> bash-3.00# ifconfig sppp0 modlist > 0 ip > 1 pfil > 2 sppp > > And then it works!!! :-) > > I wonder why there is no ipf module present in Solaris 10 (at least I > couldn't find one).
There should be. Are you saying there was no /kernel/drv/ipf ? (I forget and don't have an S10 box handy to check /kernel vs /usr/kernel.) > Also it seems that I always have to manually insert > pfil to sppp0 (or write a script to do it). Hmm, there is no /etc/hostname.sppp0, is there ? What about if you put the ifconfig command in a script run as the "chat" script for pppd ? > I had one system freeze after establishing the connection, reloading my > ruleset and inserting pfil to sppp0. When sutting down the system panics > if sppp0 was up at some point but not otherwise (it seems to be similar > to John Cecere's recent post). If the system freezes, try to STOP-A or "break" or L1-A to get back to PROM and do a "sync" to create a crash dump so the problem can be analysed. > IMO the testing indicates that the ipfilter version shipped with Solaris > 10 is to blame for the problems I had initially. I would like to fill a > bug report but I could not find any infomation on Sun's website about > how to do it. http://sunsolve.sun.com Given that people are going to ask the question "why" about this, I'll explain it once, now.. The pfil/ipfilter modules shipped with Solaris10 do not support modinsert because the mechanisms needed in order to discover information about the stream after the modinsert are not proper APIs and are their use, within Solaris as a product, is not allowed. For most of the ipfilter/pfil features we have been able to implement them in different ways to work around the API issue, for example, pfild is required with the S10 pfil in order for it to get interface address information that ipfilter otherwise gets straight from a kernel structure. Darren
