From nobody@FreeBSD.org  Fri Sep 15 15:51:46 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD12E16A403
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 15 Sep 2006 15:51:46 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7EE5443D49
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 15 Sep 2006 15:51:46 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k8FFpkcj081525
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 15 Sep 2006 15:51:46 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k8FFpkqW081524;
	Fri, 15 Sep 2006 15:51:46 GMT
	(envelope-from nobody)
Message-Id: <200609151551.k8FFpkqW081524@www.freebsd.org>
Date: Fri, 15 Sep 2006 15:51:46 GMT
From: Volker Werth <volker@vwsoft.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: pf accepts nonexistent queue in rules
X-Send-Pr-Version: www-2.3

>Number:         103304
>Category:       kern
>Synopsis:       [pf] pf accepts nonexistent queue in rules
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-pf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 15 16:00:32 GMT 2006
>Closed-Date:    Fri Aug 24 08:54:41 GMT 2007
>Last-Modified:  Fri Aug 24 08:54:41 GMT 2007
>Originator:     Volker Werth
>Release:        6.2-PRERELEASE
>Organization:
>Environment:
FreeBSD bellona.sz.vwsoft.com 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #9: Wed Sep 13 22:08:28 CEST 2006     root@bellona.sz.vwsoft.com:/usr/obj/usr/src/sys/BELLONA  i386
>Description:
pf silently accepts rules which shall be queued to a non-existent queue.

Example:

if_int="vr0"
if_ext="ng0"

altq on $if_ext cbq bandwidth 64Kb queue { q_low}
queue q_low cbq( borrow rio default )

pass quick on $if_int all
pass quick on $if_ext proto icmp all queue ( nonexistent )
pass quick on $if_ext all queue ( q_low )

which creates _one_ queue but queues to two different (one non-exist) queues.

pfctl -gf [file] does not claim about the missing queue which might lead the administrator into unwanted results (haven't checked if it might lead pf into a failure situation).

pfctl -sa gives:

FILTER RULES:
pass quick on vr0 all
pass quick on ng0 proto icmp all queue nonexistent
pass quick on ng0 all queue q_low

ALTQ:
queue root_ng0 bandwidth 64Kb priority 0 cbq( wrr root ) {q_low}
queue  q_low bandwidth 64Kb cbq( rio borrow default )

This is just an example rule. IF names and proto's used do not matter here.
>How-To-Repeat:

>Fix:
pf should at least claim about the nonexistent queue and deny loading.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Sep 21 11:44:33 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103304 

From: "Jon Simola" <jsimola@gmail.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: kern/103304: pf accepts nonexistent queue in rules
Date: Tue, 12 Dec 2006 11:55:03 -0800

 This is by design. Queueing, Translation, and Packet Filtering are
 seperate functions in PF, and they can be manipulated independantly of
 each other. Flushing the queueing configuration should not leave the
 filtering rules in an undetermined state, nor should filtering rules
 that reference a queue that may not have been created yet. If you are
 experiencing problems with queueing, it is certainly advantageous to
 be able to disable it entirely by "pfctl -F queue" rather than having
 to rewrite the entire ruleset and remove all references to queues.
 
 PF also allows rules to specify non-existant interfaces, so that
 hotplugging does not require reloading the ruleset.
State-Changed-From-To: open->closed 
State-Changed-By: dhartmei 
State-Changed-When: Fri Aug 24 08:54:05 UTC 2007 
State-Changed-Why:  
not a bug 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103304 
>Unformatted:
