Description: When pfctl(8) is used to display anchors or to display NAT rules, the name of the anchors is displayed incompletely compared to 14.0-RELEASE. This results in programs failing when they depends on the output of pfctl(8) [1]. [1] https://github.com/DtxdF/AppJail/issues/10 Steps to reproduce this issue: 15.0-CURRENT: ``` # freebsd-version 15.0-CURRENT # pfctl -sn nat-anchor "appjail" all nat-anchor "appjail" all rdr-anchor "appjail" all # pfctl -sA appjail-nat appjail-rdr ``` 14.0-RELEASE: ``` # freebsd-version 14.0-RELEASE-p6 # pfctl -sn nat-anchor "appjail-nat/jail/*" all nat-anchor "appjail-nat/network/*" all rdr-anchor "appjail-rdr/*" all # pfctl -sA appjail-nat appjail-rdr ``` Tested on: * 14.0-RELEASE-p6 * 15.0-CURRENT Notes: * I have used `FreeBSD-15.0-CURRENT-amd64-20240516-d7adf3b47a05-270169-bootonly.iso` install FreeBSD on bhyve using vm-bhyve.
I see what's broken here and have a fix pending. I suspect I need to fix another bug too (basically, cfa1a13087096fe93d7a2976015ccda243476a64 needs to be done for nat rules too) so I can write a decent test case, so it may be a few more days.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=8b28ec3861d5b3e9fd8a60dbfda13059a5301281 commit 8b28ec3861d5b3e9fd8a60dbfda13059a5301281 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-05-24 12:50:53 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-05-28 20:29:38 +0000 pf tests: test longer anchor names PR: 279225 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") tests/sys/netpfil/pf/anchor.sh | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=6ee3e376823fc16b04ab45663661f27246e7b004 commit 6ee3e376823fc16b04ab45663661f27246e7b004 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-05-24 11:20:12 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-05-28 20:27:22 +0000 pf: fix incorrect anchor_call to userspace 777a4702c changed how we copy out the anchor_call string, and incorrectly limited it to 8 (4 on 32-bit systems) bytes. Fix that so we get the full anchor path, rather than just the first few characters. PR: 279225 Sponsored by: Rubicon Communications, LLC ("Netgate") sys/net/pfvar.h | 2 +- sys/netpfil/pf/pf_nl.c | 2 +- sys/netpfil/pf/pf_ruleset.c | 14 +++++++------- 3 files changed, 9 insertions(+), 9 deletions(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=f9308302844272aa1c470cbe73feb1d2a68785ac commit f9308302844272aa1c470cbe73feb1d2a68785ac Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-05-24 12:50:53 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-06-18 07:59:02 +0000 pf tests: test longer anchor names PR: 279225 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 8b28ec3861d5b3e9fd8a60dbfda13059a5301281) tests/sys/netpfil/pf/anchor.sh | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=9748482d343dfaca9cb92359d0af7b4d38aea3bd commit 9748482d343dfaca9cb92359d0af7b4d38aea3bd Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-05-24 12:50:53 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-06-18 14:43:43 +0000 pf tests: test longer anchor names PR: 279225 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 8b28ec3861d5b3e9fd8a60dbfda13059a5301281) tests/sys/netpfil/pf/anchor.sh | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)