bin/58884: npfctl validate seems to ignore "!" in the rules

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/58884: npfctl validate seems to ignore "!" in the rules
From: yamt9999%gmail.com@localhost
Date: Mon, 9 Dec 2024 05:55:00 +0000 (UTC)

>Number:         58884
>Category:       bin
>Synopsis:       npfctl validate seems to ignore "!" in the rules
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Dec 09 05:55:00 +0000 2024
>Originator:     YAMAMOTO Takashi
>Release:        10.0
>Organization:
>Environment:
NetBSD tadpole 10.0 NetBSD 10.0 (GENERIC) #0: Thu Mar 28 08:33:33 UTC 2024  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/evbarm/compile/GENERIC evbarm

>Description:
my expectation: "! $table" is an inverse of "$table"

actual: see below.

(i'm just learning the npf.conf syntax. my expectation might be wrong.
but IMO the current behavior is very confusing even if it isn't considered broken.)

tadpole% cat npf.conf 
$private = { 10.0.0.0/8 }
map lo0 dynamic any -> 192.168.1.1 pass from any to ! $private
map lo0 dynamic any -> 192.168.1.1 pass from any to $private
group default {
}
tadpole% npfctl validate npf.conf
map lo0 dynamic any -> 192.168.1.1 pass family inet4 to 10.0.0.0/8 
map lo0 dynamic any -> 192.168.1.1 pass family inet4 to 10.0.0.0/8 

group default { 
}

tadpole%

>How-To-Repeat:
see above.

>Fix:

Prev by Date: Re: port-mac68k/58883: Internal Trackpad wrongly configured on a PowerBook 500 [patch]
Next by Date: Re: bin/58884: npfctl validate seems to ignore "!" in the rules
Previous by Thread: port-mac68k/58883: Internal Trackpad wrongly configured on a PowerBook 500 [patch]
Next by Thread: Re: bin/58884: npfctl validate seems to ignore "!" in the rules
Indexes:

Home | Main Index | Thread Index | Old Index