I've downloaded and installed the latest 4.1.23RC4 and have installed
it on Solaris 8 and 9 hosts.
Latest version seems to fix kernel crashes
It seemed to have cured the kernel crash problem bedevilling
previous 4.1.30 builds. I've sent core dump analysis to Darren,
but I've narrowed down the problem to UDP port filtering rules.
It starts crashing when you add port matching criteria to a
block rule. But since the latest version seemed to have cured
the problem, I have lost the impetus to look into this further.
Latest version seems to restore return-rst function
The return-rst problem where RST packets were not being emitted
also seems to have been fixed (some routing problem). The latest
version seems to jiggle the kernel enough to generate a routing
entry for a returning RST packet.
The latter fix encouraged me to try and replace the Solaris10's 4.1.9
version with the latest. I came across two issues:
Header problems
# Output of "make solaris"
gcc -I. -I../.. -D_BSD_SOURCE -O2 -ffreestanding -DSOLARIS2=10 -c
../../lib/addicmp.c -o sparcv7/addicmp.o
In file included from ../../netinet/ip_compat.h:147,
from ../../ipf.h:69,
from ../../lib/addicmp.c:11:
/usr/include/sys/proc.h:202: error: parse error before "p_t1_lgrpid"
/usr/include/sys/proc.h:203: error: parse error before "p_tr_lgrpid"
/usr/include/sys/proc.h:337: error: parse error before '}' token
In file included from /usr/include/sys/devops.h:16,
from ../../netinet/ip_compat.h:148,
from ../../ipf.h:69,
from ../../lib/addicmp.c:11:
/usr/include/vm/as.h:120: error: parse error before "proc_t"
*** Error code 1
I think the problem stems from the fact that gcc's "fixed" header
files located in
$prefix/lib/gcc/sparc-sun-solaris2.10/<version>/include/
gets out of sync with respect to the system headers, which are
updated via patches. In the particular case above, <sys/types.h>
has been updated to include the definition of "lgrp_id_t",
whereas the gcc's version does not.
To fix it, you can run fixinclude from the gcc build directory
again, or try and figure out how to run
$prefix/libexec/gcc/sparc-sun-solaris2.10/<version>/install-tools/fix*
tools, but I just diff'd the headers and updated gcc's copy manually.
This might be the cause of other problems that some earlier posters
have had with compiling ipf using gcc.
Lack of ncurses libraries
It would be nice to have "ipfstat -t" working, but it seems to
want the libncurses which I haven't installed. I could install
it, but what does Solaris10 ipf use since ncurses isn't part
of Solaris? Is it just compiled against the regular curses
library. Can I use that instead?
STATETOP_INC=
STATETOP_LIB=-lcurses
There's also an annoying bug with Solaris10's "ipfstat -t" where
under some circumstances, exiting the program kills my entire tty
session, forcing me to log in again.
Joseph Tam <[email protected]>
