudimentary counter fix for tables used in match rules
Fixes an issue seen by reyk@
ok henning@ reyk@
Obtained from: OpenBSD, blambert <blamb...@openbsd.org>, 96fa270faa
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 6fdc0996324b..5c99cde4a9f4 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -10033,6 +10033,21 @@ pf_counters_inc(int action, struct pf_pdesc *pd,
SLIST_FOREACH(ri, &s->match_rules, entry) {
pf_counter_u64_add_protected(&ri->r->packets[dirndx], 1);
pf_counter_u64_add_protected(&ri->r->bytes[dirndx], pd->tot_len);
+
+ if (ri->r->src.addr.type == PF_ADDR_TABLE)
+ pfr_update_stats(ri->r->src.addr.p.tbl,
+ (s == NULL) ? pd->src :
+ &s->key[(s->direction == PF_IN)]->
+ addr[(s->direction == PF_OUT)],
+ pd->af, pd->tot_len, dir == PF_OUT,
+ r->action == PF_PASS,
ri->r->src.neg);
+ if (ri->r->dst.addr.type == PF_ADDR_TABLE)
+ pfr_update_stats(ri->r->dst.addr.p.tbl,
+ (s == NULL) ? pd->dst :
+ &s->key[(s->direction == PF_IN)]->
+ addr[(s->direction == PF_IN)],
+ pd->af, pd->tot_len, dir == PF_OUT,
+ r->action == PF_PASS,
ri->r->dst.neg);
}
}
