https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291763
--- Comment #5 from [email protected] --- I think I've pinned this down. pfctl (in pfctl_show_status()) calls pfctl_get_status_h(). [lib/libpfctl/libpfctl.c] pfctl_get_status_h() { hdr = snl_create_genl_msg_request(&nw, family_id, PFNL_CMD_GET_STATUS); } which appears to call pf_handle_get_status() [sys/netpfil/pf/pf_nl.c] pf_handle_get_status() { ... nlattr_add_u64_array(nw, PF_GS_PCOUNTERS, 2 * 2 * 2, (uint64_t *)s.pcounters); ... } but the s here is pf_status, and in [sys/netpfil/pf/pf.h] struct pf_status { [...] uint64_t pcounters[2][2][3]; [...] } so copying 8 bytes out of s.pcounters (above) in pf_handle_get_status() will end up copying the wrong values. It would seem pf_nl.c should be using something similar to the parsing done in [sys/netpfil/pf/pf_ioctl.c] pf_getstatus() { ... for (int i = 0; i < 2; i++) { for (int j = 0; j < 2; j++) { for (int k = 0; k < 2; k++) { nvlist_append_number_array(nvl, "pcounters", s.pcounters[i][j][k]); } ... } to peel out the first two elements of the last index. -- You are receiving this mail because: You are the assignee for the bug.
