Thanks, Darren. Helpful as always.
> gcc -fno-hosted
>
> Shouldn't the default gcc flags have "-fno-hosted" for both
> pfil and ipf to avoid these error message when loading the
> kernel modules:
>
> unix: WARNING: mod_load: cannot load module 'pfil'
> unix: /kernel/drv/sparcv9/pfil: undefined symbol
> unix: 'memset'
Actually, I think the problem is the missing -ffreestanding.
The man pages for my gcc says that "-ffreestanding" is synonymous
with "-fno-hosted" but I like your version better since it's more
descriptive.
> Missing /usr/xpg4/bin/grep
So in that case the actual statement needs to look like this:
MIOCPULLUP:sh=/usr/ccs/bin/nm -p /dev/ksyms|grep miocpullup >/dev/null
2>&1; if ...
Does that work for you?
If it works for you, it works for me. You can even specify "/usr/bin/grep"
since SUNWcsu is not what you would call "optional".
What I essentially did was find all instances of /usr/xpg4/bin/grep
(and it always used with the -q flag) and replaced it with the "grep
/dev/null" construct. I took this cue from the GNU grep man pages
-s, --no-messages
Suppress error messages about nonexistent or unreadable
files. Portability note: unlike GNU grep, traditional
grep did not conform to POSIX.2, because traditional
grep lacked a -q option and its -s option behaved like
GNU grep's -q option. Shell scripts intended to be
portable to traditional grep should avoid both -q and
-s and should redirect output to /dev/null instead.
Don't forget about
pfil/SunOS/postinstall
> arc4random.c
> ...
> It looks like some bug in the system header rather than ipfilter
> (or perhaps I'm using the wrong OS specific gcc). Whatever the
> reason, since it doesn't seem to be required, can't this include
> statemen just be removed?
I've got a funny feeling that it is needed, somewhere else...
It feels like I should upload a 4.1.32-RC0.
I sympathize with your attempt at trying to maintain a working code
base across many architectures, OS's, versions, and compilers.
> Kernel crash?
>
> When should IPF be recompiled? Every time "uname -v" changes, or
> perhaps only when the major patch# changes?
To be safe, every time "uname -v" changes.
What a pain. But then again, one of the Solaris10 patch bundles I tried
completely rendered the system inoperable.
To diagnose crashes on Solaris 8 and 9, download this package:
http://coombs.anu.edu.au/~avalon/CTEact-8.5.17.tar.gz
http://coombs.anu.edu.au/~avalon/CTEactx-8.5.17.tar.gz
.. install that and email me the act.# file from /var/crash/foo.
I'll have a look at it and send you the results. I am re-introducing
firewall rules back into ipf.conf to see if I can narrow the rule that
triggers the crash.
Joseph Tam <[email protected]>
