Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
minor porting notes for ipf 5.1.1 on openindiana
10 views
Skip to first unread message
Logan O'Sullivan Bruns
Mar 6, 2012, 2:44:45 PM3/6/12
to
Hi Darren,
If it is helpful here are a few very minor changes I made to get ipf
5.1.1 working on my openindiana configuration.
For the 64 bit kernel build on intel it seems to need -xmodel=kernel
(using solarisstudio 12.3):
--- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800
+++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800
@@ -98,7 +98,7 @@
XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s"
if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then
XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s"
- XARCH64_i386="$XARCH32 -m64"
+ XARCH64_i386="$XARCH32 -m64 -xmodel=kernel"
else
XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32"
XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
To work around a missing header error:
--- ip_fil5.1.1/ipsend/ipsend.h 2006-06-15 09:31:45.000000000 -0700
+++ ip_fil5.1.1-patched/ipsend/ipsend.h 2012-02-27 21:40:25.165142645 -0800
@@ -26,8 +26,11 @@
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
-#endif
+#elif defined(SOLARIS2)
+#include <netinet/tcpip.h>
+#else
#include "tcpip.h"
+#endif
#include "ipt.h"
extern int resolve __P((char *, char *));
To correctly select neti instead of pfil when building a zone and neti
can't be directly checked:
--- ip_fil5.1.1/SunOS5/Makefile 2012-01-27 05:44:14.000000000 -0800
+++ ip_fil5.1.1-patched/SunOS5/Makefile 2012-02-28 01:29:27.660369539 -0800
@@ -235,13 +235,13 @@
$(CC) -I$(TOP) -DIPFILTER_COMPILED $(DFLAGS) -c $(OBJ)/ip_rules.c -o $@
$(OBJ)/ipfrule: $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o
- ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
+ /usr/ccs/bin/ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
$(OBJ)/ipf: $(MODOBJS)
- if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti ] ; then \
- ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
+ if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti -o `uname -r | cut -d. -f2` -ge 11 ] ; then \
+ /usr/ccs/bin/ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
else \
- ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
+ /usr/ccs/bin/ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
fi
$(CTFMERGE) $@ $(MODOBJS)
And perhaps not the best complete fix since it still harmless tries
modload but a change to make ipfboot work in a zone:
--- ip_fil5.1.1/SunOS5/ipfboot 2009-05-01 10:52:04.000000000 -0700
+++ ip_fil5.1.1-patched/SunOS5/ipfboot 2012-03-06 08:46:02.034381607 -0800
@@ -7,7 +7,7 @@
IP6FILCONF=${IPFBASE}/ipf6.conf
IPNATCONF=${IPFBASE}/ipnat.conf
IPPOOLCONF=${IPFBASE}/ippool.conf
-if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti ] ; then
+if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti -o x`zonename` != xglobal ] ; then
PFILCHECKED=yes
else
PFILCHECKED=no
Thanks,
logan
If it is helpful here are a few very minor changes I made to get ipf
5.1.1 working on my openindiana configuration.
For the 64 bit kernel build on intel it seems to need -xmodel=kernel
(using solarisstudio 12.3):
--- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800
+++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800
@@ -98,7 +98,7 @@
XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s"
if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then
XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s"
- XARCH64_i386="$XARCH32 -m64"
+ XARCH64_i386="$XARCH32 -m64 -xmodel=kernel"
else
XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32"
XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
To work around a missing header error:
--- ip_fil5.1.1/ipsend/ipsend.h 2006-06-15 09:31:45.000000000 -0700
+++ ip_fil5.1.1-patched/ipsend/ipsend.h 2012-02-27 21:40:25.165142645 -0800
@@ -26,8 +26,11 @@
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
-#endif
+#elif defined(SOLARIS2)
+#include <netinet/tcpip.h>
+#else
#include "tcpip.h"
+#endif
#include "ipt.h"
extern int resolve __P((char *, char *));
To correctly select neti instead of pfil when building a zone and neti
can't be directly checked:
--- ip_fil5.1.1/SunOS5/Makefile 2012-01-27 05:44:14.000000000 -0800
+++ ip_fil5.1.1-patched/SunOS5/Makefile 2012-02-28 01:29:27.660369539 -0800
@@ -235,13 +235,13 @@
$(CC) -I$(TOP) -DIPFILTER_COMPILED $(DFLAGS) -c $(OBJ)/ip_rules.c -o $@
$(OBJ)/ipfrule: $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o
- ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
+ /usr/ccs/bin/ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
$(OBJ)/ipf: $(MODOBJS)
- if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti ] ; then \
- ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
+ if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti -o `uname -r | cut -d. -f2` -ge 11 ] ; then \
+ /usr/ccs/bin/ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
else \
- ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
+ /usr/ccs/bin/ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
fi
$(CTFMERGE) $@ $(MODOBJS)
And perhaps not the best complete fix since it still harmless tries
modload but a change to make ipfboot work in a zone:
--- ip_fil5.1.1/SunOS5/ipfboot 2009-05-01 10:52:04.000000000 -0700
+++ ip_fil5.1.1-patched/SunOS5/ipfboot 2012-03-06 08:46:02.034381607 -0800
@@ -7,7 +7,7 @@
IP6FILCONF=${IPFBASE}/ipf6.conf
IPNATCONF=${IPFBASE}/ipnat.conf
IPPOOLCONF=${IPFBASE}/ippool.conf
-if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti ] ; then
+if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti -o x`zonename` != xglobal ] ; then
PFILCHECKED=yes
else
PFILCHECKED=no
Thanks,
logan
Darren Reed
Mar 6, 2012, 4:20:14 PM3/6/12
to
On 7/03/2012 6:44 AM, Logan O'Sullivan Bruns wrote:
Hi Darren, If it is helpful here are a few very minor changes I made to get ipf 5.1.1 working on my openindiana configuration. For the 64 bit kernel build on intel it seems to need -xmodel=kernel (using solarisstudio 12.3): --- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800 +++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800 @@ -98,7 +98,7 @@ XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s" if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s" - XARCH64_i386="$XARCH32 -m64" + XARCH64_i386="$XARCH32 -m64 -xmodel=kernel" else XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32" XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
I've never required that before to build for the kernel with
sun studio. I wonder what's changed...
3497984 sunstudio 12.3 build errors for kernel
To correctly select neti instead of pfil when building a zone and neti can't be directly checked:
In this set of changes, you had included explicit paths to
/usr/ccs/bin/ld. Was this actually required?
The script that starts the build on Solaris, buildsunos, should
result in /usr/ccs/bin being placed at the start of $PATH. Was
this not working for you?
I think what you mean is "when building inside a zone" rather than
"when building a zone", correct?
And perhaps not the best complete fix since it still harmless tries modload but a change to make ipfboot work in a zone:
Logan O'Sullivan Bruns
Mar 6, 2012, 6:54:59 PM3/6/12
to
On Wed, Mar 07, 2012 at 08:20:14AM +1100, Darren Reed wrote:
> > To correctly select neti instead of pfil when building a zone and neti
> > can't be directly checked:
>
> In this set of changes, you had included explicit paths to
> /usr/ccs/bin/ld. Was this actually required?
No, it wasn't. I should have removed that change.
> > To correctly select neti instead of pfil when building a zone and neti
> > can't be directly checked:
>
> In this set of changes, you had included explicit paths to
> /usr/ccs/bin/ld. Was this actually required?
Thanks,
logan
0 new messages