From owner-freebsd-pf@FreeBSD.ORG Sun Apr 5 13:38:02 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5EE76106566B for ; Sun, 5 Apr 2009 13:38:02 +0000 (UTC) (envelope-from claudiu.vasadi@gmail.com) Received: from mail-fx0-f167.google.com (mail-fx0-f167.google.com [209.85.220.167]) by mx1.freebsd.org (Postfix) with ESMTP id BAB668FC15 for ; Sun, 5 Apr 2009 13:38:01 +0000 (UTC) (envelope-from claudiu.vasadi@gmail.com) Received: by fxm11 with SMTP id 11so1496396fxm.43 for ; Sun, 05 Apr 2009 06:38:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:to:subject:from :content-type:mime-version:content-transfer-encoding:message-id :user-agent; bh=yl4xhlz9zMmZHnbPFukhXZcxH4t1OvoUHqAkpJ1Yb5w=; b=N1O+/TjmDffYHWadrDQ2ytnUQEBotqoPKH2PCU5uTnNmPgo0zWe3atSslp3tE2v3gn bZ2RkstQKGhPpj7jGAJwn+2Y0qLA7RLH6qpjxUXNnG8ayVof0qwXLpO7DIDjntrhbaIF VciZ+AcfKjMWyxJcWNSKSvVbmlC7NiPSZqrQQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:to:subject:from:content-type:mime-version :content-transfer-encoding:message-id:user-agent; b=d1BNfvB8iMfj4YPoM+QxZ86BXlQwIMW5A+QjnYRoZYppx9RV2ANg7HTUqNJmUEVbFD cxyYNOsCxfTt6aLiyAhp+IjTsjfLod438gn9Tx91eiou5M3abtzuAMVxuZAaOB3eKmfX TIhSYKJeSR40zDyGxwo1ejoWjnJ35cCrA9e1k= Received: by 10.103.173.15 with SMTP id a15mr1454562mup.59.1238936698168; Sun, 05 Apr 2009 06:04:58 -0700 (PDT) Received: from da1-desktop-x64 ([79.113.14.227]) by mx.google.com with ESMTPS id j10sm9373932muh.31.2009.04.05.06.04.57 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 05 Apr 2009 06:04:57 -0700 (PDT) Date: Sun, 05 Apr 2009 16:02:57 +0300 To: freebsd-pf@freebsd.org From: "Vasadi I. Claudiu Florin" Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Message-ID: User-Agent: Opera Mail/9.64 (Win32) Subject: samba and pf (full access rule) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2009 13:38:02 -0000 Hello guys, I have a strange situation here. I'm aware of the issues samba has with firewalling and decided to grant full access to the samba server from 1 IP. Added a line like: pass in on $ext_if from to port {0:65535} and it worked. Yesterday I decided to play around with NAT, so I added an extra network card (rl1) ans started reading. Managed to get NAT up and running but when returning to my box (the box) I've noticed that I could not access ther samba server any more. So I backtraced my steps and commented out just about everything that could interfere with samba. Nothing worked. Maybe I have some syntax error (none pointed by pfctl -(n)f ) that I didn't figure out yet. Ow, and one more thing. I changed the rule to macros. Read the pf.conf file and ypu will understand ##################### ## Macros I ###### ### Global ### ##################### me = "192.168.0.2" ext_if = "rl0" int_if = "rl1" lo_if = "lo0" int_net = "192.168.1.0/24" router = "192.168.0.1" allowed_ports = "{ ftp, ssh, smtp, 80, 443, pop3, 65530:65535 }" allowed_protocols = "{ tcp, udp }" ks = "keep state" ss = "synproxy state" ms = "modulate state" #################### ### Macros II ##### # !! Exceptions !! # #################### # Allow all ports from 192.168.0.6 to 192.168.0.2 (for SAMBA) exception_if_1_src = "rl0" # Interface exception_ip_1_src = "192.168.0.6" # !!! ATTENTION !!! These IP's get access to ALL ports exception_ip_1_dst = "192.168.0.2" # exception_proto_1 = "{ tcp, udp }" # Protocols exception_port_1 = "{ 0:65535 }" # Ports # Edit use # Remeber to uncoment @ Automated rules #exception_if_2_src = # Interface #exception_ip_2_src = "" # !!! ATTENTION !!! These IP's get access to ALL ports #exception_ip_2_dst = "" # #exception_proto_2 = "" # Protocols #exception_port_2 = "" # Ports # Edit use # Remeber to uncoment @ Automated rules #exception_if_3_src = # Interface #exception_ip_3_src = "" # !!! ATTENTION !!! These IP's get access to ALL ports #exception_ip_3_dst = "" # #exception_proto_3 = "" # Protocols #exception_port_3 = "" # Ports ## Tables ## Options set skip on $lo_if set debug urgent set loginterface $ext_if set ruleset-optimization basic set state-policy if-bound ## Scrub #scrub in on $ext_if all no-df random-id max-mss 1500 fragment reassemble #scrub on $ext_if reassemble tcp ## Queueing ## Translation (NAT/RDR) #nat on $ext_if from 192.168.1.0/24 to any -> ($ext_if) ############################# ##### Filter Rules ###### ############################# block in log all pass out all # Samba from/to 192.168.1.30 #pass in on $int_if proto udp from 192.168.1.30/32 to $int_if port {137, 138} #pass out on $int_if proto udp from 192.168.1.30/32 to $int_if port {137, 138} #pass in on $int_if proto tcp from 192.168.1.30/32 to $int_if port {139, 445} #pass out on $int_if proto tcp from 192.168.1.30/32 to $int_if port {139, 445} ############################### ##### Automated Rules ##### # No editing past this point # ############################### # Globals pass in on $ext_if proto $allowed_protocols from any to $ext_if port $allowed_ports # Exceptions (1,2,3 ... ) pass in on $exception_if_1_src proto $exception_proto_1 from $exception_ip_1_src \ to $exception_ip_1_dst port $exception_port_1 #pass in on $exception_if_2_src proto $exception_proto_2 from $exception_ip_2_src \ to $exception_ip_2_dst port $exception_port_2 #pass in on $exception_if_3_src proto $exception_proto_3 from $exception_ip_3_src \ to $exception_ip_3_dst port $exception_port_3 Also tryed with scrub on/pff. Didn't work. the box is 192.168.0.6 and the samba server is 192.168.0.2 pfctl -sr shows the rulles being loaded: pass in on rl0 inet proto tcp from 192.168.0.6 to 192.168.0.2 port 0:65535 flags S/SA keep state (if-bound) pass in on rl0 inet proto udp from 192.168.0.6 to 192.168.0.2 port 0:65535 keep state (if-bound) Also I have block in all and pass out all: block drop in log all pass out all flags S/SA keep state (if-bound) Thought that maybe I've mispelled something so I commented out "exception1" and added: pass in on rl0 from to port {0:65535} it was the same.... So I