Solved update to FreeBSD-13.2 and pf now throws unknown error -1

byrnejb · Jan 22, 2024

Code:

pfctl -t BLOCKPERM -T replace -f /var/db/pf/pf_block_perm
pfctl: Unknown error: -1.

tail /var/db/pf/pf_block_perm
. . .
223.240.83.206
223.241.100.90
223.241.222.151
223.242.38.53
223.243.101.149
223.244.87.96
223.245.0.5
223.255.146.2
223.255.146.94
223.255.187.154

Q. What is causing this? A. The size of table BLOCKPERM is too large. The sysctl setting `net.pf.request_maxcount` needs to be increased from the default value of 65535.

richardtoohey2 · Jan 22, 2024

How did you upgrade? And from what version (13.1?)? amd64 or arm64 or something else?

Definitely followed all steps?

Rebooted?

Kristof Provost · Jan 22, 2024

Run

Code:

truss pfctl -t BLOCKPERM -T replace -f /var/db/pf/pf_block_perm

and post the last ~50 or so lines of output

byrnejb · Jan 22, 2024

Code:

mprotect(0xcb379173000,4096,PROT_READ)         = 0 (0x0)
mprotect(0xcb37999d000,36864,PROT_READ)         = 0 (0x0)
sysarch(AMD64_SET_FSBASE,0xcb376ba2b20)         = 0 (0x0)
mprotect(0xcb37999d000,36864,PROT_READ|PROT_WRITE) = 0 (0x0)
mprotect(0xcb37999d000,36864,PROT_READ)         = 0 (0x0)
readlink("/etc/malloc.conf",0xcb376ba2210,1024)     ERR#2 'No such file or directory'
issetugid()                     = 0 (0x0)
mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(21),-1,0x0) = 13964983402496 (0xcb379e00000)
mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 13964990119936 (0xcb37a468000)
mmap(0x0,4194304,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(21),-1,0x0) = 13965002276864 (0xcb37b000000)
mmap(0x0,1112,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 13965021609984 (0xcb37c270000)
minherit(0xcb37c270000,1112,INHERIT_ZERO)     = 0 (0x0)
getrandom("\M-o\^OY\M-!\0Bs\M-s\M-g"\M-e\n`"...,40,0) = 40 (0x28)
mprotect(0xcab5642c000,8192,PROT_READ)         = 0 (0x0)
openat(AT_FDCWD,"/dev/pf",O_RDWR,00)         = 3 (0x3)
ioctl(3,DIOCGETALTQSV1,0xcb376ba30f0)         ERR#19 'Operation not supported by device'
open("/var/db/pf/pf_block_perm",O_RDONLY,0666)     = 4 (0x4)
fstat(4,{ mode=-rw-r--r-- ,inode=520393,size=547625,blksize=131072 }) = 0 (0x0)
fstat(4,{ mode=-rw-r--r-- ,inode=520393,size=547625,blksize=131072 }) = 0 (0x0)
read(4,"1.0.171.2\n1.1.128.112\n1.2.211."...,131072) = 131072 (0x20000)
read(4,"79.188\n68.183.180.206\n68.183.1"...,131072) = 131072 (0x20000)
read(4,".21.248\n117.50.173.97\n117.50.1"...,131072) = 131072 (0x20000)
read(4,"5\n175.137.14.93\n175.137.59.185"...,131072) = 131072 (0x20000)
read(4,"8.142.60\n220.118.225.128\n220.1"...,131072) = 23337 (0x5b29)
read(4,0xcb37a476e40,131072)             = 0 (0x0)
close(4)                     = 0 (0x0)
ioctl(3,DIOCRADDTABLES,0xcb376ba2770)         = 0 (0x0)
ioctl(3,DIOCRSETADDRS,0xcb376ba2720)         ERR#22 'Invalid argument'
fstatat(AT_FDCWD,"/usr/share/nls/C/libc.cat",0xcb376ba2a40,0x0) ERR#2 'No such file or directory'
fstatat(AT_FDCWD,"/usr/share/nls/libc/C",0xcb376ba2a40,0x0) ERR#2 'No such file or directory'
fstatat(AT_FDCWD,"/usr/local/share/nls/C/libc.cat",0xcb376ba2a40,0x0) ERR#2 'No such file or directory'
fstatat(AT_FDCWD,"/usr/local/share/nls/libc/C",0xcb376ba2a40,0x0) ERR#2 'No such file or directory'
pfctl: Unknown error: -1.
write(2,"pfctl: Unknown error: -1.\n",26)     = 26 (0x1a)
exit(0xffffffff)               
process exit, rval = 429496729

byrnejb · Jan 22, 2024

richardtoohey2 said:
How did you upgrade? And from what version (13.1?)? amd64 or arm64 or something else?

Definitely followed all steps?

Rebooted?

As stated, the update was from 13.2p2 to 13.2p9

Code:

 5726  2024-01-20 13:02:45: beadm list
 5727  2024-01-20 13:03:22: freebsd-update install
 5728  2024-01-20 13:03:34: freebsd-update fetch
 5729  2024-01-20 13:07:47: freebsd-update install
 5730  2024-01-20 13:11:00: ll /dev/ad*
 5731  2024-01-20 13:11:30: for HDD in 0 ; do gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada${HDD}; done;
 5732  2024-01-20 13:11:50: shutdown -r now
 5733  2024-01-20 13:14:08: beadm list

richardtoohey2 · Jan 22, 2024

byrnejb said:
As stated, the update was from 13.2p2 to 13.2p9

Well, it's not terribly important, but I can't see that in your original post.

byrnejb · Jan 22, 2024

richardtoohey2 said:
Well, it's not terribly important, but I can't see that in your original post.

My bad. I gave that information on the bug report.

Kristof Provost · Jan 22, 2024

ioctl(3,DIOCRSETADDRS,0xcb376ba2720) ERR#22 'Invalid argument'

That's the relevant error.

The most likely cause is that your table is larger than the ioctl limit in the net.pf.request_maxcount sysctl. Make sure that's comfortably larger than the number of elements in your /var/db/pf/pf_block_perm file.

byrnejb · Jan 23, 2024

That does not seem to be the case. Is the net.pf.request_maxcount value cumulative for all tables or does it apply to each table individually?

Code:

# sysctl net.pf.request_maxcount
net.pf.request_maxcount: 65535
# wc -l < /var/db/pf/pf_block_perm
   38266

Kristof Provost · Jan 23, 2024

It's per request, but the pfctl code might be expanding things under the hood. Increase the value significantly to test anyway.

byrnejb · Jan 23, 2024

I did increase the value of net.pf.request_maxcount to 262144 and that seems to have fixed the problem.