ipfilter 4.1.6 won't build on FreeBSD5.3 amd64 (fwd)
c0ldbyte
c0ldbyte at myrealbox.com
Tue Mar 8 00:08:33 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 7 Mar 2005, Goran Gajic wrote:
> Hi,
>
> I have tried to build ipfilter 4.1.6 as module and as part of kernel on
> FreeBSD 5.3 on amd64 but in both cases I have failed. When I use
> option IPFILTER in kernel config this is what I get:
>
> cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -Wall
> -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes
> -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -nostdinc
> -I- -I. -I../../.. -I../../../contrib/dev/acpica -I../../../contrib/altq
> -I../../../contrib/ipfilter
> -I../../../contrib/pf -I../../../contrib/dev/ath
> -I../../../contrib/dev/ath/freebsd -I../../../contrib/ngatm -D_KERNEL
> -include opt_global.h -fno-common -finline-limit=8000 --param
> inline-unit-growth=100 --param large-function-growth=1000 -mcmodel=kernel
> -mno-red-zone -mfpmath=387 -mno-sse -mno-sse2 -mno-mmx -mno-3dnow
> -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -Werror
> .../../../contrib/ipfilter/netinet/ip_frag.c
> .../../../contrib/ipfilter/netinet/ip_frag.c: In function `fr_ipid_newfrag':
> .../../../contrib/ipfilter/netinet/ip_frag.c:394: warning: cast to pointer
> from integer of different size
> .../../../contrib/ipfilter/netinet/ip_frag.c: In function
> `fr_ipid_knownfrag':
> .../../../contrib/ipfilter/netinet/ip_frag.c:579: warning: cast from pointer
> to integer of different size
> *** Error code 1
>
> Stop in /usr/src/sys/amd64/compile/SENT.
>
>
> When I have tried to build ipf.ko this is what I get:
> ld -warn-common -r -d -o ipf.kld.5 ip_fil.o fil.o ml_ipl.o ip_nat.o ip_frag.o
> ip_state.o ip_proxy.o ip_auth.o ip_log.o ip_pool.o ip_htable.o ip_lookup.o
> ip_rules.o ip_scan.o ip_sync.o
> ld -Bshareable -d -warn-common -o ipf.ko ipf.kld.5
> ld: ipf.kld.5: relocation R_X86_64_32 can not be used when making a shared
> object; recompile with -fPIC
> ipf.kld.5: could not read symbols: Bad value
> *** Error code 1
>
> Stop in /root/ip_fil4.1.6/BSD/FreeBSD-5.3-RELEASE-amd64.
> *** Error code 1
>
> Stop in /root/ip_fil4.1.6.
>
> I have tried recompling with -fPIC but when I do kld_load ipf.ko this is what
> I get:
> sen# kldload /boot/kernel/ipf.ko
> dmesg output:
> kldload: can't load /boot/kernel/ipf.ko: Exec format error
> kldload: Unsupported file type
> kldload: unexpected relocation type 7
> link_elf: symbol appr_check undefined
>
>
> So, my question is: can ipfilter be used to NAT something like 7000 hosts on
> FreeBSD? Currently I have cisco 7206 that is running IOS 12.3(4r)T1 only IOS
> that has NAT inside CEF (otherwise CPU load is something like 80% with this
> IOS it is something like 20% for 7000 hosts). I want my amd64 only to NAT
> inside network (10.1.0.0/16) but when I have tried ipfilter
> v3.4.35 that comes with freebsd5.3 (compiled with LARGE_NAT) it had poor
> performance. (it could handle something like 120000 connections although
> vaules in ip_nat.h were much greater, maybe I have missed some other
> parameters?). Machine has two broadcom NICs so I don't think that is
> problem, can someone advise what to do to?
>
> Regards,
> Goran Gajic
Are those CFLAGS=-O2, a standard compilation or is that something you
added to the make.conf ?. Ive tried some optimizations myself well
building the kernel and its modules and got a very sparse build of things
they dont seem to build to well when being built with -O2 opts.
Good luck and best regards, check your /etc/make.conf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF7DF979F
iD8DBQFCLOz8smFQuvffl58RAp8HAJ4qcQuzBU3uI9koXuoypA2lJaw6jgCeNk7O
1ffKaacnysptQNLxaaP17TE=
=A712
-----END PGP SIGNATURE-----
More information about the freebsd-amd64
mailing list