PFCONF_FILENAME doesn't working

[daitlq]

Hi and sorry for my poor English.

I have a problem when buid for MacOS. When I run command "make client_install_macosx", I have an error with PFCONF_FILENAME:

macosx/capture.c:59:37: error: expected ',' or ';' before 'PFCONF_FILENAME'
"/sbin/pactl -a " ANCHOR " -f " PFCONF_FILENAME;

Please guide me for fix this bug.
Thanks!

[basil00]

Thanks for the report. It should be fixed now, so please try again.

[daitlq]

Thanks for your support. I tried but it is not fixed yet.

But, when I tried to add this code in file misc.h to build and it was successful:

#ifdef MACOSX
#define PFCONF_FILENAME             PROGRAM_NAME ".pf.conf"
#endif

So, after built I received reqrypt-1.4.0-macosx file. And I have an error when run sudo ./reqrypt-1.4.0-macosx:

pactl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
reqrypt.pf.conf:17: syntax error
reqrypt.pf.conf:18: syntax error
reqrypt.pf.conf:19: syntax error
reqrypt.pf.conf:20: syntax error
pactl: Syntax error in config file: pf rules not loaded
error: pfctl command returned non-zero exit status 256
reqrypt-1.4.0-macosx(24100,0x700008399000) malloc: *** error for object 0x10617c480: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
log: [macosx] caught deadly signal 6; cleaning up pf state
error: caught deadly signal 6; exitting

Can you tell me what should I do next? Thanks for your support.

[basil00]

Unfortunately I don't have a Mac, so have only tested the reqrypt.pf.conf file on OpenBSD. But maybe we can get it working:

First, if you have not already done so, add the following line to /etc/pf.conf

anchor reqrypt

Next you need to enable the firewall.

System Preferences -> Security & Privacy -> Firewall -> Turn On Firewall

This should fix the "No ALTQ support" error. The syntax errors might be a different issue, I am not sure. The malloc error looks like a bug in ReQrypt which I will investigate later.

[daitlq]

Before, I have already added anchor reqrypt to pf.conf. This is my /etc/pf.conf:

scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
anchor reqrypt

And I have already turned on firewall.

So, it's not working.

Have you any idea about error:

reqrypt.pf.conf:17: syntax error
reqrypt.pf.conf:18: syntax error
reqrypt.pf.conf:19: syntax error
reqrypt.pf.conf:20: syntax error
pactl: Syntax error in config file: pf rules not loaded

Thanks for your support!

[basil00]

Try deleting the following line from the reqrypt.pf.conf file in the .reqrypt directory:

set reassemble no

It seems OpenBSD and FreeBSD/MacOSX have syntax differences.

[daitlq]

Sorry, I can't find the reqrypt.pf.conf file in reqrypt folder. It seems function install_file in install\install.c not working.

[basil00]

The source file is src/install/install.pf.conf, and the installed version is ~/.reqrypt/reqrypt.pf.conf. Note that it will not overwrite a previously installed version, so you should modify both.

I am not sure if it will fix the issue but it is worth a try.

[nakoo]

I have same issue here. I tried everything you guys said. In my case, there is no .reqrypt folder and
so that I couldn't find reqrypt.pf.conf when I succeed building.

[nakoo]

Here is log.

ReQrypt 1.4.1 [macosx] Copyright (C) 2017 basil
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

log: starting reqrypt user interface http://localhost:40404/
log: [macosx] executing pfctl command "/sbin/pactl -a reqrypt -f reqrypt.pf.conf"
pactl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
reqrypt.pf.conf:17: syntax error
reqrypt.pf.conf:18: syntax error
reqrypt.pf.conf:19: syntax error
reqrypt.pf.conf:20: syntax error
pactl: Syntax error in config file: pf rules not loaded
error: pfctl command returned non-zero exit status 256
warning: unable to accept incoming connection to configuration server localhost:40404 from non-local address
warning: unable to accept incoming connection to configuration server localhost:40404 from non-local address

[basil00]

I am not sure what the problem is as I still do not have a Mac. I notice there is a No ALTQ support in kernel message which might mean that divert sockets are disabled, in which case you need to enable them somehow. For the "syntax errors", it might mean there is a different syntax for the filtering rules compared to BSD, in which case somebody knowledgeable would need to port them.