Subject: problems with pf
To: None <netbsd-users@netbsd.org>
From: George Georgalis <george@galis.org>
List: netbsd-users
Date: 12/26/2005 11:29:49
Congratulations on 3.0, to all involved!
I am having a problem with pf however.
tiva# pfctl -e -f /etc/pf.conf
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: DIOCADDRULE: Operation not supported by device
my understanding is DIOCADDRULE is caused by kernel and kernel
source mismatch when building /usr/pkgsrc/security/pflkm which
is odd since this is a netbsd-3 GENERIC (with fresh /usr/src) +
pkgsrc-2005Q3. Here are all the meticulous details because I'm
not sure that I'm doing this right.
I was able to build pflkm and load the module okay, so I decided
to build a pf enabled kernel to resolve the problem. I've tried
a modified GENERIC adjustkernel, and then a minimal adjusted
GENERIC, here's the diff
tiva# diff GENERIC TIVA.pf
198c198
< #options ALTQ # Manipulate network interfaces' output queues
---
> options ALTQ # Manipulate network interfaces' output queues
200c200
< #options ALTQ_CBQ # Class-Based Queueing
---
> options ALTQ_CBQ # Class-Based Queueing
1260,1262c1260,1262
< #options BRIDGE_IPF # bridge uses IP/IPv6 pfil hooks too
< #pseudo-device pf # PF packet filter
< #pseudo-device pflog # PF log if
---
> options BRIDGE_IPF # bridge uses IP/IPv6 pfil hooks too
> pseudo-device pf # PF packet filter
> pseudo-device pflog # PF log if
with a clean compile directory, I do:
tiva# config TIVA.pf
tiva# cd ../compile/TIVA.pf/ && make depend
tiva# make
and, every time, that errors with:
cc -O1 -pipe -ffreestanding -O2 -Werror -Wall -Wno-main -Wno-format-zero-length -Wpointer-arith -Wmissing-prototypes -Wstrict-prototypes -Wno-sign-compare -fno-zero-initialized-in-bss -Di386 -I. -I../../../../arch -I../../../.. -nostdinc -DLKM -DALTQ_PRIQ -DMAXUSERS=32 -D_KERNEL -D_KERNEL_OPT -I../../../../dist/pf -I../../../../dist/ipf -c ../../../../dist/pf/net/pf.c
../../../../dist/pf/net/pf.c: In function `pf_send_tcp':
../../../../dist/pf/net/pf.c:1355: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:1358: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:1360: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:1361: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c: In function `pf_send_icmp':
../../../../dist/pf/net/pf.c:1505: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:1508: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:1510: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:1511: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c: In function `pf_test':
../../../../dist/pf/net/pf.c:5722: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:5726: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:5728: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:5730: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:5731: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c: In function `pf_test6':
../../../../dist/pf/net/pf.c:6048: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:6052: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:6054: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:6056: error: dereferencing pointer to incomplete type
../../../../dist/pf/net/pf.c:6057: error: dereferencing pointer to incomplete type
*** Error code 1
Stop.
make: stopped in /usr/src/sys/arch/i386/compile/TIVA.pf
tiva# pwd
/usr/src/sys/arch/i386/compile/TIVA.pf
Have I not included an important kernel option?
// George
--
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george@galis.org