pfSense

I failed to note that mixed-case alias names will correctly resolve when nested in pfSense-2.4.5, so this appears limited to 2.5.

Viktor: this is the version I am testing on --

2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE

I can reliably create the issue as described. I will try pulling down a gitsync on my virtual machine to see if the issue resolves for me.

Bill

If #10968 fixed it then something else broke it again. I can reproduce it easily here.

: grep -i nesttest /conf/config.xml
            <name>NestTest1</name>
            <name>NestTest2</name>
            <name>NestTestBoth</name>
            <address>nesttest1 nesttest2</address>

The names were changed to lowercase. I repeated the test twice with two sets of completely new aliases. Same result.

hm, my test configuration:

<alias>
                        <name>LinPC_HOSTS</name>
                        <type>host</type>
                        <address>2.2.2.2</address>
                        <descr></descr>
                        <detail><![CDATA[Entry added Tue, 09 Feb 2021 17:43:47 +0300]]></detail>
 </alias>
<alias>
                        <name>WinPC_HOSTs</name>
                        <type>host</type>
                        <address>1.1.1.1</address>
                        <descr></descr>
                        <detail><![CDATA[Entry added Tue, 09 Feb 2021 17:43:47 +0300]]></detail>
</alias>
<alias>
                        <name>mixedhosts</name>
                        <type>host</type>
                        <address>LinPC_HOSTS WinPC_HOSTs</address>
                        <descr></descr>
                        <detail><![CDATA[Entry added Tue, 09 Feb 2021 17:44:23 +0300||Entry added Tue, 09 Feb 2021 17:44:23 +0300]]></detail>
 </alias>

# grep mixedhosts /tmp/rules.debug
table <mixedhosts> {    2.2.2.2   1.1.1.1 } 
mixedhosts = "<mixedhosts>" 
pass  in  quick  on $WAN reply-to ( vtnet1 192.168.89.5 ) inet proto tcp  from $mixedhosts to any tracker 1611243200 flags S/SA keep state  label "USER_RULE" 

Might be something in your running state, but it happens consistently every time for me here. I don't have any of the aliases in firewall rules (yet), I'm just creating them and trying to nest before they are in use. Might be something there.

I am also wondering if it is some kind of "race" thing perhaps???

I see a check in the new code that tests each value submitted to idn_to_utf8() to see if it is an existing alias. If so, it is returned "as-is" and not run through the function. But it appears that test is failing sometimes, for some reason, and thus the <address> value for an edited or newly created alias is getting changed to lowercase via being passed to, and processed by, the PHP idn_to_utf8() or idn_to_ascii() functions.

extra checks:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/129

I am unable to pull down the changes from that private repo, so can't test. Will depend on Jim to test from his end.

Bill

Still failed for me with that patch applied. Ends up with lowercase contents every time I try it.

Thanks! Good catch. I was pulling my hair out, because I could see what "should" be bypassing the problem but it wasn't working. My virtual machine indeed had the old copy of the file in /etc/inc.

Confirmed working now with the old file deleted in my 2.5 VM. This issue can be marked resolved.