Bug 279225 - pfctl(8) displays the name of the anchors incompletely
Summary: pfctl(8) displays the name of the anchors incompletely
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 15.0-CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Kristof Provost
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-22 17:28 UTC by Jesús Daniel Colmenares Oviedo
Modified: 2024-05-28 20:32 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jesús Daniel Colmenares Oviedo 2024-05-22 17:28:01 UTC
Description:

When pfctl(8) is used to display anchors or to display NAT rules, the name of the anchors is displayed incompletely compared to 14.0-RELEASE. This results in programs failing when they depends on the output of pfctl(8) [1].

[1] https://github.com/DtxdF/AppJail/issues/10

Steps to reproduce this issue:

15.0-CURRENT:

```
# freebsd-version
15.0-CURRENT
# pfctl -sn
nat-anchor "appjail" all
nat-anchor "appjail" all
rdr-anchor "appjail" all
# pfctl -sA
  appjail-nat
  appjail-rdr
```

14.0-RELEASE:

```
# freebsd-version
14.0-RELEASE-p6
# pfctl -sn
nat-anchor "appjail-nat/jail/*" all
nat-anchor "appjail-nat/network/*" all
rdr-anchor "appjail-rdr/*" all
# pfctl -sA
  appjail-nat
  appjail-rdr
```

Tested on:

* 14.0-RELEASE-p6
* 15.0-CURRENT

Notes:

* I have used `FreeBSD-15.0-CURRENT-amd64-20240516-d7adf3b47a05-270169-bootonly.iso` install FreeBSD on bhyve using vm-bhyve.
Comment 1 Kristof Provost freebsd_committer freebsd_triage 2024-05-24 16:18:34 UTC
I see what's broken here and have a fix pending.

I suspect I need to fix another bug too (basically, cfa1a13087096fe93d7a2976015ccda243476a64 needs to be done for nat rules too) so I can write a decent test case, so it may be a few more days.
Comment 2 commit-hook freebsd_committer freebsd_triage 2024-05-28 20:32:23 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=8b28ec3861d5b3e9fd8a60dbfda13059a5301281

commit 8b28ec3861d5b3e9fd8a60dbfda13059a5301281
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-05-24 12:50:53 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-05-28 20:29:38 +0000

    pf tests: test longer anchor names

    PR:             279225
    MFC after:      3 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 tests/sys/netpfil/pf/anchor.sh | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-05-28 20:32:24 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=6ee3e376823fc16b04ab45663661f27246e7b004

commit 6ee3e376823fc16b04ab45663661f27246e7b004
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-05-24 11:20:12 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-05-28 20:27:22 +0000

    pf: fix incorrect anchor_call to userspace

    777a4702c changed how we copy out the anchor_call string, and
    incorrectly limited it to 8 (4 on 32-bit systems) bytes. Fix that so we
    get the full anchor path, rather than just the first few characters.

    PR:             279225
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 sys/net/pfvar.h             |  2 +-
 sys/netpfil/pf/pf_nl.c      |  2 +-
 sys/netpfil/pf/pf_ruleset.c | 14 +++++++-------
 3 files changed, 9 insertions(+), 9 deletions(-)