git: 4e7c1ff95a51 - main - pfctl: relax interface name requirement

Thu, 07 May 2026 09:24:24 -0700 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=4e7c1ff95a5187faee524055f22c4cf4134d1147

commit 4e7c1ff95a5187faee524055f22c4cf4134d1147
Author:     Kristof Provost <[email protected]>
AuthorDate: 2026-05-07 09:58:17 +0000
Commit:     Kristof Provost <[email protected]>
CommitDate: 2026-05-07 15:07:23 +0000

    pfctl: relax interface name requirement
    
    The FreeBSD network stack, for better or worse, does not impose any
    requirements on interface names. As such it's valid for an interface
    name to start with a number (or indeed, be something like '⭐').
    
    Allow this in pfctl, and add a test case for the specific case of
    interface names starting with a number.
    
    Note that we don't support UTF-8 names fully, so those may still fail.
    
    PR:             295064
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/parse.y            |  2 +-
 tests/sys/netpfil/pf/names.sh | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 57a5140ffeb7..7e9d81da6ed9 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -4242,7 +4242,7 @@ dynaddr           : '(' STRING ')'                {
                        char    *p, *op;
 
                        op = $2;
-                       if (!isalpha(op[0])) {
+                       if (op[0] == '\0') {
                                yyerror("invalid interface name '%s'", op);
                                free(op);
                                YYERROR;
diff --git a/tests/sys/netpfil/pf/names.sh b/tests/sys/netpfil/pf/names.sh
index e47b0917cfec..c6f2a06c15f9 100644
--- a/tests/sys/netpfil/pf/names.sh
+++ b/tests/sys/netpfil/pf/names.sh
@@ -95,8 +95,48 @@ group_cleanup()
        pft_cleanup
 }
 
+atf_test_case "start_number" "cleanup"
+start_number_head()
+{
+       atf_set descr 'Test interface names starting with a number'
+       atf_set require.user root
+}
+
+start_number_body()
+{
+       pft_init
+
+       epair=$(vnet_mkepair)
+       ifconfig ${epair}a 192.0.2.1/24 up
+
+       vnet_mkjail alcatraz ${epair}b
+       jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up
+       jexec alcatraz ifconfig ${epair}b name 4ever
+       jexec alcatraz pfctl -e
+
+       jexec alcatraz ifconfig
+
+       pft_set_rules alcatraz \
+           "block" \
+           "pass in from any to (4ever)"
+
+       atf_check -o ignore ping -c 3 192.0.2.2
+
+       # Negative test, if the interface doesn't exist we don't pass packets
+       pft_set_rules alcatraz \
+           "block" \
+           "pass in from any to (5ever)"
+       atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
+}
+
+start_number_cleanup()
+{
+       pft_cleanup
+}
+
 atf_init_test_cases()
 {
        atf_add_test_case "names"
        atf_add_test_case "group"
+       atf_add_test_case "start_number"
 }

Reply via email to