Re: NPF - npfctl_config_send: Invalid argument

["D'Arcy J.M. Cain" <darcy%NetBSD.org@localhost>]

On Thu, 14 Apr 2016 20:13:57 +0000
coypu%SDF.ORG@localhost wrote:
> > npfctl: source /usr/src/sys/net/npf/npf_ctl.c line 174
> > npfctl: npfctl_config_send: Invalid argument
> > 
> > That source reference doesn't seem to sync to anything in the actual
> > source.  Anyone know what this message indicates?
> 
> Looks like npf_mk_table_entries(t, ents) returned EINVAL.

Thanks.  It still doesn't tell me what I did wrong in the config.  I
have to assume that npf doesn't fail for everyone.  Here's my config in
case it offers clues.  Also, since I am just switching from pf any
critique of the way I am doing things is welcome.

# $Id$                                                 
# Common npf.conf for Vex.Net
 
$ext_if = inet4(bge0)
$int_if = inet4(bge1)
 
# These tables include IPs personally known to us.
table <FRIENDS> type tree file "/VEX/general/npf/friends.list"
table <ENEMIES> type tree file "/VEX/general/npf/enemies.list"
 
# The auto block table is built by a script examining attacks
table <AUTOBLOCK> type tree dynamic
 
group "eth0" on $ext_if {
    pass in final family inet4 proto icmp all 
    pass stateful in final from <FRIENDS>
    pass stateful out final from <FRIENDS> 
    pass in final proto udp from any port ntp 
    block in final from any port auth 
    block in final from <ENEMIES> 
    block in final from <AUTOBLOCK> 
}
 
group default {
    pass final on lo0 all
    pass final on bge1 all
    block all
}


-- 
D'Arcy J.M. Cain <darcy%NetBSD.org@localhost>
http://www.NetBSD.org/ IM:darcy%Vex.Net@localhost