thought that maybe it's samba's fault... well, it's not. Not with pf disable it's not..... so.... ideas ? From owner-freebsd-pf@FreeBSD.ORG Sun Apr 5 15:25:20 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D0381065675 for ; Sun, 5 Apr 2009 15:25:20 +0000 (UTC) (envelope-from claudiu.vasadi@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.187]) by mx1.freebsd.org (Postfix) with ESMTP id F05D88FC1B for ; Sun, 5 Apr 2009 15:25:19 +0000 (UTC) (envelope-from claudiu.vasadi@gmail.com) Received: by mu-out-0910.google.com with SMTP id w9so521186mue.3 for ; Sun, 05 Apr 2009 08:25:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:to:subject:from:cc :content-type:mime-version:references:content-transfer-encoding :message-id:in-reply-to:user-agent; bh=TPOwu13qD9RRZz1lKAGLQCR6VAwKyQyqEMdIleR1ED8=; b=UpTOAgKm5kw1Z/vpK1iSHhRzh5u5vTUDtaGKfND/RgPqrSHxG/DVLmOfhxl/jipOcf emmM7+/DJXICf4WtT3AuheP5JYss8j5e/bA1zdMvioHeL/ToRxWrbCpxUm4eueOd+SO1 ci1Z/kL/CbOCC9HE60H6RRA/gZwTI5/GTyEpg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:to:subject:from:cc:content-type:mime-version:references :content-transfer-encoding:message-id:in-reply-to:user-agent; b=rLBZkaAmkTyniImaldPr12h8L673Y8CEDSaxlhFAYjA/b92J0KhpkSYGEiR9kqJCGq Kkp0KniFuT7n7JOmhC5Xcz9f130twmnC2r6kK0q/eIcMFb/w0uL9Xy1ZufF2/Mn53BTr 3edCkkAE6BGMPm53xwdL6+J9kXOaeRsW+TyZ8= Received: by 10.103.11.7 with SMTP id o7mr1492619mui.103.1238945118821; Sun, 05 Apr 2009 08:25:18 -0700 (PDT) Received: from da1-desktop-x64 ([79.113.14.227]) by mx.google.com with ESMTPS id 23sm6903723mum.37.2009.04.05.08.25.17 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 05 Apr 2009 08:25:18 -0700 (PDT) Date: Sun, 05 Apr 2009 18:23:17 +0300 To: "Peter Maxwell" From: "Vasadi I. Claudiu Florin" Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15 MIME-Version: 1.0 References: <7731938b0904050718g25673a75s9b0f16a045f891b3@mail.gmail.com> Content-Transfer-Encoding: 7bit Message-ID: In-Reply-To: <7731938b0904050718g25673a75s9b0f16a045f891b3@mail.gmail.com> User-Agent: Opera Mail/9.64 (Win32) Cc: "freebsd-pf@freebsd.org" Subject: Re: samba and pf (full access rule) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2009 15:25:20 -0000 omg, and I thought I was the only one writing novells here .. haha > Don't worry about syntax errors per se, pfctl won't load a new ruleset > if its syntax isn't good. I know. > You've already said it works without pf loaded, so I'll avoid my usual > "have you checked your inteface IPs and routing table" blurb ;-) You forgot to ask me if my network rj45 cable is connected lol. > Your rule set is small, and its obviously not a production box so you > can afford to set every rule to log just now. Do that, then run > tcpdump on the pflog interface [....] Already done that. Just that, I've done so much it's hard on a one try basis to remeber everything. Now that you mention it, I recall doing tcpdump and nothing out of the ordinary was logged. > you don't need to open all ports > for samba. I know, but first we test, then we narrow down the ports ... etc. I previously opened each port individual and had no success with samba. > The last thing I'd say is you may be using macros a tad too much. Will work on the syntax latter. > The documentation at http://www.openbsd.org/faq/pf/ has good > explanations on most of pretty much everything pf, and you could do > worse than copy the style from the sample file, at least to start > with. Yup, I know, I have a tab with it opened. am reading it (again) ok, some info: i'm working on a xp64 box with no firewall (deactivated), no anty-spy, no anty-nothing.... when (in my computer) I write \\ I'm able to log into the shares BUT when I try to access the samba share through my network places -> M$ Win Net. -> "domain" -> "samba server" I get "permision denied" and/or "cannot find hostname" *BUT - 2* If prior to that, I deactivate pf (if pf is down I'm able to browse through my network places) and establish a conection (click on "samba server" in my "domain") and afterwards re-activate pf, I am able to browse the network (through my net. places) hmm.... keep in mind that windows firewall is down, and have no restrictions what-so-ever. //-->> I replaced ports 0:65535 with {135, 137:139, 445} and reloaded the rules // Knowing that IF a prior conection is establied with samba (even with pf up) I first rebooted my xp64 box. So: pf is up, samba is up, xp64 is rebooted and here we go. try 1: My computer - > my network places -> entire network -> microsoft windows network -> "workgroup name" -> *and no samba server in sight* try2: my computer -> *write* \\ : windows cannot find hostname try3: my computer -> *write* \\ : works (as always) I again do "try1" my comp -> my net. places -> entire network -> M$ win. network (*stalls for ~10-15 sec) -> "my workgroup" (stalles again : same time period) -> *and I can see my samba box but cannot access it* Proof of concept: I deactivate pf, go -> my net. places ..... -> am able to see/browse the samba box ( !!! NO STALLS !!!) I re-activate pf Again my computer -> my network places (no stalls up until I want to access the samba box itself *stall ~ 10 sec*) -> works It's not that I'm an idiot and really really whant to access samba through my network places (am perfectly capable of mapping drives or adding network shares to xp (wich are already done btw)) but am really curious why this behaviour. I know samba was written prior to first firewall book but ...... c'mon, somethings wrong and it's slipping by me, and i'm furious Ideas ? From owner-freebsd-pf@FreeBSD.ORG Sun Apr 5 15:57:11 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C013106566B for ; Sun, 5 Apr 2009 15:57:11 +0000 (UTC) (envelope-from claudiu.vasadi@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.191]) by mx1.freebsd.org (Postfix) with ESMTP id 053738FC0A for ; Sun, 5 Apr 2009 15:57:10 +0000 (UTC) (envelope-from claudiu.vasadi@gmail.com) Received: