Re: authpf error: failed to create table (Device busy)

[md . obsd . bugs]

Did you test whether disabling ruleset optimization "fixes"
the issue in your case too?

\md
 
 

Gesendet: Freitag, 07. Juli 2017 um 02:59 Uhr
Von: "rafal.ramocki" 
An: misc@openbsd.org
Betreff: Re: authpf error: failed to create table (Device busy)
It looks like I've just hit the same bug. It looks like it is not related
with authpf but rather with anchors generaly. I'm loading anchor from
pf.conf, then this anchor loads another one with some rules. I have two
similar rules in there and disabling one of them will stop returning an
error from this anchor.

pass in quick log proto tcp to { 10.58.16.10 10.58.16.20 10.58.16.30 } port
1522
pass in quick log proto tcp to { 10.58.16.11 10.58.16.21 10.58.16.31 } port
1522

I have quite a bit ancors so I'm failing to load rules few anchors ahead
anyway.

Revelant parts of config are as follows:

/etc/pf.conf:
anchor "vpn1" in on $if_vpn1
load anchor vpn1 from "/etc/anchors/vpn1.conf"

/etc/anchors/vpn1.conf:
anchor "user4" in from 172.31.224.217
load anchor user4 from "/etc/anchors/vpn1/user4"

/etc/anchors/vpn1/user4:
pass in quick log proto tcp to { 10.58.16.10 10.58.16.20 10.58.16.30 } port
1522
pass in quick log proto tcp to { 10.58.16.11 10.58.16.21 10.58.16.31 } port
1522




--
View this message in context: 
http://openbsd-archive.7691.n7.nabble.com/authpf-error-failed-to-create-table-Device-busy-tp321195p322214.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.
 

Re: authpf error: failed to create table (Device busy)

[md . obsd . bugs]

Hi again

i was able to further track down the issue.

If i set ruleset-optimization to none everything works fine.
So it seems that the behavior is triggered somehow by the 
optimizer.

Having a look at where the EBUSY is triggered, it looks like 
pf_find_ruleset in pfr_ina_define (sys/net/pf_table.c) does 
not return anything. I did not get any further yet, but possibly
others can?

Can anyone else confirm this behavior?

regards
\md
 
 
 Forwarded Message 
Date: Donnerstag, 22. Juni 2017 um 10:27 Uhr
From: md.obsd.b...@gmx.at
To: misc@openbsd.org
Subject: authpf error: failed to create table (Device busy)
Hi

I recently transmitted a bug report concerning an authpf issue in 6.1
(see also [1]) where loading the rules in the authpf anchor fails like
this:

"pfctl: failed to create table __automatic_ba6b4284_0 in /newuser(25710): \
Device busy" Unable to modify filters


I've not been able to reproduce the error using another set of source IPs.
Maybe I'm overlooking an syntax/config error, but using the same rule in the
base pf.conf file does not result in an evaluation error using pfctl -nf.

Is any one able to reproduce the error either using the info in [1]
or by it's own ruleset?

I'd love to deliver additional debug info.

Looking forward for feedback.
\md

[1] https://marc.info/?l=openbsd-bugs=149613063520544

authpf error: failed to create table (Device busy)

[md . obsd . bugs]

Hi 

I recently transmitted a bug report concerning an authpf issue in 6.1
(see also [1]) where loading the rules in the authpf anchor fails like
this:

"pfctl: failed to create table __automatic_ba6b4284_0 in /newuser(25710): \
Device busy"   Unable to modify filters


I've not been able to reproduce the error using another set of source IPs.
Maybe I'm overlooking an syntax/config error, but using the same rule in the
base pf.conf file does not result in an evaluation error using pfctl -nf.

Is any one able to reproduce the error either using the info in [1]
or by it's own ruleset?

I'd love to deliver additional debug info.

Looking forward for feedback.
\md

[1] https://marc.info/?l=openbsd-bugs=149613063520544