I think I'm also getting crashes with the latest 4.1.31
(see last section).
I just got through building ipfilter 4.1.31 for a bunch of
Solaris 8/9 machines and it was less than straightforward.
Here are some of the problems I ran across:
Version 4.1.31 vs 4.1.30?
These files didn't update their version (still has "4.1.30").
ipl.h
SunOS5/pkginfo
Linux/ipfilter.spec.dist
(doesn't matter to me cince I didn't build
the Linux version)
gcc -fno-hosted
Shouldn't the default gcc flags have "-fno-hosted" for both
pfil and ipf to avoid these error message when loading the
kernel modules:
unix: WARNING: mod_load: cannot load module 'pfil'
unix: /kernel/drv/sparcv9/pfil: undefined symbol
unix: 'memset'
Missing /usr/xpg4/bin/grep
I don't have the XPG4 version of grep so some of the boot
and packaging scripts reports errors. It's only used to
test the eixstence of strings in a file, so how about
replacing
/usr/xpg4/bin/grep -q ...
with
grep >/dev/null ...
This works for GNU grep, /usr/bin/grep and /usr/xpg4/bin/grep.
arc4random.c
My gcc issues this complaint when compiling this source file:
In file included from ../../arc4random.c:28:
/usr/include/netinet/ip.h:130: error: parse error before
"n_long"
/usr/include/netinet/ip.h:133: error: parse error before
"n_long"
/usr/include/netinet/ip.h:135: error: parse error before '}'
token
/usr/include/netinet/ip.h:136: error: parse error before '}'
token
so I commented out
//#include <netinet/ip.h>
It compiles just fine without it.
It looks like some bug in the system header rather than ipfilter
(or perhaps I'm using the wrong OS specific gcc). Whatever the
reason, since it doesn't seem to be required, can't this include
statemen just be removed?
Kernel crash?
When should IPF be recompiled? Every time "uname -v" changes, or
perhaps only when the major patch# changes?
And just how do you read the kernel crash information to determine
whether ipf/pfil was at fault? I have a host that crashes every
few minutes when samba is active, but doesn't crash when I empty
out the ipf rules list. The kernel panic diagnostic from syslog
mentions pfil and ipf in the middle of the stack trace.
This is from
ipfilter 4.1.31 (but ipf -V report 4.3.30 (600))
pfil 2.1.13
uname -v: SunOS host 5.8 Generic_117350-57 sun4u sparc
SUNW,Sun-Blade-1000
gcc version 3.4.4
compile flags: gcc -fno-hosted -O2
Mpanic[cpu0]/thread=3000235a920:
unix: BAD TRAP: type=31 rp=2a1005306e0 addr=30001744000 mmu_fsr=
unix:
unix: nmbd:
unix: trap type = 0x31
unix: addr=0x30001744000
unix: pid=240, pc=0x10155bcc, sp=0x2a10052ff81, tstate=0x8880001
unix: g1-g7: a, 300015f559c, 0, 300015f55b4, 1, 0, 3000235a920
unix:
unix: 000002a1005302f0 unix:die+a4 (31, 2a1005306e0, 30001744000
unix: %l0-3: 0000000000000008 8000000000000000 000002a100013d2
%l4-7: 00000000000c8506 0000030000202000 0000000000000000 0000
unix: 000002a1005303d0 unix:trap+900 (30001744000, 1, 6, 0, 2a10
unix: %l0-3: 0000000000000001 00000000000c84ff 000003000212aac
%l4-7: 0000000000000031 00000300023b9858 0000000000010200 0000
unix: 000002a100530510 unix:sfmmu_tsb_miss+66c (10430ff0, 0, 300
unix: %l0-3: 0000031000f3b018 0000000000000000 000003000171b3f
%l4-7: 0000030001744000 0000000000000000 0000000000000000 0000
unix: 000002a100530630 unix:prom_rtt+0 (2, 1, 4, 300023b9858, 3a
unix: %l0-3: 0000000000000006 0000000000001400 000000888000160
%l4-7: ffffffffffffffe8 ffffffffffffffe8 0000000000000000 0000
IPF> unix: 000002a100530780 ipf:fr_scanlist+73c (30001743fd2, 30001a2
IPF> unix: %l0-3: 0000000000000000 0000000000000010 00000300001396d
IPF> %l4-7: 0000000000000000 0000000000000020 0000000000000001 9000
unix: 000002a100530940 genunix:mcopymsg+20 (3000228e400, 300018e
unix: %l0-3: ffffffffffffffe8 000003000228ff00 00000300015f55b
