CVSROOT: /cvs
Module name: src
Changes by: sas...@cvs.openbsd.org 2025/05/22 00:34:03
Modified files:
sbin/pfctl : pfctl.c
sys/net : pf_ioctl.c
Log message:
The current way to adjust pf(4) limits in pf.conf(5) is inconvenient.
For example when ruleset uses more than 512 anchors (the current default
limit) one would typically add 'set limit anchor 1024' to adjust
the limit so the 'pf.conf(5)' gets processed. Unfortunately it
does not work because limit gets changed with DIOCXCOMMIT which
is too late. The pf.conf(5) fails to load the anchors to transaction,
because the old lower limit is still in place. To fix it we must
set the limit as soon as we parse 'set limit ...' option.
The issue has been reported and fix tested by rafal _dot_ ramocki _von_ eo.pl
OK @bluhm
