Re: question about ipl.ko
Hello, Crist! You wrote to Sergey Mokryshev [EMAIL PROTECTED] on Tue, 20 Aug 2002 11:15:20 -0700: [skipped] $ grep PFIL /usr/src/sys/i386/conf/AMBER options PFIL_HOOKS You need to include options PFIL_HOOKS in your kernel configuration to be able to use ipfilter as a loadable module. CJC But what's the point? PFIL_HOOKS only used by IPFilter. If you CJC are going to be recompiling a kernel, you might just as well CJC compile in options IPFILTER and be done with it. PFIL hooks is a generic kernel interface and can be used by other programs that work with network. Another point - you can upgrade ipfilter stuff without rebooting, it is useful in situations where minimum downtime is possible. PFIL_HOOKS does not add much functionality to the kernel and I always turn this on on every box. Sergey Mokryshev. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: question about ipl.ko
Another point - you can upgrade ipfilter stuff without rebooting, it is useful in situations where minimum downtime is possible. PFIL_HOOKS does not add much functionality to the kernel and I always turn this on on every box. I think you are missing his point though. Some people kldload ipl.ko because they don't want to recompile their kernel. IF they recompile it with PFIL_HOOKS might as well do ipfilter at the same time. -- David W. Chapman Jr. [EMAIL PROTECTED] Raintree Network Services, Inc. www.inethouston.net [EMAIL PROTECTED] FreeBSD Committer www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: question about ipl.ko
(removed questions@ from Cc) Hello, David! You wrote to Sergey Mokryshev [EMAIL PROTECTED] on Wed, 21 Aug 2002 11:26:32 -0500: Another point - you can upgrade ipfilter stuff without rebooting, it is useful in situations where minimum downtime is possible. PFIL_HOOKS does not add much functionality to the kernel and I always turn this on on every box. DWC I think you are missing his point though. Some people kldload DWC ipl.ko because they don't want to recompile their kernel. IF DWC they recompile it with PFIL_HOOKS might as well do ipfilter at DWC the same time. No, David. I understand it. For those who load modules dynamically because they don't want to recompile kernel this is not a solution. My practice is to load modules dynamically to share the same kernel between several boxes. One of this PCs works as a firewall, another one serve my personal CVS repository and works as a test box (there are other machines running -CURRENT and virtually all use the same kernel and modules). Some time ago I tried to upgrade IPFilter on the fly (kldunload kldload) and it worked like a charm. It is an endless discussion, and I really don't want to continue. I wrote a letter because I disagree with Crist J. Clark CJC Both. If you are getting an 'Exec format error,' there is CJC something wrong at your end. However, ipl.ko has been broken in CJC CURRENT for a long time (over a year at least) and will not CJC load (albeit with a different error message). No, ipl.ko is not broken. It depends on pfil(9). Sincerely yours, Sergey Mokryshev. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: question about ipl.ko
No, ipl.ko is not broken. It depends on pfil(9). Shouldn't we try to make a pfil.ko that ipl.ko depends on then? -- David W. Chapman Jr. [EMAIL PROTECTED] Raintree Network Services, Inc. www.inethouston.net [EMAIL PROTECTED] FreeBSD Committer www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: question about ipl.ko
Hello, David! You wrote to Sergey Mokryshev [EMAIL PROTECTED] on Wed, 21 Aug 2002 12:07:43 -0500: No, ipl.ko is not broken. It depends on pfil(9). DWC Shouldn't we try to make a pfil.ko that ipl.ko depends on then? I make a brief look into code (I am not a kernel hacker nor a programmer). There are a few files with PFIL_HOOKS-dependant #ifdefs, but it is strongly tied with the code. /sys/net/bridge.c /sys/netinet/ip_input.c /sys/netinet/ip_output.c /sys/netinet6/ip6_forward.c /sys/netinet6/ip6_input.c /sys/netinet6/ip6_output.c Darren Reed has some pieces of code on his site, but I did not read it. ftp://coombs.anu.edu.au/pub/net/ip-filter/pfil-1.26.tar.gz According to pfil(9) manual --- BUGS The current pfil implementation will need changes to suit a threaded ker- nel model. --- May be this is the reason not to make it default. Sincerely yours, Sergey Mokryshev. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: question about ipl.ko