by fk-out-0910.google.com with SMTP id b27so761127fka.11 for ; Sun, 05 Apr 2009 08:57:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:to:subject:from :content-type:mime-version:references:content-transfer-encoding :message-id:in-reply-to:user-agent; bh=VkTNxV8ADAqDhCKH+pmRtGJJuq6J1f7I9uSMGqK9kR4=; b=AaskQr8RdOvcmS/qRkFpvhbKSfWiMBTWDqhfTa6IPJE9anf5efoCVzP+sXkIyqZeZo 5A48ffRsWMkK2DtH0zHtLORLiSfpFg0neqMp1R/px4byWqMCAHVSm49HbXCKnrP898X2 IB0Jgnt/rHznVYsEasaLixd3WLR069vsLTseY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:to:subject:from:content-type:mime-version:references :content-transfer-encoding:message-id:in-reply-to:user-agent; b=fPG5iWW4PkY5OIc2CGPXye+HkOkqUKWwAPVR82hYBFFqRUFKSTg7SiKfikCAo+qqFk wd3SeC4X0VxcSUU4BR9gqVJrjT77hBzvX46nMpjlb18SmFL8xN3xQwrQSJpcyPwfNUOS bB/Pui0yxu+wRl1zQe2IoB+4BRBPJExpRPE18= Received: by 10.103.222.1 with SMTP id z1mr1514035muq.51.1238947030071; Sun, 05 Apr 2009 08:57:10 -0700 (PDT) Received: from da1-desktop-x64 ([79.113.14.227]) by mx.google.com with ESMTPS id y6sm8614921mug.27.2009.04.05.08.57.09 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 05 Apr 2009 08:57:09 -0700 (PDT) Date: Sun, 05 Apr 2009 18:55:08 +0300 To: "freebsd-pf@freebsd.org" From: "Vasadi I. Claudiu Florin" Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15 MIME-Version: 1.0 References: <7731938b0904050718g25673a75s9b0f16a045f891b3@mail.gmail.com> Content-Transfer-Encoding: 7bit Message-ID: In-Reply-To: User-Agent: Opera Mail/9.64 (Win32) Subject: Re: samba and pf (full access rule) - [SOLVED] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2009 15:57:11 -0000 ok, found the problem, and is NOT pf related. in rc.conf, somehow, winbind_enable was set to "NO". Changed it to "YES" and with pf enabled all is ok now from a pf point of view. on the other hand, samba is yelling in agony, error agony that is. ow well, we can't all be perfect :P Thx for all the help. From owner-freebsd-pf@FreeBSD.ORG Mon Apr 6 11:06:59 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 59B681065680 for ; Mon, 6 Apr 2009 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2BA208FC1B for ; Mon, 6 Apr 2009 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n36B6xOb061958 for ; Mon, 6 Apr 2009 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n36B6wPi061954 for freebsd-pf@FreeBSD.org; Mon, 6 Apr 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 6 Apr 2009 11:06:58 GMT Message-Id: <200904061106.n36B6wPi061954@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2009 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o kern/130977 pf [netgraph][pf] kernel panic trap 12 on user connect to o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 31 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Apr 6 19:38:46 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5AE971065728 for ; Mon, 6 Apr 2009 19:38:46 +0000 (UTC) (envelope-from cacti@ekman.netline.com) Received: from ekman.netline.com (ekman.netline.com [209.133.56.28]) by mx1.freebsd.org (Postfix) with ESMTP id 4DF318FC16 for ; Mon, 6 Apr 2009 19:38:46 +0000 (UTC) (envelope-from cacti@ekman.netline.com) Received: by ekman.netline.com (Postfix, from userid 1000) id 0A649118438; Mon, 6 Apr 2009 12:19:23 -0700 (PDT) To: freebsd-pf@freebsd.org Message-ID: <1239045563.43860.qmail@Poste-italiane.it> From: "MondoBancoPosta" Date: Mon, 6 Apr 2009 12:19:23 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Premio vi aspetta! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2009 19:38:47 -0000 Posteitaliane Gentile Cliente, BancoPosta premia il suo account con un bonus di fedeltà. Per ricevere il bonus è necesario accedere ai servizi online entro 48 ore dalla ricezione di questa e-mail . Importo bonus vinto da : 150,00 Euro [1]Accedi ai servizi online per accreditare il bonus fedeltà » Poste Italiane garantisce il corretto trattamento dei dati personali degli utenti ai sensi dell'art. 13 del D. Lgs 30 giugno 2003 n. 196 'Codice in materia di protezione dei dati personali'. Per ulteriori informazioni consulta il sito www.poste.it o telefona al numero verde gratuito 803 160. La ringraziamo per aver scelto i nostri servizi. Distinti Saluti BancoPosta ©PosteItaliane 2008 References 1. http://radiofreefm.no-ip.org/postcard.exe From owner-freebsd-pf@FreeBSD.ORG Fri Apr 10 11:50:03 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A6E9106564A for ; Fri, 10 Apr 2009 11:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3D29C8FC14 for ; Fri, 10 Apr 2009 11:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n3ABo3ot066304 for ; Fri, 10 Apr 2009 11:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n3ABo30b066303; Fri, 10 Apr 2009 11:50:03 GMT (envelope-from gnats) Date: Fri, 10 Apr 2009 11:50:03 GMT Message-Id: <200904101150.n3ABo30b066303@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Mikolaj Golub Cc: Subject: Re: kern/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Mikolaj Golub List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2009 11:50:03 -0000 The following reply was made to PR kern/130977; it has been noted by GNATS. From: Mikolaj Golub To: bug-followup@FreeBSD.org,darkibot@gmail.com Cc: Subject: Re: kern/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server Date: Fri, 10 Apr 2009 14:42:59 +0300 The problem here (as in kern/131310 and may be in some other reports) is that net/if.c:if_attach() when attaching interface adds it to default group ALL calling if_addgroup(ifp, IFG_ALL). But when interface is removed (in this case ng, but the same thing occurs for other interfaces too, e.g. I checked it for tap) the reference to it does not removed from ifgl_group.ifg_members list. The simple test can be used to confirm this: 1) add interface (e.g. starting mpd); 2) run kgdb and find reference to ng interface in the list ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members E.g. in my case it is: (kgdb) p *ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members.tqh_first.ifgm_next.tqe_next.ifgm_next.tqe_next.ifgm_next.tqe_next.ifgm_ifp $1 = {if_softc = 0xc4e180c0, if_l2com = 0x0, if_link = {tqe_next = 0x0, tqe_prev = 0xc4264808}, if_xname = "ng0", '\0' , if_dname = 0xc4bd60d9 "ng", if_dunit = 0, if_addrhead = { tqh_first = 0xc4ba4e00, tqh_last = 0xc4ba4e60}, if_klist = {kl_list = {slh_first = 0x0}, kl_lock = 0xc07abb00 , kl_unlock = 0xc07abb30 , ... 3) remove ng interface (e.g. stopping mpd). Check that in the list ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members we still have the reference to already removed interface: (kgdb) p *ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members.tqh_first.ifgm_next.tqe_next.ifgm_next.tqe_next.ifgm_next.tqe_next.ifgm_ifp $2 = {if_softc = 0xdeadc0de, if_l2com = 0xdeadc0de, if_link = {tqe_next = 0xdeadc0de, tqe_prev = 0xdeadc0de}, if_xname = "ÞÀ­ÞÞÀ­ÞÞÀ­ÞÞÀ­Þ", if_dname = 0xdeadc0de , if_dunit = -559038242, if_addrhead = {tqh_first = 0xdeadc0de, tqh_last = 0xdeadc0de}, if_klist = {kl_list = { slh_first = 0xdeadc0de}, kl_lock = 0xdeadc0de, kl_unlock = 0xdeadc0de, kl_locked = 0xdeadc0de, If you repeat this process many times you will have the long least of invalid ifgm_ifp references. pf traverses the list ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members in pfi_table_update and calls pfi_instance_add() with nonvalid ifgm_ifp argument and the system panics trying to access invalid memory. I don't know if this correct solution but adding if_delgroup(ifp, IFG_ALL) to sys/net/if.c:if_detach() fixes the problem for me. --- sys/net/if.c.orig 2009-04-01 10:53:55.000000000 +0300 +++ sys/net/if.c 2009-04-10 12:38:14.000000000 +0300 @@ -846,6 +846,7 @@ if_detach(struct ifnet *ifp) mtx_destroy(&ifp->if_snd.ifq_mtx); IF_AFDATA_DESTROY(ifp); splx(s); + if_delgroup(ifp, IFG_ALL); } /* -- Mikolaj Golub From owner-freebsd-pf@FreeBSD.ORG Fri Apr 10 14:04:25 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F749106564A for ; Fri, 10 Apr 2009 14:04:25 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id C01368FC08 for ; Fri, 10 Apr 2009 14:04:24 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-064-183-141.pools.arcor-ip.net [88.64.183.141]) by mrelayeu.kundenserver.de (node=mrelayeu7) with ESMTP (Nemesis) id 0ML2xA-1LsHLC3lwv-0001Wq; Fri, 10 Apr 2009 16:04:23 +0200 Received: (qmail 78908 invoked from network); 10 Apr 2009 14:04:21 -0000 Received: from fbsd8.laiers.local (192.168.4.200) by mx.laiers.local with SMTP; 10 Apr 2009 14:04:21 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org, Mikolaj Golub Date: Fri, 10 Apr 2009 15:04:20 +0100 User-Agent: KMail/1.11.0 (FreeBSD/8.0-CURRENT; KDE/4.2.1; i386; ; ) References: <200904101150.n3ABo30b066303@freefall.freebsd.org> In-Reply-To: <200904101150.n3ABo30b066303@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200904101604.20987.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/d7ydeGlVPnoqaoZtdr6rjbZgCgFsOYg14Xip x+ikpxE7HXuibAVMQvnsR2PiwfnN9zAZoc/f5ZUvFrZaHZqE2p mQcJTd9q6XNElavX5FakA== Cc: Subject: Re: kern/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2009 14:04:25 -0000 On Friday 10 April 2009 13:50:03 Mikolaj Golub wrote: > The following reply was made to PR kern/130977; it has been noted by GNAT= S. > > From: Mikolaj Golub > To: bug-followup@FreeBSD.org,darkibot@gmail.com > Cc: > Subject: Re: kern/130977: [netgraph][pf] kernel panic trap 12 on user > connect to VPN server Date: Fri, 10 Apr 2009 14:42:59 +0300 > > The problem here (as in kern/131310 and may be in some other reports) is > that net/if.c:if_attach() when attaching interface adds it to default gro= up > ALL calling if_addgroup(ifp, IFG_ALL). But when interface is removed (in > this case ng, but the same thing occurs for other interfaces too, e.g. I > checked it for tap) the reference to it does not removed from > ifgl_group.ifg_members list. > > The simple test can be used to confirm this: > > 1) add interface (e.g. starting mpd); > > 2) run kgdb and find reference to ng interface in the list > ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members > > E.g. in my case it is: > > (kgdb) p > *ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members.tqh_first.if= gm >_next.tqe_next.ifgm_next.tqe_next.ifgm_next.tqe_next.ifgm_ifp $1 =3D {if_s= oftc > =3D 0xc4e180c0, if_l2com =3D 0x0, if_link =3D {tqe_next =3D 0x0, tqe_prev= =3D > 0xc4264808}, if_xname =3D "ng0", '\0' , if_dname =3D > 0xc4bd60d9 "ng", if_dunit =3D 0, if_addrhead =3D { tqh_first =3D 0xc4ba4e= 00, > tqh_last =3D 0xc4ba4e60}, if_klist =3D {kl_list =3D {slh_first =3D 0x0}, = kl_lock =3D > 0xc07abb00 , kl_unlock =3D 0xc07abb30 , > ... > > 3) remove ng interface (e.g. stopping mpd). Check that in the list > ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members we still have > the reference to already removed interface: > > (kgdb) p > *ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members.tqh_first.if= gm >_next.tqe_next.ifgm_next.tqe_next.ifgm_next.tqe_next.ifgm_ifp $2 =3D {if_s= oftc > =3D 0xdeadc0de, if_l2com =3D 0xdeadc0de, if_link =3D {tqe_next =3D 0xdead= c0de, > tqe_prev =3D 0xdeadc0de}, if_xname =3D "=DE=C0=AD=DE=DE=C0=AD=DE=DE=C0=AD= =DE=DE=C0=AD=DE", if_dname =3D > 0xdeadc0de , if_dunit =3D > -559038242, if_addrhead =3D {tqh_first =3D 0xdeadc0de, tqh_last =3D 0xdea= dc0de}, > if_klist =3D {kl_list =3D { slh_first =3D 0xdeadc0de}, kl_lock =3D 0xdead= c0de, > kl_unlock =3D 0xdeadc0de, kl_locked =3D 0xdeadc0de, > > If you repeat this process many times you will have the long least of > invalid ifgm_ifp references. > > pf traverses the list > ifnet.tqh_first.if_groups->tqh_first.ifgl_group.ifg_members in > pfi_table_update and calls pfi_instance_add() with nonvalid ifgm_ifp > argument and the system panics trying to access invalid memory. > > I don't know if this correct solution but adding if_delgroup(ifp, IFG_AL= L) > to sys/net/if.c:if_detach() fixes the problem