From owner-freebsd-bugs@freebsd.org Sun Feb 14 09:09:10 2016 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7DAB7AA6DED for ; Sun, 14 Feb 2016 09:09:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 54007180C for ; Sun, 14 Feb 2016 09:09:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u1E99Are086430 for ; Sun, 14 Feb 2016 09:09:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 207178] problem with pf ($interface) expansion on freebsd 10.1 with > 64 ip adresses on interface Date: Sun, 14 Feb 2016 09:09:10 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: thomas@gibfest.dk X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Feb 2016 09:09:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207178 Bug ID: 207178 Summary: problem with pf ($interface) expansion on freebsd 10.1 with > 64 ip adresses on interface Product: Base System Version: 10.1-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: thomas@gibfest.dk CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org I have this rule in my pf.conf: pass in quick on $if proto tcp from { } to ($if) port 22 The rule permits SSH to all adresses on $if of course. The problem is that the enumeration of IPs on the interface that happens at boottime fails when the number of IP adresses exceed 64 IPs. If I reboot with 65 IPs on the interface the rule matches nothing and I get the following error in dmesg: pfi_table_update: cannot set 65 new addresses into table igb1: 22 This is on FreeBSD 10.1-STABLE FreeBSD 10.1-STABLE #0 r284163 If I add or remove an IP to the interface manually after the boot finishes the enumeration works fine, and all IPs on the interface are permitted SSH. The problem occurs only at boottime - when (I assume) pf tries to add all the IPs at once. I reported this on freebsd-pf@ but never got a response: http://lists.freebsd.org/pipermail/freebsd-pf/2015-June/007764.html --=20 You are receiving this mail because: You are the assignee for the bug.=