Logan O'Sullivan Bruns
unread,Mar 6, 2012, 2:44:45 PM3/6/12You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Hi Darren,
If it is helpful here are a few very minor changes I made to get ipf
5.1.1 working on my openindiana configuration.
For the 64 bit kernel build on intel it seems to need -xmodel=kernel
(using solarisstudio 12.3):
--- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800
+++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800
@@ -98,7 +98,7 @@
XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s"
if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then
XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s"
- XARCH64_i386="$XARCH32 -m64"
+ XARCH64_i386="$XARCH32 -m64 -xmodel=kernel"
else
XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32"
XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
To work around a missing header error:
--- ip_fil5.1.1/ipsend/ipsend.h 2006-06-15 09:31:45.000000000 -0700
+++ ip_fil5.1.1-patched/ipsend/ipsend.h 2012-02-27 21:40:25.165142645 -0800
@@ -26,8 +26,11 @@
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
-#endif
+#elif defined(SOLARIS2)
+#include <netinet/tcpip.h>
+#else
#include "tcpip.h"
+#endif
#include "ipt.h"
extern int resolve __P((char *, char *));
To correctly select neti instead of pfil when building a zone and neti
can't be directly checked:
--- ip_fil5.1.1/SunOS5/Makefile 2012-01-27 05:44:14.000000000 -0800
+++ ip_fil5.1.1-patched/SunOS5/Makefile 2012-02-28 01:29:27.660369539 -0800
@@ -235,13 +235,13 @@
$(CC) -I$(TOP) -DIPFILTER_COMPILED $(DFLAGS) -c $(OBJ)/ip_rules.c -o $@
$(OBJ)/ipfrule: $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o
- ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
+ /usr/ccs/bin/ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
$(OBJ)/ipf: $(MODOBJS)
- if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti ] ; then \
- ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
+ if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti -o `uname -r | cut -d. -f2` -ge 11 ] ; then \
+ /usr/ccs/bin/ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
else \
- ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
+ /usr/ccs/bin/ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
fi
$(CTFMERGE) $@ $(MODOBJS)
And perhaps not the best complete fix since it still harmless tries
modload but a change to make ipfboot work in a zone:
--- ip_fil5.1.1/SunOS5/ipfboot 2009-05-01 10:52:04.000000000 -0700
+++ ip_fil5.1.1-patched/SunOS5/ipfboot 2012-03-06 08:46:02.034381607 -0800
@@ -7,7 +7,7 @@
IP6FILCONF=${IPFBASE}/ipf6.conf
IPNATCONF=${IPFBASE}/ipnat.conf
IPPOOLCONF=${IPFBASE}/ippool.conf
-if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti ] ; then
+if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti -o x`zonename` != xglobal ] ; then
PFILCHECKED=yes
else
PFILCHECKED=no
Thanks,
logan