Bug 207178 - problem with pf ($interface) expansion on freebsd 10.1 with > 64 ip adresses on interface
Summary: problem with pf ($interface) expansion on freebsd 10.1 with > 64 ip adresses ...
Status: Closed Works As Intended
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.1-STABLE
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-14 09:09 UTC by Thomas Steen Rasmussen / Tykling
Modified: 2016-02-14 10:27 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Steen Rasmussen / Tykling 2016-02-14 09:09:10 UTC 
I have this rule in my pf.conf:

  pass in quick on $if proto tcp from { <allowssh> } to ($if) port 22

The rule permits SSH to all adresses on $if of course. The problem is
that the enumeration of IPs on the interface that happens at boottime
fails when the number of IP adresses exceed 64 IPs. If I reboot with 65
IPs on the interface the rule matches nothing and I get the following
error in dmesg:

pfi_table_update: cannot set 65 new addresses into table igb1: 22

This is on FreeBSD 10.1-STABLE FreeBSD 10.1-STABLE #0 r284163

If I add or remove an IP to the interface manually after the boot
finishes the enumeration works fine, and all IPs on the interface are
permitted SSH. The problem occurs only at boottime - when (I assume) pf
tries to add all the IPs at once.

I reported this on freebsd-pf@ but never got a response: http://lists.freebsd.org/pipermail/freebsd-pf/2015-June/007764.html
Comment 1 Thomas Steen Rasmussen / Tykling 2016-02-14 10:27:49 UTC 
I just tested this in a VM running r293215 and it seems to have been fixed in the meantime, apologies for the noise, closing this bug.