Bug 279225 - pfctl(8) displays the name of the anchors incompletely
Summary: pfctl(8) displays the name of the anchors incompletely
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 15.0-CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Kristof Provost
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-22 17:28 UTC by Jesús Daniel Colmenares Oviedo
Modified: 2024-05-28 20:32 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jesús Daniel Colmenares Oviedo 2024-05-22 17:28:01 UTC 
Description:

When pfctl(8) is used to display anchors or to display NAT rules, the name of the anchors is displayed incompletely compared to 14.0-RELEASE. This results in programs failing when they depends on the output of pfctl(8) [1].

[1] https://github.com/DtxdF/AppJail/issues/10

Steps to reproduce this issue:

15.0-CURRENT:

```
# freebsd-version
15.0-CURRENT
# pfctl -sn
nat-anchor "appjail" all
nat-anchor "appjail" all
rdr-anchor "appjail" all
# pfctl -sA
  appjail-nat
  appjail-rdr
```

14.0-RELEASE:

```
# freebsd-version
14.0-RELEASE-p6
# pfctl -sn
nat-anchor "appjail-nat/jail/*" all
nat-anchor "appjail-nat/network/*" all
rdr-anchor "appjail-rdr/*" all
# pfctl -sA
  appjail-nat
  appjail-rdr
```

Tested on:

* 14.0-RELEASE-p6
* 15.0-CURRENT

Notes:

* I have used `FreeBSD-15.0-CURRENT-amd64-20240516-d7adf3b47a05-270169-bootonly.iso` install FreeBSD on bhyve using vm-bhyve.
Comment 1 Kristof Provost freebsd_committer freebsd_triage 2024-05-24 16:18:34 UTC 
I see what's broken here and have a fix pending.

I suspect I need to fix another bug too (basically, cfa1a13087096fe93d7a2976015ccda243476a64 needs to be done for nat rules too) so I can write a decent test case, so it may be a few more days.
Comment 2 commit-hook freebsd_committer freebsd_triage 2024-05-28 20:32:23 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=8b28ec3861d5b3e9fd8a60dbfda13059a5301281

commit 8b28ec3861d5b3e9fd8a60dbfda13059a5301281
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-05-24 12:50:53 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-05-28 20:29:38 +0000

    pf tests: test longer anchor names

    PR:             279225
    MFC after:      3 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 tests/sys/netpfil/pf/anchor.sh | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-05-28 20:32:24 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=6ee3e376823fc16b04ab45663661f27246e7b004

commit 6ee3e376823fc16b04ab45663661f27246e7b004
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-05-24 11:20:12 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-05-28 20:27:22 +0000

    pf: fix incorrect anchor_call to userspace

    777a4702c changed how we copy out the anchor_call string, and
    incorrectly limited it to 8 (4 on 32-bit systems) bytes. Fix that so we
    get the full anchor path, rather than just the first few characters.

    PR:             279225
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 sys/net/pfvar.h             |  2 +-
 sys/netpfil/pf/pf_nl.c      |  2 +-
 sys/netpfil/pf/pf_ruleset.c | 14 +++++++-------
 3 files changed, 9 insertions(+), 9 deletions(-)