minor porting notes for ipf 5.1.1 on openindiana

Tue, 06 Mar 2012 11:46:04 -0800 

Hi Darren,

If it is helpful here are a few very minor changes I made to get ipf
5.1.1 working on my openindiana configuration.

For the 64 bit kernel build on intel it seems to need -xmodel=kernel
(using solarisstudio 12.3):

  --- ip_fil5.1.1/buildsunos    2011-11-15 04:39:16.000000000 -0800
  +++ ip_fil5.1.1-patched/buildsunos    2012-02-28 01:11:42.455690979 -0800
  @@ -98,7 +98,7 @@
                  XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s"
                  if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 
] ; then
                          XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s"
  -                     XARCH64_i386="$XARCH32 -m64"
  +                     XARCH64_i386="$XARCH32 -m64 -xmodel=kernel"
                  else
                          XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra 
-xmemalign=8s -xcode=abs32"
                          XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"

To work around a missing header error:

  --- ip_fil5.1.1/ipsend/ipsend.h       2006-06-15 09:31:45.000000000 -0700
  +++ ip_fil5.1.1-patched/ipsend/ipsend.h       2012-02-27 21:40:25.165142645 
-0800
  @@ -26,8 +26,11 @@
   #include "ipf.h"
   #ifdef       linux
   #include <linux/sockios.h>
  -#endif
  +#elif defined(SOLARIS2)
  +#include <netinet/tcpip.h>
  +#else
   #include "tcpip.h"
  +#endif
   #include "ipt.h"

   extern       int     resolve __P((char *, char *));

To correctly select neti instead of pfil when building a zone and neti
can't be directly checked:

  --- ip_fil5.1.1/SunOS5/Makefile       2012-01-27 05:44:14.000000000 -0800
  +++ ip_fil5.1.1-patched/SunOS5/Makefile       2012-02-28 01:29:27.660369539 
-0800
  @@ -235,13 +235,13 @@
          $(CC) -I$(TOP) -DIPFILTER_COMPILED $(DFLAGS) -c $(OBJ)/ip_rules.c -o 
$@

   $(OBJ)/ipfrule: $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o
  -     ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
  +     /usr/ccs/bin/ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@

   $(OBJ)/ipf: $(MODOBJS)
  -     if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti ] ; then \
  -             ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r 
$(MODOBJS) -o $@; \
  +     if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti -o `uname -r 
| cut -d. -f2` -ge 11 ] ; then \
  +             /usr/ccs/bin/ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip 
-r $(MODOBJS) -o $@; \
          else \
  -             ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
  +             /usr/ccs/bin/ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r 
$(MODOBJS) -o $@; \
          fi
          $(CTFMERGE) $@ $(MODOBJS)

And perhaps not the best complete fix since it still harmless tries
modload but a change to make ipfboot work in a zone:

  --- ip_fil5.1.1/SunOS5/ipfboot        2009-05-01 10:52:04.000000000 -0700
  +++ ip_fil5.1.1-patched/SunOS5/ipfboot        2012-03-06 08:46:02.034381607 
-0800
  @@ -7,7 +7,7 @@
   IP6FILCONF=${IPFBASE}/ipf6.conf
   IPNATCONF=${IPFBASE}/ipnat.conf
   IPPOOLCONF=${IPFBASE}/ippool.conf
  -if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti ] ; then
  +if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti -o x`zonename` != 
xglobal ] ; then
          PFILCHECKED=yes
   else
          PFILCHECKED=no

Thanks,
  logan

Reply via email to