Port-arm archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: No ipf in RPI2 evbarm 7.0.2 kernel?



Yes, I expect a given NetBSD version to be about the same across platforms. I mean, we might not have some hardware driver but ipf seems pure software to me.

I’ll look into pf, thanks!

--emi

Pe 5 iul. 2018, la 10:44, Harold Gutch <logix%foobar.franken.de@localhost> a scris:

>> On Thu, Jul 05, 2018 at 09:17:08AM +0300, Emilian Bold wrote:
>> I now see in /var/log/messages this info:
>> kern.module.path=/stand/evbarm/7.0/modules
>> 
>> I have no /stand/evbarm/7.0/modules folder.
>> 
>> I probably need modules.tgz from
>> http://ftp.netbsd.org/pub/NetBSD/NetBSD-7.0.2/evbarm-earmv7hf/binary/sets/
>> (considering uname gives me 7.0.2 NetBSD 7.0.2 (RPI2) #0: Mon Dec 19
>> 22:31:19 UTC 2016  root@netbsd:/usr/obj/sys/arch/evbarm/compile/RPI2
>> evbarm).
>> 
>> Except modules.tgz does not have any ip* module in there.
>> 
>> It seems 8.0RC2
>> (http://ftp.netbsd.org/pub/NetBSD/NetBSD-8.0_RC2/evbarm-earmv7hf/binary/sets/
>> ) does have /stand/evbarm/8.0/modules/ipl/ipl.kmod in there but not
>> ipf. I've read that ipl is only for logging (so for ipmon) but not
>> sure if ipf works without it or not.
> 
> I think what you are referring to here is "man ipl" which documents
> the ipl(4) device.  The ipl *kernel module* (ipl.kmod) is the "full"
> ipfilter module.  In other words, yes, that is the correct module (not
> "ipf" as mentioned in my other mail), just that you need one built for
> 7.0.2.  Unfortunately that module was not yet included in netbsd-7.
> 
> 
>> So... is it possible to get ipf without upgrading the whole system?
> 
> The official way is to compile your own kernel (as already suggested
> by Manuel) - the alternative is to build the module more or less
> manually following the way it is done in netbsd-8 in HEAD (see
> http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/modules/ipl/Makefile ).
> 
> But there is no way of getting ipf to work by plain configuration.
> Your kernel simply does not support it.
> 
> Alternatively, perhaps pf will work for you?  A pf module is available
> in netbsd-7.
> 
> 
>> I find it odd that the /sbin/ipf binary is included... shouldn't it
>> run out of the box then?
> 
> Well, one answer to that is that if the userland tool was missing, it
> wouldn't be enough to just recompile your kernel (that's a fairly
> standard procedure), you additionally would have to compile the
> userland tool - and the only official way of compiling base userland
> tools is by compiling the *entire* userland.  Also, quite a few other
> evbarm kernels are shipped with ipfilter built-in, and all these share
> the same userland, so the *exact same* /sbin/ipf that you are seeing
> there will work for them.
> 
> The real question probably is why pseudo-device ipfilter is commented
> out in RPI.  I don't mind the defaults, I don't think recompiling the
> kernel is a big deal, but I can see why you might want everything to
> work out of the box without requiring you to set up a development
> environment.
> 
> 
>  Harold


Home | Main Index | Thread Index | Old Index