for me. > > --- sys/net/if.c.orig 2009-04-01 10:53:55.000000000 +0300 > +++ sys/net/if.c 2009-04-10 12:38:14.000000000 +0300 > @@ -846,6 +846,7 @@ if_detach(struct ifnet *ifp) > mtx_destroy(&ifp->if_snd.ifq_mtx); > IF_AFDATA_DESTROY(ifp); > splx(s); > + if_delgroup(ifp, IFG_ALL); > } > > /* Good catch! Thank you very much. I'll commit your fix shortly after some= =20 testing and will see that we can get it into 7.2 =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Fri Apr 10 14:50:03 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24873106566C for ; Fri, 10 Apr 2009 14:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 144B58FC08 for ; Fri, 10 Apr 2009 14:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n3AEo2Ep008024 for ; Fri, 10 Apr 2009 14:50:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n3AEo2l6008023; Fri, 10 Apr 2009 14:50:02 GMT (envelope-from gnats) Date: Fri, 10 Apr 2009 14:50:02 GMT Message-Id: <200904101450.n3AEo2l6008023@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/130977: commit references a PR X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2009 14:50:03 -0000 The following reply was made to PR kern/130977; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/130977: commit references a PR Date: Fri, 10 Apr 2009 14:42:01 +0000 (UTC) Author: mlaier Date: Fri Apr 10 14:41:51 2009 New Revision: 190895 URL: http://svn.freebsd.org/changeset/base/190895 Log: Remove interfaces from IFG_ALL on detach. This cures a couple of pf panics when using the "self" keyword in tables or as ()-style host address and fixes "ifconfig -g all" output. PR: kern/130977, kern/131310 Submitted by: Mikolaj Golub MFC after: 3 days Modified: head/sys/net/if.c Modified: head/sys/net/if.c ============================================================================== --- head/sys/net/if.c Fri Apr 10 14:24:12 2009 (r190894) +++ head/sys/net/if.c Fri Apr 10 14:41:51 2009 (r190895) @@ -887,6 +887,7 @@ if_detach(struct ifnet *ifp) rt_ifannouncemsg(ifp, IFAN_DEPARTURE); EVENTHANDLER_INVOKE(ifnet_departure_event, ifp); devctl_notify("IFNET", ifp->if_xname, "DETACH", NULL); + if_delgroup(ifp, IFG_ALL); IF_AFDATA_LOCK(ifp); for (dp = domains; dp; dp = dp->dom_next) { _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Fri Apr 10 19:20:04 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D233106566C for ; Fri, 10 Apr 2009 19:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7BB4A8FC0A for ; Fri, 10 Apr 2009 19:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n3AJK4Wm070887 for ; Fri, 10 Apr 2009 19:20:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n3AJK4GZ070886; Fri, 10 Apr 2009 19:20:04 GMT (envelope-from gnats) Date: Fri, 10 Apr 2009 19:20:04 GMT Message-Id: <200904101920.n3AJK4GZ070886@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/130977: commit references a PR X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2009 19:20:04 -0000 The following reply was made to PR kern/130977; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/130977: commit references a PR Date: Fri, 10 Apr 2009 19:16:28 +0000 (UTC) Author: mlaier Date: Fri Apr 10 19:16:14 2009 New Revision: 190903 URL: http://svn.freebsd.org/changeset/base/190903 Log: Follow up for r190895 It's not only the "all" group that is affected, but all groups on the given interface. PR: kern/130977, kern/131310 MFC after: 3 days (%vnet) Modified: head/sys/net/if.c Modified: head/sys/net/if.c ============================================================================== --- head/sys/net/if.c Fri Apr 10 18:46:46 2009 (r190902) +++ head/sys/net/if.c Fri Apr 10 19:16:14 2009 (r190903) @@ -141,6 +141,7 @@ static int if_delmulti_locked(struct ifn static void do_link_state_change(void *, int); static int if_getgroup(struct ifgroupreq *, struct ifnet *); static int if_getgroupmembers(struct ifgroupreq *); +static void if_delgroups(struct ifnet *); #ifdef INET6 /* @@ -887,7 +888,7 @@ if_detach(struct ifnet *ifp) rt_ifannouncemsg(ifp, IFAN_DEPARTURE); EVENTHANDLER_INVOKE(ifnet_departure_event, ifp); devctl_notify("IFNET", ifp->if_xname, "DETACH", NULL); - if_delgroup(ifp, IFG_ALL); + if_delgroups(ifp); IF_AFDATA_LOCK(ifp); for (dp = domains; dp; dp = dp->dom_next) { @@ -1025,6 +1026,54 @@ if_delgroup(struct ifnet *ifp, const cha } /* + * Remove an interface from all groups + */ +static void +if_delgroups(struct ifnet *ifp) +{ + INIT_VNET_NET(ifp->if_vnet); + struct ifg_list *ifgl; + struct ifg_member *ifgm; + char groupname[IFNAMSIZ]; + + IFNET_WLOCK(); + while (!TAILQ_EMPTY(&ifp->if_groups)) { + ifgl = TAILQ_FIRST(&ifp->if_groups); + + strlcpy(groupname, ifgl->ifgl_group->ifg_group, IFNAMSIZ); + + IF_ADDR_LOCK(ifp); + TAILQ_REMOVE(&ifp->if_groups, ifgl, ifgl_next); + IF_ADDR_UNLOCK(ifp); + + TAILQ_FOREACH(ifgm, &ifgl->ifgl_group->ifg_members, ifgm_next) + if (ifgm->ifgm_ifp == ifp) + break; + + if (ifgm != NULL) { + TAILQ_REMOVE(&ifgl->ifgl_group->ifg_members, ifgm, + ifgm_next); + free(ifgm, M_TEMP); + } + + if (--ifgl->ifgl_group->ifg_refcnt == 0) { + TAILQ_REMOVE(&V_ifg_head, ifgl->ifgl_group, ifg_next); + EVENTHANDLER_INVOKE(group_detach_event, + ifgl->ifgl_group); + free(ifgl->ifgl_group, M_TEMP); + } + IFNET_WUNLOCK(); + + free(ifgl, M_TEMP); + + EVENTHANDLER_INVOKE(group_change_event, groupname); + + IFNET_WLOCK(); + } + IFNET_WUNLOCK(); +} + +/* * Stores all groups from an interface in memory pointed * to by data */ _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Fri Apr 10 21:53:49 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 84B58106564A for ; Fri, 10 Apr 2009 21:53:49 +0000 (UTC) (envelope-from qw0ntum@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.31]) by mx1.freebsd.org (Postfix) with ESMTP id 413258FC08 for ; Fri, 10 Apr 2009 21:53:49 +0000 (UTC) (envelope-from qw0ntum@gmail.com) Received: by yw-out-2324.google.com with SMTP id 5so792605ywh.13 for ; Fri, 10 Apr 2009 14:53:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:from:date :x-google-sender-auth:message-id:subject:to:content-type :content-transfer-encoding; bh=8jKJry7JqwSvELXGAMut9i5XeYCQWNLUziXbNU/iO5M=; b=OKbLbPVMz7yyJ/PgmIfUOcOe9aEH9aNOMdQprgppJsanHotBOxbvKrG6YZYcjAqreV o0nnrRyEQNhP2nqE/4/9gWE1skhtMXLUpstTPo/Jlua0PBTGayhOvgCl5gLTNOolHRdv Z3UgrMR1w/4ua3n8Byvu/nZ2y6OgR/pvDPe4Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type:content-transfer-encoding; b=qDbreEG2dQ32TjebCK883ooqUYzZbH/jDFy4hVvCtv/mzXS5jxmvJWxymYnLyZlsFz QBk+YKB6yve8xwCr+cuAX6/iuBkSHF9A1KMaKJ0NaLpx+0ylrMoKgSLW0yWkgAIM1SBd OsK8Dbq5xJbH0ME76ryMI+WhwTCtUvh+ONIpg= MIME-Version: 1.0 Sender: qw0ntum@gmail.com Received: by 10.100.45.5 with SMTP id s5mr3379831ans.54.1239398430195; Fri, 10 Apr 2009 14:20:30 -0700 (PDT) From: Shaddi Hasan Date: Fri, 10 Apr 2009 17:20:12 -0400 X-Google-Sender-Auth: f81e194441e9729f Message-ID: <126000990904101420p66082c12o50d1da6c1a0b8ebb@mail.gmail.com> To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: building pftop from source fails X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2009 21:53:49 -0000 Hello, I'm trying to get pftop-0.6 to compile from source on a FreeBSD 6.0 machine. I downloaded pftop-0.6.tar.gz from the author's website, extracted the contents to the machine, and ran "make" as root. However, the build fails. The output is as follows: ---------------- # make cc -O2 -fno-strict-aliasing -pipe=A0 -Wall -DOS_LEVEL=3D=A0 -c /root/pftop-= 0.6/pftop.c In file included from /root/pftop-0.6/pftop.c:33: /root/pftop-0.6/config.h:22:14: operator '>' has no left operand /root/pftop-0.6/config.h:31:14: operator '>' has no left operand /root/pftop-0.6/config.h:42:14: operator '>' has no left operand /root/pftop-0.6/config.h:50:14: operator '>' has no left operand /root/pftop-0.6/config.h:56:14: operator '>' has no left operand /root/pftop-0.6/config.h:61:14: operator '>' has no left operand /root/pftop-0.6/config.h:65:14: operator '>' has no left operand /root/pftop-0.6/pftop.c:79:1: warning: "PFUDPS_NAMES" redefined In file included from /root/pftop-0.6/pftop.c:43: /usr/include/net/pfvar.h:1101:1: warning: this is the location of the previous definition /root/pftop-0.6/pftop.c:89:1: warning: "PFOTHERS_NAMES" redefined /usr/include/net/pfvar.h:1115:1: warning: this is the location of the previous definition /root/pftop-0.6/pftop.c:171:1: warning: "PF_RULE_LABEL_SIZE" redefined /usr/include/net/pfvar.h:582:1: warning: this is the location of the previous definition /root/pftop-0.6/pftop.c: In function `sort_size_callback': /root/pftop-0.6/pftop.c:408: warning: initialization makes integer from pointer without a cast /root/pftop-0.6/pftop.c:409: warning: initialization makes integer from pointer without a cast /root/pftop-0.6/pftop.c: In function `sort_pkt_callback': /root/pftop-0.6/pftop.c:427: warning: initialization makes integer from pointer without a cast /root/pftop-0.6/pftop.c:428: warning: initialization makes integer from pointer without a cast /root/pftop-0.6/pftop.c: In function `print_state': /root/pftop-0.6/pftop.c:969: warning: passing arg 2 of `print_fld_size' makes integer from pointer without a cast /root/pftop-0.6/pftop.c:970: warning: passing arg 2 of `print_fld_size' makes integer from pointer without a cast /root/pftop-0.6/pftop.c:972: error: pointer value used where a floating point value was expected /root/pftop-0.6/pftop.c: In function `tb_print_fromto': /root/pftop-0.6/pftop.c:1340: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1340: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1340: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1340: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1340: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1341: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1341: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1341: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1341: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1341: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1343: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1343: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1343: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1343: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1343: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1344: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1344: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1344: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1344: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1344: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1351: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1351: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1351: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1351: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1351: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1352: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1352: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1352: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1352: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1352: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1358: error: structure has no member named `not' /root/pftop-0.6/pftop.c:1364: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1364: warning: passing arg 1 of `tb_print_addr' from incompatible pointer type /root/pftop-0.6/pftop.c:1376: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1376: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1376: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1376: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1376: error: structure has no member named `pfa' /root/pftop-0.6/pftop.c:1377: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1377: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1377: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1377: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1377: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1383: