From owner-freebsd-bugs@FreeBSD.ORG Fri Sep 15 16:00:34 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BEC016A412 for ; Fri, 15 Sep 2006 16:00:34 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 800C343D58 for ; Fri, 15 Sep 2006 16:00:33 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k8FG0XVI073904 for ; Fri, 15 Sep 2006 16:00:33 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k8FG0X6o073903; Fri, 15 Sep 2006 16:00:33 GMT (envelope-from gnats) Resent-Date: Fri, 15 Sep 2006 16:00:33 GMT Resent-Message-Id: <200609151600.k8FG0X6o073903@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Volker Werth Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD12E16A403 for ; Fri, 15 Sep 2006 15:51:46 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EE5443D49 for ; Fri, 15 Sep 2006 15:51:46 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k8FFpkcj081525 for ; Fri, 15 Sep 2006 15:51:46 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k8FFpkqW081524; Fri, 15 Sep 2006 15:51:46 GMT (envelope-from nobody) Message-Id: <200609151551.k8FFpkqW081524@www.freebsd.org> Date: Fri, 15 Sep 2006 15:51:46 GMT From: Volker Werth To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: misc/103304: pf accepts nonexistent queue in rules X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2006 16:00:34 -0000 >Number: 103304 >Category: misc >Synopsis: pf accepts nonexistent queue in rules >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 15 16:00:32 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Volker Werth >Release: 6.2-PRERELEASE >Organization: >Environment: FreeBSD bellona.sz.vwsoft.com 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #9: Wed Sep 13 22:08:28 CEST 2006 root@bellona.sz.vwsoft.com:/usr/obj/usr/src/sys/BELLONA i386 >Description: pf silently accepts rules which shall be queued to a non-existent queue. Example: if_int="vr0" if_ext="ng0" altq on $if_ext cbq bandwidth 64Kb queue { q_low} queue q_low cbq( borrow rio default ) pass quick on $if_int all pass quick on $if_ext proto icmp all queue ( nonexistent ) pass quick on $if_ext all queue ( q_low ) which creates _one_ queue but queues to two different (one non-exist) queues. pfctl -gf [file] does not claim about the missing queue which might lead the administrator into unwanted results (haven't checked if it might lead pf into a failure situation). pfctl -sa gives: FILTER RULES: pass quick on vr0 all pass quick on ng0 proto icmp all queue nonexistent pass quick on ng0 all queue q_low ALTQ: queue root_ng0 bandwidth 64Kb priority 0 cbq( wrr root ) {q_low} queue q_low bandwidth 64Kb cbq( rio borrow default ) This is just an example rule. IF names and proto's used do not matter here. >How-To-Repeat: >Fix: pf should at least claim about the nonexistent queue and deny loading. >Release-Note: >Audit-Trail: >Unformatted: