Date: Fri, 28 Feb 2020 15:41:32 +0800 From: Jov <amutu@amutu.com> To: Kristof Provost <kp@freebsd.org> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: pfctl Recursive in anchor broken(DIOCGETRULES: Invalid argument)? Message-ID: <CADyrUxO9-sJ=cH0qO=Vb48A1UsGFY7vat7cHyO39vs06PT6dWw@mail.gmail.com> In-Reply-To: <C26DB20D-FBDC-4E48-8692-D27020704005@FreeBSD.org> References: <CADyrUxPEp2Jx9bTmyc-wHff8NX_BYa9Sk0cA-zDe4WWK%2BmcKoQ@mail.gmail.com> <C1ADF7BD-715C-4CC8-8605-2FA2EC2CE5CC@sigsegv.be> <CADyrUxNkSHLx5QebizGNrdXirpOPT8dQu4jZ9CTStQYSH6UZ1Q@mail.gmail.com> <C26DB20D-FBDC-4E48-8692-D27020704005@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000014d0d4059f9df8cc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
I reproduce this problem on my 12.1-R host=EF=BC=9A
uname -a
FreeBSD xx 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC amd64
sh -x ./reproduce.sh
> + echo 'table <f2b-sshd> persist counters'
> + pfctl -a f2b/sshd -f-
> + echo 'block quick proto tcp from <f2b-sshd> to any'
> + pfctl -a f2b/sshd -f-
> + pfctl -a f2b/sshd -t f2b-sshd -T add 1.2.3.4
> 0/1 addresses added.
> + pfctl -a f2b/sshd -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled
> @0 block drop quick proto tcp from <f2b-sshd:1> to any
> [ Evaluations: 18 Packets: 0 Bytes: 0 States: =
0
> ]
> [ Inserted: uid 0 pid 8842 State Creations: 0 ]
> + pfctl -a '*' -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled
> @0 anchor "*" all {
> [ Evaluations: 14655 Packets: 0 Bytes: 0 States: =
0
> ]
> [ Inserted: uid 0 pid 8167 State Creations: 0 ]
> pfctl: DIOCGETRULES: Invalid argument
> }
> + pfctl -a 'f2b/*' -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled
att pf.conf and reproduce.sh
Thanks!
Kristof Provost <kp@freebsd.org> =E4=BA=8E2020=E5=B9=B42=E6=9C=8827=E6=97=
=A5=E5=91=A8=E5=9B=9B =E4=B8=8B=E5=8D=8811:08=E5=86=99=E9=81=93=EF=BC=9A
> On 27 Feb 2020, at 16:06, Jov wrote:
> > uname -a
> > FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE #0 r335510: Fri Jun 22 04:32:=
14
> > UTC 2018 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
> > amd64
> >
> > I know that 11.2-R is EOL and I have run freebsd-update to upgrade to
> > 12.1=EF=BC=8Cbut have not reboot,so the new kernel is not take effect.
> >
> > freebsd-version -ku
> > 12.1-RELEASE-p1
> > 11.2-RELEASE-p2
> >
> Let=E2=80=99s re-test after you=E2=80=99ve completed the upgrade then.
>
> Best regards,
> Kristof
>
--00000000000014d0d4059f9df8cc
Content-Type: application/octet-stream; name="pf.conf"
Content-Disposition: attachment; filename="pf.conf"
Content-Transfer-Encoding: base64
Content-ID: <f_k75vagh90>
X-Attachment-Id: f_k75vagh90
ZXh0X2lmPSJ3bGFuMCIKaW5jbHVkZSAiL3pyb290L3ZtLy5jb25maWcvcGYtbmF0LmNvbmYiCgoj
cmRyIHByb3RvIHRjcCBmcm9tIDEyNy4wLjAuMSB0byAxNzIuMTYuMC4xIHBvcnQgMjIyMiAtPiAx
NzIuMTYuMC4xNDQgcG9ydCAyMgoKbmF0IHBhc3MgbG9nIG9uICRleHRfaWYgZnJvbSAxOTIuMTY4
LjQvMjQgdG8gYW55IC0+ICggJGV4dF9pZiApCgpuYXQgcGFzcyBsb2cgb24gJGV4dF9pZiBmcm9t
IDE5Mi4xNjguMC8yNCB0byBhbnkgLT4gKCAkZXh0X2lmICkKCiNibG9jayBpbiBsb2cgb24gJGV4
dF9pZgojYmxvY2sgb3V0IGxvZyBvbiAkZXh0X2lmCmFuY2hvciAiZjJiLyoiCg==
--00000000000014d0d4059f9df8cc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADyrUxO9-sJ=cH0qO=Vb48A1UsGFY7vat7cHyO39vs06PT6dWw>