State table entry rule ID does not contain the expected value
On snapshots the rule number in the state table data does not contain the expected value
all tcp 198.51.100.104:443 <- 198.51.100.142:43958 FIN_WAIT_2:FIN_WAIT_2 [2501411308 + 2147156224] wscale 7 [2163627184 + 4278255872] wscale 7 age 750314:22:56, expires in 00:00:00, 36:45 pkts, 4179:19880 bytes, rule 1744830464 id: 1caa1f6100000002 creatorid: be86b95f gateway: 198.51.100.1 origif: vtnet0
: pfctl -vvsr | egrep 1744830464 :
It should show the rule number from this entry:
\@104(1617118076) pass in quick on vtnet0 reply-to (vtnet0 198.51.100.1) inet from <RemoteAdmin:0> to (self:1) flags S/SA keep state label "USER_RULE: Allow Remote Admin to this firewall (permissive)"
It behaves as expected on the current release, but is broken on snapshots.
Updated by Kristof Provost 2 months ago
- Status changed from New to Feedback
That's an endianness issue. The kernel converts several fields to network-endianness, and the (userspace) libpfctl lib failed to reverse that.
It's fixed in devel-12 in https://gitlab.netgate.com/pfSense/FreeBSD-src/-/commit/651256459f172c0048b4dcd088daf1238cbc52b0 (cherry-picked upstream main commit).