[Bug 230588] [pf] Incorrect the rule expansion

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Aug 13 07:58:38 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230588

            Bug ID: 230588
           Summary: [pf] Incorrect the rule expansion
           Product: Base System
           Version: 11.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: felix_mail at mail.ru

Hi, I have the problem: if I add the rule to "skip" interface by its group,
then not  all interfaces are correctly handled.

ifconfig tap create
ifconfig tap create

pfctl -f /etc/pf.conf && pfctl -vsI

"skip on lo"
lo (skip)
lo0
tap
tap0
tap1

"skip on tap"
lo
lo0
tap (skip)
tap0 (skip)
tap1 (skip)

"skip on {lo, tap}"
lo (skip)
lo0 (skip)
tap (skip)
tap0
tap1

"skip on {lo, tap}"
lo (skip)
lo0
tap (skip)
tap0 (skip)
tap1 (skip)

==========================

If I have multi tag interface (ex. bhyve vm) second tag not parsed:
ifconfig tap0 group vm-port
ifconfig tap1 group vm-port

ifconfig tap1
....
status: active
groups: tap vm-port
....

"set skip on {lo, vm-port}"
lo (skip)
lo0 (skip)
tap
tap0
tap1
vm-port (skip)

Bhyve vm tools add an additional tag for VM interfaces.

==========================

This is the result If one of the interfaces has an ipv6 address
ifconfig tap0 destroy && ifconfig tap1 destroy
ifconfig tap create && ifconfig tap create

"set skip on {lo, tap}"
lo (skip)
lo0 (skip)
tap (skip)
tap0 (skip)
tap1 (skip)

ifconfig tap1 inet6 fe80::1:1:1:1%tap1
"set skip on {lo, tap}"
lo (skip)
lo0
tap (skip)
tap0
tap1

==========================

And I couldn't reproduse the case where the parser skipped all interfaces
except one with a ipv6 address.
tap (skip)
tap0 (skip)
....
tapN (skip)
tapNN    <--- ??? 

ifconfig tapN
hwaddr ...
nd5 options=29 ...
media: Ethernet autoselect

ifconfig tapNN
hwaddr ...
inet6 fe80....
nd5 options=29 ...
media: Ethernet autoselect

Thanks.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list