Re: npf 'bpf.jit' errors out?

To: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>, tech-net%NetBSD.org@localhost
Subject: Re: npf 'bpf.jit' errors out?
From: Roy Marples <roy%marples.name@localhost>
Date: Mon, 10 Apr 2017 15:08:21 +0100

On 10/04/2017 13:02, Hauke Fath wrote:
> Hi,
> 
> on netbsd-7, a minimal npf(4) & blacklistd(8) setup to ward off ssh 
> script kiddies complains about
> 
> set bpf.jit on; 
> 
> with
> 
> # /etc/rc.d/npf reload
> Reloading NPF ruleset.
> npfctl: error loading the bpfjit module; performance will be degraded: 
> Operation not permitted
> npfctl: To disable this warning `set bpf.jit off' in /etc/npf.conf
> #
> Okay, this is a minimal installation with a monolithic kernel. 
> bpfjit(4) suggests
> 
>      options BPFJIT
>      options SLJIT
> 
> (which isn't in any kernel config on either amd64 or i386 - why?), but 
> that doesn't seem to help:
> 
> # config -x /netbsd | grep JIT
> options         BPFJIT
> options         SLJIT
> # sysctl net.bpf
> net.bpf.maxbufsize = 1048576
> #
> 
> Anything else I am missing?

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/kern_module.c.diff?r1=1.117&r2=1.118&only_with_tag=MAIN&f=h

Unsure if it applies to -7, but basically you have probably set a secure
level so that modules cannot be loaded and npfctl see's no permission
rather than it already exists.

Roy

Follow-Ups:
- Re: npf 'bpf.jit' errors out?
  - From: Hauke Fath

References:
- npf 'bpf.jit' errors out?
  - From: Hauke Fath

Prev by Date: npf 'bpf.jit' errors out?
Next by Date: Re: npf 'bpf.jit' errors out?
Previous by Thread: npf 'bpf.jit' errors out?
Next by Thread: Re: npf 'bpf.jit' errors out?
Indexes:

Home | Main Index | Thread Index | Old Index