[Bug 207178] problem with pf ($interface) expansion on freebsd 10.1 with > 64 ip adresses on interface

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207178

            Bug ID: 207178
           Summary: problem with pf ($interface) expansion on freebsd 10.1
                    with > 64 ip adresses on interface
           Product: Base System
           Version: 10.1-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: thomas at gibfest.dk
                CC: freebsd-amd64 at FreeBSD.org
                CC: freebsd-amd64 at FreeBSD.org

I have this rule in my pf.conf:

  pass in quick on $if proto tcp from { <allowssh> } to ($if) port 22

The rule permits SSH to all adresses on $if of course. The problem is
that the enumeration of IPs on the interface that happens at boottime
fails when the number of IP adresses exceed 64 IPs. If I reboot with 65
IPs on the interface the rule matches nothing and I get the following
error in dmesg:

pfi_table_update: cannot set 65 new addresses into table igb1: 22

This is on FreeBSD 10.1-STABLE FreeBSD 10.1-STABLE #0 r284163

If I add or remove an IP to the interface manually after the boot
finishes the enumeration works fine, and all IPs on the interface are
permitted SSH. The problem occurs only at boottime - when (I assume) pf
tries to add all the IPs at once.

I reported this on freebsd-pf@ but never got a response:
http://lists.freebsd.org/pipermail/freebsd-pf/2015-June/007764.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.