Network simulation using jails & vimage
Jim Sifferle
jim at sifferle.net
Sat Mar 6 08:04:45 UTC 2010
On Fri, 2010-03-05 at 15:15 -0500, jim at sifferle.net wrote:
> On March 5, 2010 at 7:34 PM Julian Elischer <julian at elischer.org> wrote:
>
> > jim at sifferle.net wrote:
> > >
> > > I just now had some time to put together a CURRENT box for testing. I'm
> > > getting a 'Fatal trap 12: page fault while in kernel mode' whenever I
> > > boot with pf_enable set to YES in rc.conf. Here's my current setup:
> > >
> >
> > This is unfortunately one for Ermal, as I wouldn't know a pfctl
> > command if it came up and kicked me in the shins. :-)
> >
> > We really should try get the new pf stuff into -current so that
> > it gets more testing.
> >
> Thanks for your quick reply...
>
> I think my first problem is I didn't pull the sources from the folder Ermal
> mentioned: http://svn.freebsd.org/base/user/eri/pf45/head/.
>
> I misunderstood and thought it had been put in CURRENT. I will download
> the correct
> sources and try again.
>
Hi Ermal,
Forgive my ignorance, but how would you recommend I build my system to
test the new pf code? Here's what I tried earlier today:
1) Start with a CURRENT system with sources from 2/25
2) Download the new sources from svn using the link you provided
na-lab-wan-3# svn info
Path: .
URL: http://svn.freebsd.org/base/user/eri/pf45/head
Repository Root: http://svn.freebsd.org/base
Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Revision: 204768
Node Kind: directory
Schedule: normal
Last Changed Author: eri
Last Changed Rev: 204245
Last Changed Date: 2010-02-23 01:58:12 -0800 (Tue, 23 Feb 2010)
3) Build and install a new kernel with the updated sources. But, I
could not compile with ALTQ support enabled. Is ALTQ available yet with
the new pf, or is it still a work in progress like pflog and pfsync?
cc -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE
<SNIP>
/usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In
function 'pf_begin_altq':
/usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894:
error: 'altqs_inactive_open' undeclared (first use in this function)
/usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894:
error: (Each undeclared identifier is reported only once
/usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894:
error: for each function it appears in.)
/usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In
function 'pf_rollback_altq':
/usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:934:
error: 'altqs_inactive_open' undeclared (first use in this function)
/usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In
function 'pf_commit_altq':
/usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:1024:
error: 'altqs_inactive_open' undeclared (first use in this function)
*** Error code 1
<SNIP>
4) Reboot, load pf module, attempt to run pfctl -f /etc/pf.conf with
this error:
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: DIOCADDRULE: Operation not supported by device
5) Attempt to rebuild pfctl from /usr/src_new/sbin/pfctl to deal with
the 'Operation not supported by device' error. I get this error:
cc -O2 -pipe -Wall -Wmissing-prototypes -Wno-uninitialized
-Wstrict-prototypes
-I/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl -DENABLE_ALTQ
-std=gnu99 -fstack-protector -Wsystem-headers -Werror -Wall
-Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign
-c /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c
cc1: warnings being treated as errors
In file included
from /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:64:
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:119:
warning: 'struct pfsync_state_peer' declared inside parameter list
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:119:
warning: its scope is only this definition or declaration, which is
probably not what you want
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:120:
warning: 'struct pfsync_state' declared inside parameter list
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function
'pfctl_clear_states':
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:393: error:
'struct pfioc_state_kill' has no member named 'psk_killed'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function
'pfctl_kill_src_nodes':
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:532: error:
'struct pfioc_src_node_kill' has no member named 'psnk_killed'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:538: error:
'struct pfioc_src_node_kill' has no member named 'psnk_killed'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function
'pfctl_net_kill_states':
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:638: error:
'struct pfioc_state_kill' has no member named 'psk_killed'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:644: error:
'struct pfioc_state_kill' has no member named 'psk_killed'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function
'pfctl_label_kill_states':
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:670: error:
'struct pfioc_state_kill' has no member named 'psk_label'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:670: error:
'struct pfioc_state_kill' has no member named 'psk_label'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:671: error:
'struct pfioc_state_kill' has no member named 'psk_label'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:678: error:
'struct pfioc_state_kill' has no member named 'psk_killed'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function
'pfctl_id_kill_states':
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:695: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:695: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:696: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:696: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:697: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:698: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:703: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:708: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:708: error:
'struct pfioc_state_kill' has no member named 'psk_pfcmp'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:713: error:
'struct pfioc_state_kill' has no member named 'psk_killed'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function
'pfctl_print_rule_counters':
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:805: error:
'struct pf_rule' has no member named 'states_cur'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:810: error:
'struct pf_rule' has no member named 'states_tot'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function
'pfctl_show_rules':
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:922: error:
'struct pf_rule' has no member named 'states_tot'
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function
'pfctl_show_states':
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1087:
warning: assignment from incompatible pointer type
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1088: error:
dereferencing pointer to incomplete type
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1088: error:
increment of pointer to unknown structure
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1088: error:
arithmetic on pointer to an incomplete type
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1088:
warning: left-hand operand of comma expression has no effect
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1089: error:
dereferencing pointer to incomplete type
/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1095:
warning: passing argument 1 of 'print_state' from incompatible pointer
type
*** Error code 1
Thanks for any help you can provide...
Jim
More information about the freebsd-virtualization
mailing list