[Bug 277875] pfctl cowardly refuses to load rules, broken between 8c94ed992702 & f29af8618bf9

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 23 Mar 2024 22:23:54 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277875

Dave Cottlehuber <dch@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #249387|0                           |1
        is obsolete|                            |
 Attachment #249388|0                           |1
        is obsolete|                            |

--- Comment #4 from Dave Cottlehuber <dch@freebsd.org> ---
Created attachment 249438
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=249438&action=edit
truss log

Thanks, rebuilt with that patch included.

I reduced the failing ruleset to this minimal example:

```
# pfctl -s Running
Enabled
# pfctl -F all
Ethernet rules cleared
rules cleared
nat cleared
0 tables deleted.
0 states cleared
source tracking entries cleared
pf: statistics cleared
pf: interface flags reset
root@# echo 'pass in quick on ng0 proto tcp to port 2200' | pfctl -vgf -
No ALTQ support in kernel
ALTQ related functions disabled
pass in quick on ng0 proto tcp from any to any port = 2200 flags S/SA keep
state
# echo $status
1
# pfctl -s rules
#
```


Evidently its not a ruleset parsing issue.

I swapped ng0 for lo0 and the same situation occurs.

running under truss, final lines from attached full log:

ioctl(3,DIOCSETTIMEOUT,0x621da911a368)           = 0 (0x0)
ioctl(3,DIOCSETTIMEOUT,0x621da911a368)           = 0 (0x0)
ioctl(3,DIOCSETDEBUG,0x621da911a368)             = 0 (0x0)
sendto(5," \0\0\0\^P\0\^E\0\^A\0\0\0\0\0\0"...,32,0,NULL,0) = 32 (0x20)
recvmsg(5,{0x621da911a26c,12,[{"\M-x\0\0\0\^P\0\^E\0\^A\0\0\0\0"...,65536}],1,{},0,0},0)
= 284 (0x11c)
sendto(5,"\^\\0\0\0\^Q\0\^E\0\^B\0\0\0\0\0"...,28,0,NULL,0) = 28 (0x1c)
recvmsg(5,{0x621da911a26c,12,[{"0\0\0\0\^B\0\0\0\^B\0\0\0\0\0\0"...,65536}],1,{},0,0},0)
= 48 (0x30)
ioctl(3,DIOCSETHOSTID,0x621da911a368)            = 0 (0x0)
ioctl(3,DIOCSETREASS,0x621da911a368)             = 0 (0x0)
ioctl(3,DIOCKEEPCOUNTERS,0x621da911a310)         = 0 (0x0)
ioctl(3,DIOCGETLIMIT,0x621da911a300)             = 0 (0x0)
ioctl(3,DIOCSETSYNCOOKIES,0x621da911a300)        = 0 (0x0)
ioctl(3,DIOCXROLLBACK,0x621da911a398)            = 0 (0x0)
extl_if = "ng0"
pass in quick on ng0 proto tcp from any to any port = 2200 flags S/SA keep
state
write(1,"extl_if = "ng0"\npass in quick o"...,97) = 97 (0x61)
exit(0x1)                                       
process exit, rval = 1


trying the same ruleset on a different arm64 box with same from-source
build, it works as expected - rules loaded, and output displayed.

I'll do a full re-install into an empty BE next.

-- 
You are receiving this mail because:
You are the assignee for the bug.