Bug 287405 - On a system with WITHOUT_PF set in src.conf, the net/pfvar.h header misses requisites (was: dns/dnsmasq: Fails to build on host configured WITHOUT_PF)
Summary: On a system with WITHOUT_PF set in src.conf, the net/pfvar.h header misses re...
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 15.0-CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-pf (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-06-09 21:51 UTC by Alastair Hogge
Modified: 2025-06-10 13:24 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alastair Hogge 2025-06-09 21:51:28 UTC 
Hello,

dns/dnsmasq will not build on a host that is built with WITHOUT_PF in src.conf.

> cc -O2 -pipe  -Wall -Wno-unused-function -Wno-unused-parameter -Wno-unused-value -Wno-unused-variable -DHAVE_LIBIDN2 -DHAVE_DNSSEC -I/usr/local/include -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing  -O2 -pipe  -Wall -Wno-unused-function -Wno-unused-parameter -Wno-unused-value -Wno-unused-variable -DHAVE_LIBIDN2 -DHAVE_DNSSEC -I/usr/local/include -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing  -DLOCALEDIR='"/usr/local/share/locale"' -DVERSION='"2.91"'   -I/usr/local/include      -I/usr/local/include   -I/usr/local/include -DLIBICONV_PLUG -c nftset.c	
> In file included from tables.c:30:
> /usr/include/net/pfvar.h:67:10: fatal error: 'netpfil/pf/pf.h' file not found
>    67 | #include <netpfil/pf/pf.h>
>       |          ^~~~~~~~~~~~~~~~~
> 1 error generated.
> gmake[1]: *** [/wrkdirs/usr/ports/dns/dnsmasq/work/dnsmasq-2.91/Makefile:167: tables.o] Error 1
> gmake[1]: *** Waiting for unfinished jobs....
> gmake[1]: Leaving directory '/wrkdirs/usr/ports/dns/dnsmasq/work/dnsmasq-2.91/src'
> gmake: *** [Makefile:112: all-i18n] Error 2
> ===> Compilation failed unexpectedly.
> Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
> the maintainer.
> *** Error code 1
> 
> Stop.

This is on 15-CURRENT (1500043), and poudriere jail of the same version. The problem has been around since at least 2020-07-27.
make: stopped making "build" in /usr/ports/dns/dnsmasq
=>> Cleaning up wrkdir
===>  Cleaning for dnsmasq-2.91,1
build of dns/dnsmasq | dnsmasq-2.91,1 ended at 2025-06-09T20:29:18+00:00
build time: 00:00:08
!!! build failure encountered !!!
Comment 1 Matthias Andree freebsd_committer freebsd_triage 2025-06-10 07:01:18 UTC 
Hi Alastair,

this seems to an issue with the 15-CURRENT base system.

dnsmasq includes these lines:

#include <string.h>

#include <sys/types.h>
#include <sys/ioctl.h>

#include <net/if.h>
#include <netinet/in.h>
#include <net/pfvar.h>

and net/pfvar.h seems to be present, but in turn include the missing netpfil/pf/pf.h header.

> /usr/include/net/pfvar.h:67:10: fatal error: 'netpfil/pf/pf.h' file not found
>    67 | #include <netpfil/pf/pf.h>

This isn't something we, or the upstream, could easily fix in dnsmasq.

Let's divert this where it belongs.
Comment 2 Alastair Hogge 2025-06-10 13:24:31 UTC 
Heyo

Two questions:
1) /sys/net/pfvar.h[1] is meant to be part of OpenBSD's (now FreeBSD's unique fork) pf, and is still installed regardless of WITHOUT_PF?

2) The netpfil kernel system does not have the required abstractions for dnsmasq to build successfully without pf?

I noticed that NetBSD also has dnsmasq in pkgsrc[2], however, they recommended using npf (NetBSD's awesome, fully organic, animal friendly, and locally grown pf) over OpenBSD's pf.

The only occurrence of <net/pfvar.h> in the dnsmasq code, is in src/tables.c[2], 

Thanks for the PR triage.

1: https://codeberg.org/FreeBSD/freebsd-src/src/commit/09545628f0cd58406a47f302fb8584a5292d4b1a/sys/net/pfvar.h
2: https://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/net/dnsmasq/Makefile?rev=1.53
3: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/tables.c;h=ccfe9ed0419a3f86017c0fb07c14caa1f467a11a;hb=HEAD#l30