-current (GENERIC.MP#148 amd64): cannot load anchor from file
Hi, I'm trying to run my pf setup on the latest -current/amd64 like this: # pfctl -n -f pf.conf (gives no error or warning) # pfctl -f pf.conf pfctl: pfctl_rules pfctl: load anchors pfctl: DIOCXROLLBACK: Invalid argument The only anchor statments I have are these: # grep anchor pf.conf anchor ipsecrules load anchor ipsecrules from "/etc/pf.conf.ipsec" # And since I thought I could isolate the problem by emptying the to-be loaded file and then put the rules back one-by-one until I hit the error, I started out with this, but still got the error message above: # ls -l pf.conf.ipsec -rw--- 1 root wheel 0 Apr 1 11:19 pf.conf.ipsec IOW, the error is produced by the "load anchor" statement shown above, which is not uncovered by running a syntax check on the file, also not using "-v". Kind regards, --Toni++
Re: -current (GENERIC.MP#148 amd64): cannot load anchor from file
On Thu, Apr 1, 2010 at 2:49 AM, Toni Mueller wrote: > I'm trying to run my pf setup on the latest -current/amd64 like this: > > # pfctl -n -f pf.conf (gives no error or warning) > # pfctl -f pf.conf > pfctl: pfctl_rules > pfctl: load anchors > pfctl: DIOCXROLLBACK: Invalid argument This is generally caused by mismatched kernel and userland. How confident are you that yours were built from the same/matching sources? Philip Guenther
Re: -current (GENERIC.MP#148 amd64): cannot load anchor from file
Hi, thanks for answering! On Thu, 01.04.2010 at 10:28:16 -0700, Philip Guenther wrote: > This is generally caused by mismatched kernel and userland. How > confident are you that yours were built from the same/matching > sources? I installed these files from my installation server, to which I downloaded a snapshot: $ sha256sum bsd.mp /tmp/sbin/pfctl d033f27afacc2c7b226a55ed5e8641510921723880d6adbd0d1365ae1e25ad98 bsd.mp 41823dcad3b42f7a89a7b5c44c0b0798a317e2bb2663dcb53f2358dd7a9930c7 /tmp/sbin/pfctl This version of pfctl is contained in this base set: $ sha256sum base47.tgz 94e7322961eb9c23a1ea52aa17580aff14127e82afcc251ac9c0543d973ebba1 base47.tgz On the installed system, I find these files: $ cksum -a sha256 /bsd /sbin/pfctl SHA256 (/bsd) = d033f27afacc2c7b226a55ed5e8641510921723880d6adbd0d1365ae1e25ad98 SHA256 (/sbin/pfctl) = 41823dcad3b42f7a89a7b5c44c0b0798a317e2bb2663dcb53f2358dd7a9930c7 IOW, the checksums match, and they also match with the values specified in the SHA256 file that I downloaded from the same source, so I'm confident that the programs should have been built from the same sources. Kind regards, --Toni++