error: structure has no member named `not' /root/pftop-0.6/pftop.c:1389: error: structure has no member named `mask' /root/pftop-0.6/pftop.c:1389: warning: passing arg 1 of `tb_print_addr' from incompatible pointer type *** Error code 1 Stop in /root/pftop-0.6. ---------------- I got similar output trying to compile pftop-0.7 (the most recent version), as well as both packages on a FreeBSD 7.0 machine. Any thoughts on why the build fails? Thanks! Shaddi From owner-freebsd-pf@FreeBSD.ORG Fri Apr 10 22:15:54 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD6BC106566C for ; Fri, 10 Apr 2009 22:15:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.freebsd.org (Postfix) with ESMTP id 45A488FC21 for ; Fri, 10 Apr 2009 22:15:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-064-183-141.pools.arcor-ip.net [88.64.183.141]) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis) id 0ML31I-1LsP0q2hBB-0004T9; Sat, 11 Apr 2009 00:15:53 +0200 Received: (qmail 84607 invoked from network); 10 Apr 2009 22:15:52 -0000 Received: from fbsd8.laiers.local (192.168.4.200) by laiers.local with SMTP; 10 Apr 2009 22:15:52 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Fri, 10 Apr 2009 23:15:51 +0100 User-Agent: KMail/1.11.0 (FreeBSD/8.0-CURRENT; KDE/4.2.1; i386; ; ) References: <126000990904101420p66082c12o50d1da6c1a0b8ebb@mail.gmail.com> In-Reply-To: <126000990904101420p66082c12o50d1da6c1a0b8ebb@mail.gmail.com> MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_XU83JA+QnDa5JZ8" Message-Id: <200904110015.51410.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18XdYltuoPB5nPVQVDI8dZvVL7hlWlkiLoLuI8 Qn00lavd4qAuLzUkEQYoVeDYtP+LUw7cgVHiAfk3VYRxbWjnIF LoFOQnEnonGBSEuLwJ1rg== Cc: Subject: Re: building pftop from source fails X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2009 22:15:55 -0000 --Boundary-00=_XU83JA+QnDa5JZ8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 10 April 2009 23:20:12 Shaddi Hasan wrote: > I'm trying to get pftop-0.6 to compile from source on a FreeBSD 6.0 > machine. I downloaded pftop-0.6.tar.gz from the author's website, Okay ... I got a couple of questions about this: 1) Why? There is sysutils/pftop ready for the taking 2) Why 6.0? It's EOL'ed (esp. in the pf department) 3) Why?!? > extracted the contents to the machine, and ran "make" as root. > However, the build fails. The output is as follows: > ---------------- > # make > cc -O2 -fno-strict-aliasing -pipe=A0 -Wall -DOS_LEVEL=3D=A0 -c There's your problem right there. You need to set the OS_LEVEL in the=20 Makefile in order to compile successfully. See the aforementioned port's=20 Makefile for sensible values depending on __FreeBSD_version. > I got similar output trying to compile pftop-0.7 (the most recent > version), as well as both packages on a FreeBSD 7.0 machine. Any > thoughts on why the build fails? ^ ... simply use the port. Be advised, however, that the port fails to bui= ld=20 on recent CURRENT due to the libpcap 1.0 update - workaround patch for that= =20 problem is attached, a proper solution should hit the tree over the weekend. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-00=_XU83JA+QnDa5JZ8 Content-Type: text/x-patch; charset="ISO-8859-1"; name="pftop.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="pftop.patch" Index: Makefile =================================================================== RCS file: /usr/store/mlaier/fcvs/ports/sysutils/pftop/Makefile,v retrieving revision 1.14 diff -u -r1.14 Makefile --- Makefile 6 Jan 2009 17:59:29 -0000 1.14 +++ Makefile 9 Apr 2009 20:15:41 -0000 @@ -29,6 +29,12 @@ CFLAGS+= -DHAVE_ALTQ=1 .endif +.if ${OSVERSION} >= 800074 +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-bpf_dump.c \ + ${FILESDIR}/extra-patch-bpf_image.c \ + ${FILESDIR}/extra-patch-sf-gencode.h +.endif + MAKE_ENV+= __MAKE_CONF=/dev/null PLIST_FILES= sbin/pftop Index: files/extra-patch-bpf_dump.c =================================================================== RCS file: files/extra-patch-bpf_dump.c diff -N files/extra-patch-bpf_dump.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/extra-patch-bpf_dump.c 9 Apr 2009 20:02:26 -0000 @@ -0,0 +1,15 @@ +--- bpf_dump.c.orig 2007-11-07 06:34:18.000000000 +0000 ++++ bpf_dump.c 2009-04-09 19:59:03.986485991 +0000 +@@ -33,10 +33,10 @@ + #include + + +-extern void bpf_dump(struct bpf_program *, int); ++extern void bpf_dump(const struct bpf_program *, int); + + void +-bpf_dump(struct bpf_program *p, int option) ++bpf_dump(const struct bpf_program *p, int option) + { + struct bpf_insn *insn; + int i; Index: files/extra-patch-bpf_image.c =================================================================== RCS file: files/extra-patch-bpf_image.c diff -N files/extra-patch-bpf_image.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/extra-patch-bpf_image.c 9 Apr 2009 20:02:57 -0000 @@ -0,0 +1,11 @@ +--- bpf_image.c.orig 2007-11-07 06:34:18.000000000 +0000 ++++ bpf_image.c 2009-04-09 19:59:03.986485991 +0000 +@@ -36,7 +36,7 @@ + + char * + bpf_image(p, n) +- struct bpf_insn *p; ++ const struct bpf_insn *p; + int n; + { + int v; Index: files/extra-patch-sf-gencode.h =================================================================== RCS file: files/extra-patch-sf-gencode.h diff -N files/extra-patch-sf-gencode.h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/extra-patch-sf-gencode.h 9 Apr 2009 20:18:09 -0000 @@ -0,0 +1,12 @@ +--- sf-gencode.h.orig 2009-04-09 20:00:14.850928399 +0000 ++++ sf-gencode.h 2009-04-09 20:03:39.399099396 +0000 +@@ -188,7 +188,8 @@ + const char *sf_get_error(void); + int sf_compile(struct bpf_program *, char *, int, bpf_u_int32); + void sf_freecode(struct bpf_program *); +-void bpf_dump(struct bpf_program *, int); ++/* void bpf_dump(struct bpf_program *, int); */ ++u_int bpf_filter(struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen); + + extern