Date: Mon, 13 Aug 2018 07:58:36 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 230588] [pf] Incorrect the rule expansion Message-ID: <bug-230588-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230588 Bug ID: 230588 Summary: [pf] Incorrect the rule expansion Product: Base System Version: 11.2-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: felix_mail@mail.ru Hi, I have the problem: if I add the rule to "skip" interface by its group, then not all interfaces are correctly handled. ifconfig tap create ifconfig tap create pfctl -f /etc/pf.conf && pfctl -vsI "skip on lo" lo (skip) lo0 tap tap0 tap1 "skip on tap" lo lo0 tap (skip) tap0 (skip) tap1 (skip) "skip on {lo, tap}" lo (skip) lo0 (skip) tap (skip) tap0 tap1 "skip on {lo, tap}" lo (skip) lo0 tap (skip) tap0 (skip) tap1 (skip) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D If I have multi tag interface (ex. bhyve vm) second tag not parsed: ifconfig tap0 group vm-port ifconfig tap1 group vm-port ifconfig tap1 .... status: active groups: tap vm-port .... "set skip on {lo, vm-port}" lo (skip) lo0 (skip) tap tap0 tap1 vm-port (skip) Bhyve vm tools add an additional tag for VM interfaces. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D This is the result If one of the interfaces has an ipv6 address ifconfig tap0 destroy && ifconfig tap1 destroy ifconfig tap create && ifconfig tap create "set skip on {lo, tap}" lo (skip) lo0 (skip) tap (skip) tap0 (skip) tap1 (skip) ifconfig tap1 inet6 fe80::1:1:1:1%tap1 "set skip on {lo, tap}" lo (skip) lo0 tap (skip) tap0 tap1 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D And I couldn't reproduse the case where the parser skipped all interfaces except one with a ipv6 address. tap (skip) tap0 (skip) .... tapN (skip) tapNN <--- ???=20 ifconfig tapN hwaddr ... nd5 options=3D29 ... media: Ethernet autoselect ifconfig tapNN hwaddr ... inet6 fe80.... nd5 options=3D29 ... media: Ethernet autoselect Thanks. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230588-227>