misc/103304: pf accepts nonexistent queue in rules

[Volker Werth]

>Number:         103304
>Category:       misc
>Synopsis:       pf accepts nonexistent queue in rules
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 15 16:00:32 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Volker Werth
>Release:        6.2-PRERELEASE
>Organization:
>Environment:
FreeBSD bellona.sz.vwsoft.com 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #9: Wed Sep 13 22:08:28 CEST 2006     root at bellona.sz.vwsoft.com:/usr/obj/usr/src/sys/BELLONA  i386
>Description:
pf silently accepts rules which shall be queued to a non-existent queue.

Example:

if_int="vr0"
if_ext="ng0"

altq on $if_ext cbq bandwidth 64Kb queue { q_low}
queue q_low cbq( borrow rio default )

pass quick on $if_int all
pass quick on $if_ext proto icmp all queue ( nonexistent )
pass quick on $if_ext all queue ( q_low )

which creates _one_ queue but queues to two different (one non-exist) queues.

pfctl -gf [file] does not claim about the missing queue which might lead the administrator into unwanted results (haven't checked if it might lead pf into a failure situation).

pfctl -sa gives:

FILTER RULES:
pass quick on vr0 all
pass quick on ng0 proto icmp all queue nonexistent
pass quick on ng0 all queue q_low

ALTQ:
queue root_ng0 bandwidth 64Kb priority 0 cbq( wrr root ) {q_low}
queue  q_low bandwidth 64Kb cbq( rio borrow default )

This is just an example rule. IF names and proto's used do not matter here.
>How-To-Repeat:

>Fix:
pf should at least claim about the nonexistent queue and deny loading.
>Release-Note:
>Audit-Trail:
>Unformatted: