Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Feb 2020 15:41:32 +0800
From:      Jov <amutu@amutu.com>
To:        Kristof Provost <kp@freebsd.org>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: pfctl Recursive in anchor broken(DIOCGETRULES: Invalid argument)?
Message-ID:  <CADyrUxO9-sJ=cH0qO=Vb48A1UsGFY7vat7cHyO39vs06PT6dWw@mail.gmail.com>
In-Reply-To: <C26DB20D-FBDC-4E48-8692-D27020704005@FreeBSD.org>
References:  <CADyrUxPEp2Jx9bTmyc-wHff8NX_BYa9Sk0cA-zDe4WWK%2BmcKoQ@mail.gmail.com> <C1ADF7BD-715C-4CC8-8605-2FA2EC2CE5CC@sigsegv.be> <CADyrUxNkSHLx5QebizGNrdXirpOPT8dQu4jZ9CTStQYSH6UZ1Q@mail.gmail.com> <C26DB20D-FBDC-4E48-8692-D27020704005@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
I reproduce this problem on my 12.1-R host:
uname -a
FreeBSD xx 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC  amd64

sh -x ./reproduce.sh
> + echo 'table <f2b-sshd> persist counters'
> + pfctl -a f2b/sshd -f-
> + echo 'block quick proto tcp from <f2b-sshd> to any'
> + pfctl -a f2b/sshd -f-
> + pfctl -a f2b/sshd -t f2b-sshd -T add 1.2.3.4
> 0/1 addresses added.
> + pfctl -a f2b/sshd -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled
> @0 block drop quick proto tcp from <f2b-sshd:1> to any
>   [ Evaluations: 18        Packets: 0         Bytes: 0           States: 0
>     ]
>   [ Inserted: uid 0 pid 8842 State Creations: 0     ]
> + pfctl -a '*' -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled
> @0 anchor "*" all {
>   [ Evaluations: 14655     Packets: 0         Bytes: 0           States: 0
>     ]
>   [ Inserted: uid 0 pid 8167 State Creations: 0     ]
> pfctl: DIOCGETRULES: Invalid argument
> }
> + pfctl -a 'f2b/*' -sr -vvv
> No ALTQ support in kernel
> ALTQ related functions disabled


att pf.conf and reproduce.sh

Thanks!

Kristof Provost <kp@freebsd.org> 于2020年2月27日周四 下午11:08写道:

> On 27 Feb 2020, at 16:06, Jov wrote:
> > uname -a
> > FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE #0 r335510: Fri Jun 22 04:32:14
> > UTC 2018     root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
> >  amd64
> >
> > I know that 11.2-R is EOL and I have run freebsd-update to upgrade to
> > 12.1,but have not reboot,so the new kernel is not take effect.
> >
> > freebsd-version -ku
> > 12.1-RELEASE-p1
> > 11.2-RELEASE-p2
> >
> Let’s re-test after you’ve completed the upgrade then.
>
> Best regards,
> Kristof
>

[-- Attachment #2 --]
ext_if="wlan0"
include "/zroot/vm/.config/pf-nat.conf"

#rdr proto tcp from 127.0.0.1 to 172.16.0.1 port 2222 -> 172.16.0.144 port 22

nat pass log on $ext_if from 192.168.4/24 to any -> ( $ext_if )

nat pass log on $ext_if from 192.168.0/24 to any -> ( $ext_if )

#block in log on $ext_if
#block out log on $ext_if
anchor "f2b/*"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADyrUxO9-sJ=cH0qO=Vb48A1UsGFY7vat7cHyO39vs06PT6dWw>