%l4-7: 0000000000015bf3 0000030002471a50 0000000000000000 0000
unix: 000002a1005309f0 eri:eri_start+448 (0, 3000228e400, 0, 1,
unix: %l0-3: 0000000000010278 000003000228e400 000000000000000
%l4-7: 000000000000000a 0000030001764000 000000000000047c 0000
unix: 000002a100530b40 eri:eri_wput+f0 (3000228e400, 30001764000
unix: %l0-3: 0000030002357448 00000300015ffea8 0000030002302ac
%l4-7: 00000000101b0afc 0000000000000000 0000000000000000 0000
unix: 000002a100530bf0 unix:putnext+218 (100, 30001601160, 2, 30
unix: %l0-3: 0000030001602cc8 0000030001602da8 000003000171b8b
%l4-7: 000000007806d498 0000000000000000 0000000000000000 0000
PFIL> unix: 000002a100530ca0 pfil:pfilmodwput+40 (3000171b8b0,
30001c3
PFIL> unix: %l0-3: 0000030002302ac0 0000030002302ba0
00000300023576a
PFIL> %l4-7: 0000000010287158 0000000000000000
0000000000000000 0000
unix: 000002a100530d60 unix:putnext+218 (100, 30001601160, 0, 30
unix: %l0-3: 000003000171b8b0 000003000171b990 000003000171b3f
%l4-7: 0000000010353ef0 0000000000000000 0000000000000000 0000
unix: 000002a100530e10 ip:ip_wput_frag+558 (3000228ac98, 14, 300
unix: %l0-3: 000000000000000e 0000030002471aa0 000000000000000
%l4-7: ffffffffffffffe8 ffffffffffffffe8 000003000228f500 0000
unix: 000002a100530ee0 ip:ip_wput_ire_fragmentit+108 (0, 3000247
unix: %l0-3: 0000030002471b68 000003000228e4c0 000000000000000
%l4-7: 0000000000000001 00000300015f5520 0000000000000000 0000
unix: 000002a100530f90 ip:ip_wput_ire+f68 (0, 3000171b3f0, 30002
unix: %l0-3: 0000000000000000 000003000228ff00 00000300015f55b
%l4-7: 0000000000015bf3 0000030002471a50 00000000895224af 0000
unix: 000002a100531100 ip:ip_wput+2f8 (30002471a50, 30002295248,
unix: %l0-3: 0000000000000000 00000300023b9858 00000300015f55b
%l4-7: 00000000895224af 000003000228ff00 000003000228ff00 0000
unix: 000002a1005311b0 unix:putnext+218 (300015f9f40, 3000226e6b
unix: %l0-3: 0000030002357448 00000300015ffea8 0000030002302ac
%l4-7: 00000000101b0afc 0000000000000000 0000000000000000 0000
unix: 000002a100531260 udp:udp_wput+5a8 (300015f55cc, ffff, 46,
unix: %l0-3: 00000000895224af 000000001013f3b8 000000000000003
%l4-7: 0000000000000014 0000030002302ac0 0000000000000000 0000
unix: 000002a100531330 unix:putnext+218 (100, 3000226e6b8, 30002
unix: %l0-3: 0000030002302ac0 0000030002302ba0 00000300023576a
%l4-7: 0000000010287158 0000000000000000 000002a1005315c8 0000
unix: 000002a1005313e0 genunix:strput+264 (0, 2a100531a00, 30002
unix: %l0-3: 000002a100531698 0000000000000000 00000000ffbeeae
%l4-7: 0000000000000006 00000000895224af 000000000000ba53 0000
unix: 000002a1005315d0 genunix:kstrputmsg+314 (3000228e4c0, 0, 0
unix: %l0-3: 000003000226e6b8 000002a100531a00 000003000228e4c
%l4-7: 0000000000000004 0000000000000000 000003000226e638 0000
unix: 000002a1005316a0 sockfs:sosend_dgram+250 (10, 30002444168,
unix: %l0-3: 000000000000003e 000003000228e4c0 000000000000000
%l4-7: 0000000000000001 000000000014be8c 0000000000000000 0000
unix: 000002a100531790 sockfs:sosendmsg+450 (0, 20, 7, 8, 2a1005
unix: %l0-3: 000003000170f298 0000030002444168 000000000000001
%l4-7: 0000000000000000 00000000000ee9b4 00000000000ee800 0000
unix: 000002a100531850 sockfs:sendit+134 (3e, 3000170f298, 6, 8,
unix: %l0-3: 000000000000000f 00000300023b9858 000000000000000
%l4-7: 0000030002444168 000000000000002a 000000007efefeff 0000
unix: 000002a100531920 sockfs:sendto+74 (6, ffbeeae8, 3e, 0, ffb
unix: %l0-3: 00000000ffbeef78 0000000000000001 000000000100000
%l4-7: 0000000000000000 0000000000000000 0000000000000000 0000
unix: 000002a100531a40 sockfs:sendto32+34 (6, ffbeeae8, 3e, 0, f
unix: %l0-3: 0000000000000028 000000001013f3b8 000000000000003
%l4-7: 0000000000000000 0000000010411768 0000000000000000 0000
Joseph Tam <[email protected]>
