Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 16 Apr 2021 17:58:30 +0200
From:      "Kristof Provost" <kp@FreeBSD.org>
To:        "Peter =?utf-8?q?Ankerst=C3=A5l?=" <peter@pean.org>
Cc:        "stable@freebsd.org" <stable@FreeBSD.org>
Subject:   Re: using interface groups in pf tables stopped working in 13.0-RELEASE
Message-ID:  <E2EBBE3E-7F2E-4E4A-AAB0-E59B19A350E3@FreeBSD.org>
In-Reply-To: <431C3D85-C754-4E1C-94E0-333DE254F0AC@pean.org>
References:  <431C3D85-C754-4E1C-94E0-333DE254F0AC@pean.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 14 Apr 2021, at 16:16, Peter Ankerstål wrote:
> In pf I use the interface group syntax alot to make the configuration 
> more readable. All interfaces are assigned to a group representing its 
> use/vlan name.
>
> For example:
>
> ifconfig_igb1_102="172.22.0.1/24 group iot description 'iot vlan' up"
> ifconfig_igb1_102_ipv6="inet6 2001:470:de59:22::1/64"
>
> ifconfig_igb1_300="172.26.0.1/24 group mgmt description 'mgmt vlan’ 
> up"
> ifconfig_igb1_300_ipv6="inet6 2001:470:de59:26::1/64”
>
> in pf.conf I use these group names all over the place. But since I 
> upgraded to 13.0-RELEASE it no longer works to define a table using 
> the :network syntax and interface groups:
>
> table   <nat_addresses> const { trusted:network mgmt:network 
> dmz:network guest:network edmz:network \
>         admin:network iot:network client:network }
>
> If I reload the configuration I get the following:
> # pfctl -f /etc/pf.conf
> /etc/pf.conf:12: cannot create address buffer: Invalid argument
> pfctl: Syntax error in config file: pf rules not loaded
>
I can reproduce that.

It looks like there’s some confusion inside pfctl about the network 
group. It ends up in pfctl_parser.c, append_addr_host(), and expects an 
AF_INET or AF_INET6, but instead gets an AF_LINK.

It’s probably related to 250994 or possibly 
d2568b024da283bd2b88a633eecfc9abf240b3d8.
Either way it’s pretty deep in a part of the pfctl code I don’t much 
like. I’ll try to poke at it some more over the weekend.

Best regards,
Kristof

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E2EBBE3E-7F2E-4E4A-AAB0-E59B19A350E3>