Date: Sat, 18 Nov 2023 15:30:09 +0000 From: void <void@f-m.fm> To: freebsd-pf@freebsd.org Subject: re: pf is broken in stable/14-n265566-4533fa42ad91 arm64 Message-ID: <ZVjYgU_OSHEe7PmF@int21h>
next in thread | raw e-mail | index | archive | help
Hi, [originally sent to freebsd-stable but on second thoughts, this should have gone here] This context [1] was on stable/14-n265566 where pf worked fine. Source upgrade yesterday to stable/14-n265566 and pf is now broken. # service pf status /usr/src/sys/contrib/libnv/nvlist.c:379: Element 'halfopen_states' of type NUMBER doesn't exist. Abort trap (core dumped) To try and debug, I disabled all pf-related things in rc.conf and loader.conf, and tried to load things manually then apply a very basic pf config file /etc/pf.basic # kldload pf # # pfctl -nvf /etc/pf.basic ext_if = "genet0" block drop in all pass in on genet0 proto tcp from any to any port = ssh flags S/SA keep state pass out all flags S/SA keep state # pfctl -evf /etc/pf.basic No ALTQ support in kernel ALTQ related functions disabled ext_if = "genet0" pfctl: DIOCADDRULENV: Argument list too long When the problem was first identified, this appeared at the console on bootup: ### Nov 13 12:18:05 redacted kernel: Enabling pfpfctl: DIOCADDRULENV: Argument list too long Nov 13 12:18:05 redacted kernel: /etc/rc: WARNING: Unable to load /etc/pf.conf. Nov 13 12:18:05 redacted kernel: /etc/rc: WARNING: Loading fallback rules: block drop log all Nov 13 12:18:05 redacted kernel: pfctl: DIOCADDRULENV: Argument list too long Nov 13 12:18:05 redacted kernel: /usr/src/sys/contrib/libnv/nvlist.c:379: Element 'halfopen_states' of type NUMBER doesn't exist. Nov 13 12:18:05 redacted kernel: Abort trap (core dumped) Nov 13 12:18:05 redacted kernel: . Note the pfpfctl above [1] raspberry pi 4b+ 8GB --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZVjYgU_OSHEe7PmF>