pf label $nr macro expand reproducable bug
- Reply: Kristof Provost : "Re: pf label $nr macro expand reproducable bug"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 15 Sep 2021 07:43:54 UTC
Hi, I'm using FreeBSD stable/12. I've tested this situation on stable/12 both 0f97f2a1857a (Jul 26 2021) and ebb3327d09ce (Sep 14) build. label $nr macro is works as expected for most of rules. But with the example below $nr macro was expanded incorrectly. Outputs are below. If you need, I can open a PR. # ifconfig -g lo lo0 Experiment #1: The right output should be "ruleNo:2", but system expands as "ruleNo:257". # cat pf.conf pass quick on lo from lo:network to lo:network block quick all label "ruleNo:$nr" # pfctl -f pf.conf # pfctl -sr -vvv @0 pass quick on lo inet6 from ::1 to ::1 flags S/SA keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 17691 State Creations: 0 ] @1 pass quick on lo inet from 127.0.0.0/8 to 127.0.0.0/8 flags S/SA keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 17691 State Creations: 0 ] @2 block drop quick all label "ruleNo:257" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 17691 State Creations: 0 ] Experiment #2: The right output should be "ruleNo:2", but system expands as "ruleNo:17". # cat pf.conf pass quick on lo from lo:network block quick all label "ruleNo:$nr" # pfctl -f pf.conf # pfctl -sr -vvv @0 pass quick on lo inet6 from ::1 to any flags S/SA keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 8726 State Creations: 0 ] @1 pass quick on lo inet from 127.0.0.0/8 to any flags S/SA keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 8726 State Creations: 0 ] @2 block drop quick all label "ruleNo:17" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 8726 State Creations: 0 ] Regards Ozkan