[Bug 280516] blacklistd: Silence a bogus warning about the blacklistd anchor not being found

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 280516] blacklistd: Silence a bogus warning about the blacklistd anchor not being found"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 09 Aug 2024 18:08:10 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280516

--- Comment #4 from Jose Luis Duran <jlduran@gmail.com> ---
(In reply to Mark Johnston from comment #3)

There are two issues:

1. The main issue: blacklistd-helper should discard stderr when invoking the
flush action (it already does for the add action). This has been submitted
upstream (https://github.com/zoulasc/blocklist/pull/11). The attached patch has
the proposed fix (just sweep the warnings under the rug).

2. The warnings in pf:

2.1. Use the attached sample pf.conf: it contains a "blacklistd/*" anchor, any
anchor will do.

2.2. First test: After reloading the rules, issue:

    # pfctl -a blacklistd -sA
    Anchor 'blacklistd' not found.

The anchor exists, and it works as it should. Seeing this message in the dmesg
the first time threw me off a little, thinking blacklistd was not going to be
able to add blocking rules (this can be silenced by applying step 1).  I
*think* this is one bug in pfctl.

2.3. Issue pfctl, specifying the anchor with all modifiers, just focusing on
the warnings/errors:

    # pfctl -a blacklistd -sa 1> /dev/null
    pfctl: DIOCGETETHRULES: No such file or directory
    pfctl: DIOCGETRULES: Invalid argument
    pfctl: DIOCGETRULES: Invalid argument
    pfctl: DIOCGETRULES: Invalid argument

I would guess this is another bug in pfctl.

2.4. Optionally, use the attached pfctl.c diff, that allready has "XXX" marks
on the paths that trigger the warnings above.

Note that pf works fine, the warnings just don't seem right (to the untrained
eye).

-- 
You are receiving this mail because:
You are the assignee for the bug.