tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: npf 'bpf.jit' errors out?

On 10/04/2017 15:16, Hauke Fath wrote:
> On Mon, 10 Apr 2017 15:08:21 +0100, Roy Marples wrote:
>> Unsure if it applies to -7, but basically you have probably set a secure
>> level so that modules cannot be loaded and npfctl see's no permission
>> rather than it already exists.
> I don't want to load any kernel modules, and after
>      options BPFJIT
>      options SLJIT
> I shouldn't have to, or should I? Does the cone resulting from *JIT 
> require module majjic?

No you shouldn't, and the above patch allows npf to work like that.
Basically, irregardless of anything you set, npf tries to load a kernel
module and shows an error if not EEXISTS.

My kernel change allows EEXISTS to be returned even if you don't have
permission to load modules.

> securelevel is 1 - I thought about upping it, but haven't, yet.

You'll either have to drop it to 0 or apply the aforementioned patch if
you want to get rid of the error message.


Home | Main Index | Thread Index | Old Index