pf is broken in stable/14-n265566-4533fa42ad91 arm64
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 18 Nov 2023 12:01:51 UTC
Hi, This context [1] was on stable/14-n265566 where pf worked fine. Source upgrade yesterday to stable/14-n265566 and pf is now broken. # service pf status /usr/src/sys/contrib/libnv/nvlist.c:379: Element 'halfopen_states' of type NUMBER doesn't exist. Abort trap (core dumped) To try and debug, I disabled all pf-related things in rc.conf and loader.conf, and tried to load things manually then apply a very basic pf config file /etc/pf.basic # kldload pf # # pfctl -nvf /etc/pf.basic ext_if = "genet0" block drop in all pass in on genet0 proto tcp from any to any port = ssh flags S/SA keep state pass out all flags S/SA keep state # pfctl -evf /etc/pf.basic No ALTQ support in kernel ALTQ related functions disabled ext_if = "genet0" pfctl: DIOCADDRULENV: Argument list too long When the problem was first identified, this appeared at the console on bootup: ### Nov 13 12:18:05 redacted kernel: Enabling pfpfctl: DIOCADDRULENV: Argument list too long Nov 13 12:18:05 redacted kernel: /etc/rc: WARNING: Unable to load /etc/pf.conf. Nov 13 12:18:05 redacted kernel: /etc/rc: WARNING: Loading fallback rules: block drop log all Nov 13 12:18:05 redacted kernel: pfctl: DIOCADDRULENV: Argument list too long Nov 13 12:18:05 redacted kernel: /usr/src/sys/contrib/libnv/nvlist.c:379: Element 'halfopen_states' of type NUMBER doesn't exist. Nov 13 12:18:05 redacted kernel: Abort trap (core dumped) Nov 13 12:18:05 redacted kernel: . Note the pfpfctl above [1] raspberry pi 4b+ 8GB --