[PATCH] pf(4) patch from OpenBSD 4.5

Brandon Gooch jamesbrandongooch at gmail.com
Tue Oct 19 03:47:55 UTC 2010 

On Mon, Oct 18, 2010 at 1:10 PM, Ermal Luçi <eri at freebsd.org> wrote:
> Hello,
>
> the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for
> pf(4) as of OpenBSD 4.5 version.
> The patch is against HEAD.
> After OpenBSD 4.5 the syntax has changed and this is the reason for
> such an 'old' version patch.
>
> After importing this one the work will go on the newest version and
> decisions on it will than be done.
>
> Be aware that this patch has even support for VIMAGE/VNET.
> It will enable you to run pf(4) with[in] jails+vnets or just vnets
> themselves with separate rulesets
> and policies.
> pfsync(4) can be loaded as a module also with this patch.
>
> Feedback is very welcome.

Should this compile against HEAD, because I think we're missing a header:

brandon at x300:~$ cd /usr/src
brandon at x300:/usr/src$ patch < ~/pf45_1.diff
brandon at x300:/usr/src$ cd /usr/src/sys/modules/pf
brandon at x300:modules/pf$ sudo make
Warning: Object directory not changed from original /usr/src/sys/modules/pf
@ -> /usr/src/sys
machine -> /usr/src/sys/amd64/include
echo "#define DEV_PF 1" > opt_pf.h
echo "#define DEV_PFLOG 1" >> opt_pf.h
echo "#define DEV_PFSYNC 1" >> opt_pf.h
echo "#define DEV_PFLOW 1" >> opt_pf.h
echo "#define INET 1" > opt_inet.h
echo "#define INET6 1" > opt_inet6.h
echo "#define DEV_BPF 1" > opt_bpf.h
:> opt_global.h
clang -O2 -pipe -fno-strict-aliasing -D_KERNEL -DKLD_MODULE -nostdinc
-I/usr/src/sys/modules/pf/../../contrib/pf -I. -I@ -I@/contrib/altq
-fno-common  -fno-omit-frame-pointer  -mcmodel=kernel -mno-red-zone
-mfpmath=387 -mno-sse -mno-sse2 -mno-sse3 -mno-mmx -mno-3dnow
-msoft-float -fno-asynchronous-unwind-tables -ffreestanding
-fstack-protector -std=iso9899:1999 -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions -c
/usr/src/sys/modules/pf/../../contrib/pf/net/pf.c
clang: warning: argument unused during compilation: '-mfpmath=387'
/usr/src/sys/modules/pf/../../contrib/pf/net/pf.c:149:10: fatal error:
'net/if_pflow.h' file not found
#include <net/if_pflow.h>
         ^
1 error generated.
*** Error code 1

Thanks for working on this!

-Brandon

More information about the freebsd-pf mailing list