There are a few files with PFIL_HOOKS-dependant #ifdefs, but it is strongly tied with the code. /sys/net/bridge.c /sys/netinet/ip_input.c /sys/netinet/ip_output.c /sys/netinet6/ip6_forward.c /sys/netinet6/ip6_input.c /sys/netinet6/ip6_output.c Darren Reed has some pieces of code on his site, but I did not read it. ftp://coombs.anu.edu.au/pub/net/ip-filter/pfil-1.26.tar.gz According to pfil(9) manual --- BUGS The current pfil implementation will need changes to suit a threaded ker- nel model. --- May be this is the reason not to make it default. I'm sure there is probably some reason, but if we can make it a kld, there shouldn't be a reason we can't make ipl.ko depend on it. I do not do much coding so I don't know if its even possible to do it as a kld -- David W. Chapman Jr. [EMAIL PROTECTED] Raintree Network Services, Inc. www.inethouston.net [EMAIL PROTECTED] FreeBSD Committer www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: question about ipl.ko
Hello, Crist! You wrote to Radko Keves [EMAIL PROTECTED] on Fri, 16 Aug 2002 12:38:54 -0700: CJC On Fri, Aug 16, 2002 at 03:01:47PM +0200, Radko Keves wrote: i try to load ipl.ko #kldload -v /boot/kernel/ipl.ko kldload: can't load /boot/kernel/ipl.ko: Exec format error CJC [snip] it's my problem, for example in the kernel module loading sequence, or current problem ? CJC Both. If you are getting an 'Exec format error,' there is CJC something wrong at your end. However, ipl.ko has been broken in CJC CURRENT for a long time (over a year at least) and will not CJC load (albeit with a different error message). CJC -- $ uname -a FreeBSD amber.mokr.net 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Wed Aug 14 18:41:05 MSD 2002 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/AMBER i386 $ kldstat Id Refs AddressSize Name 1 15 0xc010 2cc000 kernel 21 0xc03cd000 5760 vesa.ko 31 0xc03d3000 5160 snd_ich.ko 42 0xc03d9000 1a88csnd_pcm.ko 51 0xc03f4000 d378 agp.ko 61 0xc0402000 3cb30acpi.ko 71 0xc26f4000 5000 linprocfs.ko 82 0xc27b9000 14000linux.ko 91 0xc27ed000 15000ipl.ko 101 0xc28ac000 2000 rtc.ko $ grep PFIL /usr/src/sys/i386/conf/AMBER options PFIL_HOOKS You need to include options PFIL_HOOKS in your kernel configuration to be able to use ipfilter as a loadable module. Sincerely yours, Sergey Mokryshev. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: question about ipl.ko
On Fri, 16 Aug 2002 15:01:47 +0200 Radko Keves wrote: i try to load ipl.ko #kldload -v /boot/kernel/ipl.ko kldload: can't load /boot/kernel/ipl.ko: Exec format error try `kldload ipl' -- /\ http://corecode.ath.cx/#donate \ / \ ASCII Ribbon Campaign / \ Against HTML Mail and News msg41966/pgp0.pgp Description: PGP signature
question about ipl.ko
i try to load ipl.ko #kldload -v /boot/kernel/ipl.ko kldload: can't load /boot/kernel/ipl.ko: Exec format error #kldstat Id Refs AddressSize Name 1 10 0xc010 45fd04 kernel 21 0xc056 1b410linux.ko 32 0xc057c000 90f0 ipfw.ko 41 0xc0586000 5374 ip6fw.ko 51 0xc058c000 e6d8 agp.ko 61 0xc059b000 77d8 dummynet.ko 71 0xc2d9a000 16000nfsserver.ko #dmesg FreeBSD 5.0-CURRENT #4: Wed Aug 14 13:46:59 CEST 2002 root@kripel:/usr/src/sys/i386/compile/angel Preloaded elf kernel /boot//kernel/kernel at 0xc05a4000. Preloaded elf module /boot//kernel/linux.ko at 0xc05a40ac. Preloaded elf module /boot//kernel/ipfw.ko at 0xc05a4158. Preloaded elf module /boot//kernel/ip6fw.ko at 0xc05a4204. Preloaded elf module /boot//kernel/agp.ko at 0xc05a42b0. Preloaded elf module /boot//kernel/dummynet.ko at 0xc05a435c. it's my problem, for example in the kernel module loading sequence, or current problem ? thank -- -- bye R.R.K.K. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: question about ipl.ko
On Fri, Aug 16, 2002 at 03:01:47PM +0200, Radko Keves wrote: i try to load ipl.ko #kldload -v /boot/kernel/ipl.ko kldload: can't load /boot/kernel/ipl.ko: Exec format error [snip] it's my problem, for example in the kernel module loading sequence, or current problem ? Both. If you are getting an 'Exec format error,' there is something wrong at your end. However, ipl.ko has been broken in CURRENT for a long time (over a year at least) and will not load (albeit with a different error message). -- Crist J. Clark | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://people.freebsd.org/~cjc/| [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
