problem: "pfctl -vvs rule/nat" shows invalid number of records in IP tables, even if 0. IPv4 number of records in "from" tables always is "1076383888". IPv4 number of records in "to" tables alwass is "12". all this was tested on FreeBSD-13.0-STABLE-amd64-20211104-70cb6c34bb5 reproduce: execute "pfctl -Pvvs rule" or "pfctl -Pvvs nat" with rules having IP tables in from/to. assumption: some code change to sbin/pfctl between 2021/05 and 2021/09 causes this. pfctl binary works on: 13.0-STABLE-amd64-20210527-024a9aa7010-245691. pfctl binary buggy on: 13.0-STABLE-amd64-20210930-94ad8d7c7a3-247474. pfctl binary buggy om: 13.0-STABLE-amd64-20211104-70cb6c34bb5-247975. workaround: copy /sbin/pfctl binary from e.g. FreeBSD-13.0-STABLE-amd64-20210527-024a9aa7010-245691 (ELF 1300505). this copy works as expected and the pfctl table record counters are shown properly. side info: this was first observed with custom kernel, loader.conf and sysctl.conf being tuned. but when booting 20211104 with GENERIC and loader.conf/sysctl.conf wiped, it's the same issue. so i would believe, its neither related to the ruleset, the kernel or the base OS libraries. example output (table names and ports pseudonymized): @1518 pass in quick on foo inet proto tcp from <foo_table_from:1076383888> port = 6666 to <foo_table_to:12> port = 6666 flags S/SA modulate state tag TAGFOO [ Evaluations: 55 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 9903 State Creations: 0 ]
https://reviews.freebsd.org/D32892 https://reviews.freebsd.org/D32893
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=2de49deeca0b1377664dee2cd0a43ee7cf6b4bc4 commit 2de49deeca0b1377664dee2cd0a43ee7cf6b4bc4 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-08 12:28:43 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-11-10 10:27:22 +0000 pf tests: Test PR259689 We didn't populate dyncnt/tblcnt, so `pfctl -sr -vv` might not have the table element count. PR: 259689 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32893 lib/libpfctl/libpfctl.c | 2 +- tests/sys/netpfil/pf/table.sh | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=218a8a491c4980dcc941908f9505d37e7f052868 commit 218a8a491c4980dcc941908f9505d37e7f052868 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-08 12:25:20 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-11-10 10:27:22 +0000 pf: ensure we populate dyncnt/tblcnt in struct pf_addr_wrap PR: 259689 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32892 lib/libpfctl/libpfctl.c | 10 ++++++++-- sys/netpfil/pf/pf_nv.c | 21 +++++++++++++++++++-- 2 files changed, 27 insertions(+), 4 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=525205b5d2f12b85c84cf060b5e42d5472e31501 commit 525205b5d2f12b85c84cf060b5e42d5472e31501 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-08 12:25:20 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-12-01 15:53:19 +0000 pf: ensure we populate dyncnt/tblcnt in struct pf_addr_wrap PR: 259689 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32892 (cherry picked from commit 218a8a491c4980dcc941908f9505d37e7f052868) lib/libpfctl/libpfctl.c | 10 ++++++++-- sys/netpfil/pf/pf_nv.c | 21 +++++++++++++++++++-- 2 files changed, 27 insertions(+), 4 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=10199101997bdc352a74998dc7a39a24f5d722c4 commit 10199101997bdc352a74998dc7a39a24f5d722c4 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-08 12:28:43 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-12-01 15:53:20 +0000 pf tests: Test PR259689 We didn't populate dyncnt/tblcnt, so `pfctl -sr -vv` might not have the table element count. PR: 259689 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32893 (cherry picked from commit 2de49deeca0b1377664dee2cd0a43ee7cf6b4bc4) lib/libpfctl/libpfctl.c | 2 +- tests/sys/netpfil/pf/table.sh | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-)
A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=407930b9f9bbfc10164677ed0732e867a871a513 commit 407930b9f9bbfc10164677ed0732e867a871a513 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-08 12:28:43 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-12-01 12:43:25 +0000 pf tests: Test PR259689 We didn't populate dyncnt/tblcnt, so `pfctl -sr -vv` might not have the table element count. PR: 259689 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32893 (cherry picked from commit 2de49deeca0b1377664dee2cd0a43ee7cf6b4bc4) lib/libpfctl/libpfctl.c | 2 +- tests/sys/netpfil/pf/table.sh | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-)
A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=73ef1f7462e95f12747a6ff33c0cbb2bc4f848b7 commit 73ef1f7462e95f12747a6ff33c0cbb2bc4f848b7 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-08 12:25:20 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-12-01 12:43:25 +0000 pf: ensure we populate dyncnt/tblcnt in struct pf_addr_wrap PR: 259689 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32892 (cherry picked from commit 218a8a491c4980dcc941908f9505d37e7f052868) lib/libpfctl/libpfctl.c | 10 ++++++++-- sys/netpfil/pf/pf_nv.c | 21 +++++++++++++++++++-- 2 files changed, 27 insertions(+), 4 deletions(-)