Bug 192677 - pfctl iotcl buffer to small for bigger spamd blacklists
Summary: pfctl iotcl buffer to small for bigger spamd blacklists
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 10.0-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-pf (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-15 11:08 UTC by Simon Krenz
Modified: 2016-02-25 07:35 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Krenz 2014-08-15 11:08:32 UTC 
I installed spamd-4.9.1_2 and wanted to use its blacklist und tarpitting capabilities which I were used to in OpenBSD. If you are using the 'nixspam' and 'uatraps' lists for blacklisting mode nearly 100.000 entries need to be inserted to a pf table.

The debug output looks likes this:

    foo@bar#: spamd-setup -d -b
    Getting http://www.openbsd.org/spamd/nixspam.gz
    blacklist nixspam 40000 entries
    Getting http://www.openbsd.org/spamd/traplist.gz
    blacklist uatraps 65946 entries
    foo@bar#: pfctl: Bad address.

It seems that the pfctl ioctl buffer is to small to load that much entries. If I remembered correct this problem wasn't there in FreeBSD 9 and I didn't see it in OpenBSD.

There is also a FreeBSD Forum post from another guy regarding the same problem: https://forums.freebsd.org/viewtopic.php?t=45879
Comment 1 Kristof Provost freebsd_committer freebsd_triage 2016-02-25 07:35:51 UTC 
This was first tackled in r286862, and fully fixed in r296025 (see bug #207463).