From nobody Fri Sep 20 10:39:16 2024
X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X986M4Gx0z5VhS9
	for <freebsd-security@mlmmj.nyi.freebsd.org>; Fri, 20 Sep 2024 10:40:11 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits)
	 client-signature ECDSA (P-256))
	(Client CN "mailgate.leidinger.net", Issuer "E5" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4X986M159Rz4bL9;
	Fri, 20 Sep 2024 10:40:11 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Authentication-Results: mx1.freebsd.org;
	none
List-Id: Security issues <freebsd-security.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-security
List-Help: <mailto:freebsd-security+help@freebsd.org>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Subscribe: <mailto:freebsd-security+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-security+unsubscribe@freebsd.org>
X-BeenThere: freebsd-security@freebsd.org
Sender: owner-freebsd-security@FreeBSD.org
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net;
	s=outgoing-alex; t=1726828807;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=QzUoMafonQXnJLyb4RqShf7kfr3ACjFZabRA7zXr+bI=;
	b=VKg+2FBvrsFwtmSUMzWE14M8K4b7e4As9hU4qLrwTTJdL9/jq3owfdj2MrCvj4WFf5kQYi
	fDp577Mr5s+6fkBYw1u6Sw4If/9xxdZuJOgxAYqVkReLms9TjNhPlfHKnA2FmoVNjLiOLJ
	oXjfo/53VGZxkZcJBhysOFdR8kk8SGaARkWLl/y85eIJ8hAdgsui6akQXHVNy/Go/MSDtY
	SXyClTv5nxsphlSkyefiWK5xYg+k//JlNw1fjVj2XHvpLaBYAQrw6G+3GL8t4VZPwn6mdT
	oMbAl2KOvE55dH3gPBdH8ql/q5GePCr48Hdv7GxODMRmEQApJ6N4YNtixI1wxg==
Date: Fri, 20 Sep 2024 12:39:16 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Kristof Provost <kp@freebsd.org>
Cc: FreeBSD Security list <freebsd-security@freebsd.org>
Subject: Re: "Unknown error" message from pfctl on an existing table
In-Reply-To: <D89F8745-42F8-4586-A2C5-8116EF3C0029@FreeBSD.org>
References: <e3eeae1bad4f182bad5abbf281a7bb26@Leidinger.net>
 <f3b1ade48b9bb0d7891b643defcc7b16@Leidinger.net>
 <E1944C83-4692-42B9-BBC3-C065EE9D84A1@FreeBSD.org>
 <c24980270caff52d5d1def3a5e9ae02a@Leidinger.net>
 <D89F8745-42F8-4586-A2C5-8116EF3C0029@FreeBSD.org>
Message-ID: <fd348924171cd6f608b4660b9abdadc7@Leidinger.net>
Organization: No organization, this is a private message.
Content-Type: multipart/signed;
 protocol="application/pgp-signature";
 boundary="=_95aab8f88938066efd091b876f51918c";
 micalg=pgp-sha256
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]
X-Rspamd-Queue-Id: 4X986M159Rz4bL9
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_95aab8f88938066efd091b876f51918c
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
 format=flowed

Am 2024-09-20 12:27, schrieb Kristof Provost:
> On 20 Sep 2024, at 11:21, Alexander Leidinger wrote:

>> When I list the non-working table (crowdsec-blocklists):
>> ---snip---
>> openat(AT_FDCWD,"/dev/pf",O_RDONLY,00)           = 3 (0x3)
>> ioctl(3,DIOCGETALTQSV1,0x19fc93899a90)           ERR#19 'Operation not 
>> supported by device'
>> openat(AT_FDCWD,"/dev/pf",O_RDWR,00)             = 4 (0x4)
>> socket(PF_NETLINK,SOCK_RAW,16)                   = 5 (0x5)
>> setsockopt(5,270,11,0x19fc93899a2c,4)            = 0 (0x0)
>> getsockopt(5,SOL_SOCKET,SO_RCVBUF,0x19fc93899a24,0x19fc93899a28) = 0 
>> (0x0)
>> ioctl(3,DIOCRGETADDRS,0x19fc938990f0)            = 0 (0x0)
>> ioctl(3,DIOCRGETADDRS,0x19fc938990f0)            ERR#22 'Invalid 
>> argument'
>> issetugid()                                      = 0 (0x0)
>> ---snip---
>> 
> That’s not the error code I see for a non-existent table, so it’s not 
> quite the same issue.
> 
> DIOCRGETADDRS returns EINVAL, which is probably because the table is 
> running into the net.pf.request_maxcount limit. Try increasing that 
> sysctl.

Yes:
#  pfctl -t crowdsec-blocklists -T show | wc -l
    74167

Thanks!
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_95aab8f88938066efd091b876f51918c
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmbtUOQACgkQEg2wmwP4
2IbngA/9EHyoXRglZlxt2WHTjXFu2Cgfh1NVvqTSgFm3vbwjw0ZEwvo9hEnMHxrG
HE+nOv2Uj6FuU1RjfBtAHZdHtQ28t3oNXPJRV65wk+qiLielzOsAZchSFNSlZZ9u
XP+GiObFuOIkHIuN5GLHHLSBTdzckIBeSWL3cJUnf/VBAOj2c8ntiOnv7iNxdXXQ
21K/ZMd/XPnh6ZFsOVCByf5xXRfCs4E5vvrjte3rXEXoNfC5NfHD8oCCXaDqAIK3
klZ/A5wtJvuIAbgWb17CPQnqed+e+WgqtK4RTJRHUPynEIlVzk8q74v5+fhzfjaB
1VfF1lFWXXujKMkfN4AamRVpC3kU7uWsqbWO5BUueOzokcqUPqb0prKf0mQjwW7F
PB88eAtWu/7WG0Bvk7VT/B65oRhxc2cTqhEhii41RRArZLWxRl4jZLFH4TGDTDeK
CNKCbuspvUI/RCkV8Hg4jPfuCW7glioz3UEgTfS9zpgD4zCJzmWIUpPLOCDWzVo7
quYtNJWlQcpNTjq1veUW4ycbRFat18LtD2ZFejNTT7LgmH79/1Do0SoncaJDQlfq
2BDrlzDYED29WRHaVZ5dTb3x5zm4MN6dqSKskszQjALdVhiaioNbglHt3JYFSMB3
KrKaLALvZOSJ1jgLghKJttU70NBp9zK72crcJAv0L1O3rKnoKyU=
=Swg3
-----END PGP SIGNATURE-----

--=_95aab8f88938066efd091b876f51918c--