236368 – pfctl 'source tracking nodes' printout broken after r343295

Bug 236368 - pfctl 'source tracking nodes' printout broken after r343295

Summary: pfctl 'source tracking nodes' printout broken after r343295

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Kristof Provost

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-03-07 17:43 UTC by Marko Turk
Modified:	2019-03-15 11:03 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marko Turk 2019-03-07 17:43:12 UTC

Hi,

it seems like r343295 broke "SOURCE TRACKING NODES" section in 'pfctl -vvs all' output.

Steps to reproduce:
- use pf.conf similar to this:
    set skip on lo0
    block drop all
    pass out keep state (max-src-conn 6)
- ping example.com
- check pfctl -vvs all output:
    SOURCE TRACKING NODES:
    ? -> ? ( states 3735929054, connections 3735929054, rate 3735929.0/3735929054s )
       age 1037758:04:14, 13644642147974742460 pkts, 13644642147974742460 bytes


If I revert r343295, the output is correct:
SOURCE TRACKING NODES:
10.0.2.15 -> 0.0.0.0 ( states 2, connections 0, rate 0.0/0s )
   age 00:00:02, 4 pkts, 296 bytes, filter rule 1

BR/Marko

Comment 1 Kristof Provost freebsd_committer

2019-03-07 18:15:03 UTC

I think I see what the problem is. Can you confirm this fixes your problem?

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index c6f9f8451be..bd988e81db2 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -3754,6 +3754,8 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
                        break;
                }

+               nr = 0;
+
                p = pstore = malloc(psn->psn_len, M_TEMP, M_WAITOK);
                for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask;
                    i++, sh++) {

Comment 2 commit-hook freebsd_committer

2019-03-08 09:34:04 UTC

A commit references this bug:

Author: kp
Date: Fri Mar  8 09:33:16 UTC 2019
New revision: 344921
URL: https://svnweb.freebsd.org/changeset/base/344921

Log:
  pf: Fix DIOCGETSRCNODES

  r343295 broke DIOCGETSRCNODES by failing to reset 'nr' after counting the
  number of source tracking nodes.
  This meant that we never copied the information to userspace, leading to '? ->
  ?' output from pfctl.

  PR:		236368
  MFC after:	1 week

Changes:
  head/sys/netpfil/pf/pf_ioctl.c

Comment 3 Marko Turk 2019-03-08 17:27:33 UTC

(In reply to Kristof Provost from comment #1)
Yes, this fixes the issue.

Thanks.

BR/Marko

Comment 4 commit-hook freebsd_committer

2019-03-15 11:02:51 UTC

A commit references this bug:

Author: kp
Date: Fri Mar 15 11:01:50 UTC 2019
New revision: 345175
URL: https://svnweb.freebsd.org/changeset/base/345175

Log:
  MFC r344921:

  pf: Fix DIOCGETSRCNODES

  r343295 broke DIOCGETSRCNODES by failing to reset 'nr' after counting the
  number of source tracking nodes.
  This meant that we never copied the information to userspace, leading to '? ->
  ?' output from pfctl.

  PR:		236368

Changes:
_U  stable/12/
  stable/12/sys/netpfil/pf/pf_ioctl.c

Comment 5 commit-hook freebsd_committer

2019-03-15 11:02:54 UTC

A commit references this bug:

Author: kp
Date: Fri Mar 15 11:01:53 UTC 2019
New revision: 345176
URL: https://svnweb.freebsd.org/changeset/base/345176

Log:
  MFC r344921:

  pf: Fix DIOCGETSRCNODES

  r343295 broke DIOCGETSRCNODES by failing to reset 'nr' after counting the
  number of source tracking nodes.
  This meant that we never copied the information to userspace, leading to '? ->
  ?' output from pfctl.

  PR:		236368

Changes:
_U  stable/11/
  stable/11/sys/netpfil/pf/pf_ioctl.c