On Sun, 2005-02-13 at 14:37 +1100, Darren Reed wrote: > > bash-3.00# ifconfig sppp0 modlist > > 0 ip > > 1 pfil > > 2 sppp > > > > And then it works!!! :-) > > > > I wonder why there is no ipf module present in Solaris 10 (at least I > > couldn't find one). > > There should be. Are you saying there was no /kernel/drv/ipf ? > (I forget and don't have an S10 box handy to check /kernel vs /usr/kernel.)
As Casper Dik alread said its in /usr/kernel/drv. I was not aware of /usr/kernel -- my fault, sorry. > > > Also it seems that I always have to manually insert > > pfil to sppp0 (or write a script to do it). > > Hmm, there is no /etc/hostname.sppp0, is there ? There isn't. If I add such a file I get an sppp0 interface but the IP address is invalid since it is assigned upon connection to my ISP. If I connect another interface (sppp1) is created. > > What about if you put the ifconfig command in a script run as the > "chat" script for pppd ? > > > I had one system freeze after establishing the connection, reloading my > > ruleset and inserting pfil to sppp0. When sutting down the system panics > > if sppp0 was up at some point but not otherwise (it seems to be similar > > to John Cecere's recent post). > > If the system freezes, try to STOP-A or "break" or L1-A to get back > to PROM and do a "sync" to create a crash dump so the problem can be > analysed. I don't know how to STOP-A or L1-A. I use Solaris on a x86 machine. > > > IMO the testing indicates that the ipfilter version shipped with Solaris > > 10 is to blame for the problems I had initially. I would like to fill a > > bug report but I could not find any infomation on Sun's website about > > how to do it. > > http://sunsolve.sun.com > > Given that people are going to ask the question "why" about this, > I'll explain it once, now.. > > The pfil/ipfilter modules shipped with Solaris10 do not support modinsert > because the mechanisms needed in order to discover information about the > stream after the modinsert are not proper APIs and are their use, within > Solaris as a product, is not allowed. For most of the ipfilter/pfil > features we have been able to implement them in different ways to work > around the API issue, for example, pfild is required with the S10 pfil > in order for it to get interface address information that ipfilter > otherwise gets straight from a kernel structure. > > Darren > For now I give up. Solaris' own ipfilter is clearly not working and using a self compiled ipfilter causes system crashes. I was quite determined to run Solaris but this and other issues are very frustrating. For over a week now I try to get it working properly with only very limited success. Given the fact that a lot of Sun people treat Linux like a child implying Solaris' technical superiority I expected more from this OS. This is not the place for such a rant but I am sick of it. I will look after the core files and report them later. Thanks again Darran for your advices! Kind Regards, Albert
