info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
minor porting notes for ipf 5.1.1 on openindiana
8 views
Skip to first unread message
Logan O'Sullivan Bruns
Mar 6, 2012, 2:44:45 PM3/6/12
to
Hi Darren,
If it is helpful here are a few very minor changes I made to get ipf
5.1.1 working on my openindiana configuration.
For the 64 bit kernel build on intel it seems to need -xmodel=kernel
(using solarisstudio 12.3):
--- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800
+++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800
@@ -98,7 +98,7 @@
XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s"
if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then
XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s"
- XARCH64_i386="$XARCH32 -m64"
+ XARCH64_i386="$XARCH32 -m64 -xmodel=kernel"
else
XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32"
XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
To work around a missing header error:
--- ip_fil5.1.1/ipsend/ipsend.h 2006-06-15 09:31:45.000000000 -0700
+++ ip_fil5.1.1-patched/ipsend/ipsend.h 2012-02-27 21:40:25.165142645 -0800
@@ -26,8 +26,11 @@
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
-#endif
+#elif defined(SOLARIS2)
+#include <netinet/tcpip.h>
+#else
#include "tcpip.h"
+#endif
#include "ipt.h"
extern int resolve __P((char *, char *));
To correctly select neti instead of pfil when building a zone and neti
can't be directly checked:
--- ip_fil5.1.1/SunOS5/Makefile 2012-01-27 05:44:14.000000000 -0800
+++ ip_fil5.1.1-patched/SunOS5/Makefile 2012-02-28 01:29:27.660369539 -0800
@@ -235,13 +235,13 @@
$(CC) -I$(TOP) -DIPFILTER_COMPILED $(DFLAGS) -c $(OBJ)/ip_rules.c -o $@
$(OBJ)/ipfrule: $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o
- ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
+ /usr/ccs/bin/ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
$(OBJ)/ipf: $(MODOBJS)
- if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti ] ; then \
- ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
+ if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti -o `uname -r | cut -d. -f2` -ge 11 ] ; then \
+ /usr/ccs/bin/ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
else \
- ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
+ /usr/ccs/bin/ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
fi
$(CTFMERGE) $@ $(MODOBJS)
And perhaps not the best complete fix since it still harmless tries
modload but a change to make ipfboot work in a zone:
--- ip_fil5.1.1/SunOS5/ipfboot 2009-05-01 10:52:04.000000000 -0700
+++ ip_fil5.1.1-patched/SunOS5/ipfboot 2012-03-06 08:46:02.034381607 -0800
@@ -7,7 +7,7 @@
IP6FILCONF=${IPFBASE}/ipf6.conf
IPNATCONF=${IPFBASE}/ipnat.conf
IPPOOLCONF=${IPFBASE}/ippool.conf
-if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti ] ; then
+if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti -o x`zonename` != xglobal ] ; then
PFILCHECKED=yes
else
PFILCHECKED=no
Thanks,
logan
If it is helpful here are a few very minor changes I made to get ipf
5.1.1 working on my openindiana configuration.
For the 64 bit kernel build on intel it seems to need -xmodel=kernel
(using solarisstudio 12.3):
--- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800
+++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800
@@ -98,7 +98,7 @@
XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s"
if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then
XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s"
- XARCH64_i386="$XARCH32 -m64"
+ XARCH64_i386="$XARCH32 -m64 -xmodel=kernel"
else
XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32"
XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
To work around a missing header error:
--- ip_fil5.1.1/ipsend/ipsend.h 2006-06-15 09:31:45.000000000 -0700
+++ ip_fil5.1.1-patched/ipsend/ipsend.h 2012-02-27 21:40:25.165142645 -0800
@@ -26,8 +26,11 @@
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
-#endif
+#elif defined(SOLARIS2)
+#include <netinet/tcpip.h>
+#else
#include "tcpip.h"
+#endif
#include "ipt.h"
extern int resolve __P((char *, char *));
To correctly select neti instead of pfil when building a zone and neti
can't be directly checked:
--- ip_fil5.1.1/SunOS5/Makefile 2012-01-27 05:44:14.000000000 -0800
+++ ip_fil5.1.1-patched/SunOS5/Makefile 2012-02-28 01:29:27.660369539 -0800
@@ -235,13 +235,13 @@
$(CC) -I$(TOP) -DIPFILTER_COMPILED $(DFLAGS) -c $(OBJ)/ip_rules.c -o $@
$(OBJ)/ipfrule: $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o
- ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
+ /usr/ccs/bin/ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
$(OBJ)/ipf: $(MODOBJS)
- if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti ] ; then \
- ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
+ if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti -o `uname -r | cut -d. -f2` -ge 11 ] ; then \
+ /usr/ccs/bin/ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
else \
- ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
+ /usr/ccs/bin/ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
fi
$(CTFMERGE) $@ $(MODOBJS)
And perhaps not the best complete fix since it still harmless tries
modload but a change to make ipfboot work in a zone:
--- ip_fil5.1.1/SunOS5/ipfboot 2009-05-01 10:52:04.000000000 -0700
+++ ip_fil5.1.1-patched/SunOS5/ipfboot 2012-03-06 08:46:02.034381607 -0800
@@ -7,7 +7,7 @@
IP6FILCONF=${IPFBASE}/ipf6.conf
IPNATCONF=${IPFBASE}/ipnat.conf
IPPOOLCONF=${IPFBASE}/ippool.conf
-if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti ] ; then
+if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti -o x`zonename` != xglobal ] ; then
PFILCHECKED=yes
else
PFILCHECKED=no
Thanks,
logan
Darren Reed
Mar 6, 2012, 4:20:14 PM3/6/12
to
On 7/03/2012 6:44 AM, Logan O'Sullivan Bruns wrote:
Hi Darren, If it is helpful here are a few very minor changes I made to get ipf 5.1.1 working on my openindiana configuration. For the 64 bit kernel build on intel it seems to need -xmodel=kernel (using solarisstudio 12.3): --- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800 +++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800 @@ -98,7 +98,7 @@ XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s" if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s" - XARCH64_i386="$XARCH32 -m64" + XARCH64_i386="$XARCH32 -m64 -xmodel=kernel" else XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32" XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
I've never required that before to build for the kernel with
sun studio. I wonder what's changed...
3497984 sunstudio 12.3 build errors for kernel
To correctly select neti instead of pfil when building a zone and neti can't be directly checked:
In this set of changes, you had included explicit paths to
/usr/ccs/bin/ld. Was this actually required?
The script that starts the build on Solaris, buildsunos, should
result in /usr/ccs/bin being placed at the start of $PATH. Was
this not working for you?
I think what you mean is "when building inside a zone" rather than
"when building a zone", correct?
And perhaps not the best complete fix since it still harmless tries modload but a change to make ipfboot work in a zone:
Logan O'Sullivan Bruns
Mar 6, 2012, 6:54:59 PM3/6/12
to
On Wed, Mar 07, 2012 at 08:20:14AM +1100, Darren Reed wrote:
> > To correctly select neti instead of pfil when building a zone and neti
> > can't be directly checked:
>
> In this set of changes, you had included explicit paths to
> /usr/ccs/bin/ld. Was this actually required?
No, it wasn't. I should have removed that change.
> > To correctly select neti instead of pfil when building a zone and neti
> > can't be directly checked:
>
> In this set of changes, you had included explicit paths to
> /usr/ccs/bin/ld. Was this actually required?
Thanks,
logan
0 new messages