Date: Fri, 16 Feb 2024 14:41:36 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 277093] pf: Assertion failed: (elems <= maxelems), function pf_nvuint_32_array on stable/14 with RACK Message-ID: <bug-277093-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277093 Bug ID: 277093 Summary: pf: Assertion failed: (elems <=3D maxelems), function pf_nvuint_32_array on stable/14 with RACK Product: Base System Version: 14.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: p.mousavizadeh@protonmail.com Created attachment 248509 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D248509&action= =3Dedit ktrace pfctl -sr under jail Hi, I have an assertion error on pfctl inside the my jail. apparently, my pf is still working. However, I get the following error when I run: # pfctl -sr Assertion failed: (elems <=3D maxelems), function pf_nvuint_32_array, file /usr/src/lib/libpfctl/libpfctl.c, line 147. Tested with: # freebsd-version -kru 14.0-STABLE 14.0-STABLE 14.0-STABLE :/usr/src # git show commit 6a75d3b3fbe4c66bf9b8c18db55bba19ffb492e4 (HEAD -> stable/14, origin/stable/14) related loader.conf: tcp_bbr_load=3D"YES" net.fibs=3D"3" Jail configuration: # cat /etc/jail.conf.d/jail.conf=20 path =3D "/usr/jails/${name}"; host.hostname =3D "${name}"; exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.clean; somejail { mount.devfs; vnet; vnet.interface =3D "epair4b"; exec.prestart =3D "service netif cloneup epair4 || echo interfaces are al= ready exists"; exec.prestop =3D "ifconfig epair4a destroy"; } My kernel conf: # cat /usr/src/sys/amd64/conf/RACK=20 include GENERIC ident RACK device pf device pflog device cryptodev options ALTQ options ALTQ_HFSC makeoptions WITH_EXTRA_TCP_STACKS=3D1 options RATELIMIT options TCPHPTS options ZFS options NETGRAPH options NETGRAPH_ECHO options NETGRAPH_ETHER options NETGRAPH_IFACE options NETGRAPH_KSOCKET options NETGRAPH_TEE options NETGRAPH_SOCKET options NETGRAPH_NETFLOW options NETGRAPH_EIFACE options NETGRAPH_BRIDGE makeoptions DEBUG=3D-g makeoptions WITH_CTF=3D1 options KDTRACE_FRAME options KDTRACE_HOOKS options DDB_CTF `/etc/sysctl.conf` under jail: net.inet.tcp.sendbuf_max=3D16777216=20=20 net.inet.tcp.recvbuf_max=3D16777216 net.inet.tcp.sendbuf_auto=3D1 net.inet.tcp.recvbuf_auto=3D1 net.inet.tcp.sendbuf_inc=3D16384=20 net.inet.tcp.recvbuf_inc=3D524288=20 net.inet.tcp.cc.algorithm=3Dhtcp net.inet.tcp.functions_default=3Dbbr net.inet.ip.redirect=3D0=20 This jail works as a network gateway for other jails. It was working, stran= gely that happens after I use the `py39-sshuttle` on it. FYI, `py39-sshuttle` has been tested on the other jails under similar configuration, and this error = was not happened before (on the same host). For the context, AFAICS, sshuttle only adds an anchor to pf which only cant= ains two rules. https://github.com/sshuttle/sshuttle/blob/master/sshuttle/methods/pf.py Sample on other jails on the same time: # pfctl -a 'sshuttle-12300' -sr=20 pass out route-to lo0 inet proto tcp all flags S/SA keep state pass out inet proto tcp from any to 127.0.0.1 flags S/SA keep state my `pf.conf` under that jail is fairly simple: multiple: nat pass from x.x.x.x/24 to any -> $SOMEIF pass all block from x.x.x.x/24 to any --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277093-227>