pfctl Recursive in anchor broken(DIOCGETRULES: Invalid argument)?

[Jov]

I reproduce this problem on my 12.1-R host：
uname -a
FreeBSD xx 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC  amd64

sh -x ./reproduce.sh
> + echo 'table <f2b-sshd> persist counters'
> + pfctl -a f2b/sshd -f-
> + echo 'block quick proto tcp from <f2b-sshd> to any'
> + pfctl -a f2b/sshd -f-
> + pfctl -a f2b/sshd -t f2b-sshd -T add 1.2.3.4
> 0/1 addresses added.
> + pfctl -a f2b/sshd -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled
> @0 block drop quick proto tcp from <f2b-sshd:1> to any
>   [ Evaluations: 18        Packets: 0         Bytes: 0           States: 0
>     ]
>   [ Inserted: uid 0 pid 8842 State Creations: 0     ]
> + pfctl -a '*' -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled
> @0 anchor "*" all {
>   [ Evaluations: 14655     Packets: 0         Bytes: 0           States: 0
>     ]
>   [ Inserted: uid 0 pid 8167 State Creations: 0     ]
> pfctl: DIOCGETRULES: Invalid argument
> }
> + pfctl -a 'f2b/*' -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled


att pf.conf and reproduce.sh

Thanks!

Kristof Provost <kp at freebsd.org> 于2020年2月27日周四 下午11:08写道：

> On 27 Feb 2020, at 16:06, Jov wrote:
> > uname -a
> > FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE #0 r335510: Fri Jun 22 04:32:14
> > UTC 2018     root at releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
> >  amd64
> >
> > I know that 11.2-R is EOL and I have run freebsd-update to upgrade to
> > 12.1，but have not reboot,so the new kernel is not take effect.
> >
> > freebsd-version -ku
> > 12.1-RELEASE-p1
> > 11.2-RELEASE-p2
> >
> Let’s re-test after you’ve completed the upgrade then.
>
> Best regards,
> Kristof
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pf.conf
Type: application/octet-stream
Size: 331 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20200228/b825d2bf/attachment.obj>