Download raw body.
pfctl has some issue with setting bandwidth specs to >=1000G that
I don't fully understand:
$ echo 'queue rootq on lo0 bandwidth 999999999K
queue defq parent rootq bandwidth 8G default' | pfctl -nvf -
queue rootq on lo0 bandwidth 999999999K
queue defq parent rootq bandwidth 8G default
$ echo 'queue rootq on lo0 bandwidth 1000000000K
queue defq parent rootq bandwidth 8G default' | pfctl -nvf -
queue rootq on lo0 bandwidth 1
queue defq parent rootq bandwidth 8G default
this only applies with unit specifiers, not raw numbers.
Worried about wraparounds with casts, I tried a separate multiplier
variable and checking for bps > (double)(LLONG-MAX / mult) but that
didn't help.
Unless someone has a better idea, the parser could be changed like
this to reject values causing the problem.
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/pfctl/parse.y,v
diff -u -p -r1.724 parse.y
--- parse.y 15 Jan 2026 09:23:37 -0000 1.724
+++ parse.y 19 Mar 2026 12:43:42 -0000
@@ -1606,7 +1606,7 @@ bandwidth : STRING {
}
}
free($1);
- if (bps < 0 || bps > (double)LLONG_MAX) {
+ if (bps < 0 || bps >= 1000000000000) {
yyerror("bandwidth number too big");
YYERROR;
}