Re: "npfctl validate" error non-message

[Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>]

Hauke Fath <hf%spg.tu-darmstadt.de@localhost> wrote:
> On Sun, 15 Jan 2017 19:22:31 +0000, Mindaugas Rasiukevicius wrote:
> > Hauke Fath <hf%spg.tu-darmstadt.de@localhost> wrote:
> >> On 01/14/17 14:13, Hauke Fath wrote:
> >>> # npfctl validate /etc/npf.conf
> >>> npfctl: address family mismatch
> >>> #
> >> 
> > It is because of the IPv4 and IPv6 address mixing.
> 
> That's what I figured out in the end, by commenting out any lines that 
> looked remotely related. 
> 
> I guess my point is that the error message was useless in the face of a 
> 300 line rule set. Any line that the parser objects to it should point 
> out with (at least) the line number.

I agree and it generally does.  There are a few cases where these checks
happen post-parsing and at that point it does not know the line number.
Unfortunately, there are many wish-lists and few very few volunteers who
have free time to work on these little problems.

> In the end, I gave up on npf when I ran into an
> 
> Enabling NPF.
> npfctl: npfctl_config_send: Invalid argument
> 
> which I was not able to debug.

Seems like you might have ran into the proplib limitation mentioned in
the other thread.  ioctl() returned EINVAL before reaching the NPF code
so it did not report anything meaningful.  It is now fixed in -current.

-- 
Mindaugas