From owner-freebsd-stable@freebsd.org  Tue Apr 27 09:07:04 2021
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 39F5B626AC4
 for <freebsd-stable@mailman.nyi.freebsd.org>;
 Tue, 27 Apr 2021 09:07:04 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 4FTwr818J7z3j48
 for <freebsd-stable@freebsd.org>; Tue, 27 Apr 2021 09:07:04 +0000 (UTC)
 (envelope-from kp@FreeBSD.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 25A3E626D15; Tue, 27 Apr 2021 09:07:04 +0000 (UTC)
Delivered-To: stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 256DA626C3E
 for <stable@mailman.nyi.freebsd.org>; Tue, 27 Apr 2021 09:07:04 +0000 (UTC)
 (envelope-from kp@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FTwr80dnDz3j8W;
 Tue, 27 Apr 2021 09:07:04 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: from venus.codepro.be (venus.codepro.be [5.9.86.228])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx1.codepro.be", Issuer "R3" (verified OK))
 (Authenticated sender: kp)
 by smtp.freebsd.org (Postfix) with ESMTPSA id E20C129B3E;
 Tue, 27 Apr 2021 09:07:03 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: by venus.codepro.be (Postfix, authenticated sender kp) id 80E0247254;
 Tue, 27 Apr 2021 11:07:02 +0200 (CEST)
From: "Kristof Provost" <kp@FreeBSD.org>
To: "Peter =?utf-8?q?Ankerst=C3=A5l?=" <peter@pean.org>
Cc: "stable@freebsd.org" <stable@FreeBSD.org>
Subject: Re: using interface groups in pf tables stopped working in
 13.0-RELEASE
Date: Tue, 27 Apr 2021 11:07:01 +0200
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <75C439F6-E778-47AE-8BD9-20FEDE129EB7@FreeBSD.org>
In-Reply-To: <E2EBBE3E-7F2E-4E4A-AAB0-E59B19A350E3@FreeBSD.org>
References: <431C3D85-C754-4E1C-94E0-333DE254F0AC@pean.org>
 <E2EBBE3E-7F2E-4E4A-AAB0-E59B19A350E3@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 09:07:04 -0000

On 16 Apr 2021, at 17:58, Kristof Provost wrote:
> On 14 Apr 2021, at 16:16, Peter Ankerstål wrote:
>> In pf I use the interface group syntax alot to make the configuration 
>> more readable. All interfaces are assigned to a group representing 
>> its use/vlan name.
>>
>> For example:
>>
>> ifconfig_igb1_102="172.22.0.1/24 group iot description 'iot vlan' up"
>> ifconfig_igb1_102_ipv6="inet6 2001:470:de59:22::1/64"
>>
>> ifconfig_igb1_300="172.26.0.1/24 group mgmt description 'mgmt vlan’ 
>> up"
>> ifconfig_igb1_300_ipv6="inet6 2001:470:de59:26::1/64”
>>
>> in pf.conf I use these group names all over the place. But since I 
>> upgraded to 13.0-RELEASE it no longer works to define a table using 
>> the :network syntax and interface groups:
>>
>> table   <nat_addresses> const { trusted:network mgmt:network 
>> dmz:network guest:network edmz:network \
>>         admin:network iot:network client:network }
>>
>> If I reload the configuration I get the following:
>> # pfctl -f /etc/pf.conf
>> /etc/pf.conf:12: cannot create address buffer: Invalid argument
>> pfctl: Syntax error in config file: pf rules not loaded
>>
> I can reproduce that.
>
> It looks like there’s some confusion inside pfctl about the network 
> group. It ends up in pfctl_parser.c, append_addr_host(), and expects 
> an AF_INET or AF_INET6, but instead gets an AF_LINK.
>
> It’s probably related to 250994 or possibly 
> d2568b024da283bd2b88a633eecfc9abf240b3d8.
> Either way it’s pretty deep in a part of the pfctl code I don’t 
> much like. I’ll try to poke at it some more over the weekend.
>
It should be fixed as of d5b08e13dd6beb3436e181ff1f3e034cc8186584 in 
main. I’ll MFC that in about a week, and then it’ll turn up in 13.1 
in the fullness of time.

Best regards,
Kristof