Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Sep 2021 10:43:54 +0300
From:      =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com>
To:        freebsd-pf@freebsd.org
Subject:   pf label $nr macro expand reproducable bug
Message-ID:  <CAAcX-AFmFwyEK4uzK66LoBK2e6W0_-8ZkJju5jAfSYE7wmSjXA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hi,

I'm using FreeBSD stable/12.
I've tested this situation on stable/12 both 0f97f2a1857a (Jul 26
2021) and ebb3327d09ce (Sep 14) build.

label $nr macro is works as expected for most of rules. But with the
example below $nr macro was expanded incorrectly. Outputs are below.

If you need, I can open a PR.

# ifconfig -g lo
lo0

Experiment #1: The right output should be "ruleNo:2", but system
expands as "ruleNo:257".

# cat pf.conf
pass quick on lo from lo:network to lo:network
block quick all label "ruleNo:$nr"

# pfctl -f pf.conf
# pfctl -sr -vvv
@0 pass quick on lo inet6 from ::1 to ::1 flags S/SA keep state
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 17691 State Creations: 0     ]
@1 pass quick on lo inet from 127.0.0.0/8 to 127.0.0.0/8 flags S/SA keep state
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 17691 State Creations: 0     ]
@2 block drop quick all label "ruleNo:257"
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 17691 State Creations: 0     ]

Experiment #2: The right output should be "ruleNo:2", but system
expands as "ruleNo:17".

# cat pf.conf
pass quick on lo from lo:network
block quick all label "ruleNo:$nr"

# pfctl -f pf.conf
# pfctl -sr -vvv
@0 pass quick on lo inet6 from ::1 to any flags S/SA keep state
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 8726 State Creations: 0     ]
@1 pass quick on lo inet from 127.0.0.0/8 to any flags S/SA keep state
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 8726 State Creations: 0     ]
@2 block drop quick all label "ruleNo:17"
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 8726 State Creations: 0     ]

Regards
Ozkan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAcX-AFmFwyEK4uzK66LoBK2e6W0_-8ZkJju5jAfSYE7wmSjXA>