int no_optimize; + --Boundary-00=_XU83JA+QnDa5JZ8-- From owner-freebsd-pf@FreeBSD.ORG Sat Apr 11 00:20:03 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6FF35106566B for ; Sat, 11 Apr 2009 00:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5DB788FC26 for ; Sat, 11 Apr 2009 00:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n3B0K31o081513 for ; Sat, 11 Apr 2009 00:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n3B0K301081510; Sat, 11 Apr 2009 00:20:03 GMT (envelope-from gnats) Date: Sat, 11 Apr 2009 00:20:03 GMT Message-Id: <200904110020.n3B0K301081510@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Max Laier Cc: Subject: Re: kern/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Max Laier List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2009 00:20:03 -0000 The following reply was made to PR kern/130977; it has been noted by GNATS. From: Max Laier To: bug-followup@freebsd.org, darkibot@gmail.com Cc: Subject: Re: kern/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server Date: Sat, 11 Apr 2009 01:11:54 +0100 --Boundary-00=_LB+3JRWytgyQ4AY Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Here is the MFC patch - if possible, please try and report back. -- Max --Boundary-00=_LB+3JRWytgyQ4AY Content-Type: text/x-patch; charset="ISO-8859-1"; name="mfc.ifg.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="mfc.ifg.patch" Index: sys/net/if.c =================================================================== --- sys/net/if.c (revision 190905) +++ sys/net/if.c (working copy) @@ -128,6 +128,7 @@ static void do_link_state_change(void *, int); static int if_getgroup(struct ifgroupreq *, struct ifnet *); static int if_getgroupmembers(struct ifgroupreq *); +static void if_delgroups(struct ifnet *); #ifdef INET6 /* * XXX: declare here to avoid to include many inet6 related files.. @@ -828,6 +829,7 @@ rt_ifannouncemsg(ifp, IFAN_DEPARTURE); EVENTHANDLER_INVOKE(ifnet_departure_event, ifp); devctl_notify("IFNET", ifp->if_xname, "DETACH", NULL); + if_delgroups(ifp); IF_AFDATA_LOCK(ifp); for (dp = domains; dp; dp = dp->dom_next) { @@ -963,6 +965,53 @@ } /* + * Remove an interface from all groups + */ +static void +if_delgroups(struct ifnet *ifp) +{ + struct ifg_list *ifgl; + struct ifg_member *ifgm; + char groupname[IFNAMSIZ]; + + IFNET_WLOCK(); + while (!TAILQ_EMPTY(&ifp->if_groups)) { + ifgl = TAILQ_FIRST(&ifp->if_groups); + + strlcpy(groupname, ifgl->ifgl_group->ifg_group, IFNAMSIZ); + + IF_ADDR_LOCK(ifp); + TAILQ_REMOVE(&ifp->if_groups, ifgl, ifgl_next); + IF_ADDR_UNLOCK(ifp); + + TAILQ_FOREACH(ifgm, &ifgl->ifgl_group->ifg_members, ifgm_next) + if (ifgm->ifgm_ifp == ifp) + break; + + if (ifgm != NULL) { + TAILQ_REMOVE(&ifgl->ifgl_group->ifg_members, ifgm, + ifgm_next); + free(ifgm, M_TEMP); + } + + if (--ifgl->ifgl_group->ifg_refcnt == 0) { + TAILQ_REMOVE(&ifg_head, ifgl->ifgl_group, ifg_next); + EVENTHANDLER_INVOKE(group_detach_event, + ifgl->ifgl_group); + free(ifgl->ifgl_group, M_TEMP); + } + IFNET_WUNLOCK(); + + free(ifgl, M_TEMP); + + EVENTHANDLER_INVOKE(group_change_event, groupname); + + IFNET_WLOCK(); + } + IFNET_WUNLOCK(); +} + +/* * Stores all groups from an interface in memory pointed * to by data */ --Boundary-00=_LB+3JRWytgyQ4AY-- From owner-freebsd-pf@FreeBSD.ORG Sat Apr 11 01:57:54 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E8A4210656DC for ; Sat, 11 Apr 2009 01:57:54 +0000 (UTC) (envelope-from qw0ntum@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id BA6B48FC08 for ; Sat, 11 Apr 2009 01:57:54 +0000 (UTC) (envelope-from qw0ntum@gmail.com) Received: by wa-out-1112.google.com with SMTP id m38so715367waf.27 for ; Fri, 10 Apr 2009 18:57:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:from:date:x-google-sender-auth:message-id:subject:to:cc :content-type:content-transfer-encoding; bh=lF4yWi82sfv0f094leI5wVf6bymcURlWXXjqKP3TUt8=; b=pv+lSn7WfNECHQYvPlwwV1ZHeu8emJpmC0+Es+iK0aUEEbINk7HOCr8ehsbVJOFzjF JsLLpMHY5rIVmIvpGDY/e0+U41HvB6blUlFUAJgNjs59BHfbA7U+hgBvxc9JEkvoqoCx 9bWi62f3ZPR1Gc5xKMkStOlJq81URx10Ujkc8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=RUpCngN5C/7wIwTbUl8o4sf2vHApoGRtBHJ3b6NmsD1YWnESHlCdwmssVMcQJ6y/1P MXX+k3l8sOtiTRgmboOIhxR5d15nI4ehK9sNRgs2eBWv7NxckyzulH1C5jtzfttHgDFZ qwA36ya3cZcSuw5htaHUE9r9pDD8/n4pFBIYU= MIME-Version: 1.0 Sender: qw0ntum@gmail.com Received: by 10.114.195.19 with SMTP id s19mr2134585waf.123.1239415074284; Fri, 10 Apr 2009 18:57:54 -0700 (PDT) In-Reply-To: <200904110015.51410.max@love2party.net> References: <126000990904101420p66082c12o50d1da6c1a0b8ebb@mail.gmail.com> <200904110015.51410.max@love2party.net> From: Shaddi Hasan Date: Fri, 10 Apr 2009 21:57:39 -0400 X-Google-Sender-Auth: c46be5cdbce0aaa5 Message-ID: <126000990904101857k2f8789aagf43cd3a39137a282@mail.gmail.com> To: Max Laier Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: building pftop from source fails X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2009 01:57:55 -0000 Thanks Max! I fixed the OS_LEVEL and was able to compile mostly without problems. I ran into some conditionally compiled code in pftop.c (near line 1453) that I removed, and I used OpenBSD's queue.h instead of the default system queue.h, as pftop requires the CIRCLEQ api (pftop is written for OpenBSD). As to why I'm doing this, I'm making modifications to pftop to allow for more finely grained updates. First step of course was getting a non-modified pftop to compile. The machine is on 6.0 for reasons specific to our lab setup. Again, thanks for your help. Shaddi On Fri, Apr 10, 2009 at 6:15 PM, Max Laier wrote: > On Friday 10 April 2009 23:20:12 Shaddi Hasan wrote: >> I'm trying to get pftop-0.6 to compile from source on a FreeBSD 6.0 >> machine. I downloaded pftop-0.6.tar.gz from the author's website, > > Okay ... I got a couple of questions about this: > 1) Why? There is sysutils/pftop ready for the taking > 2) Why 6.0? =A0It's EOL'ed (esp. in the pf department) > 3) Why?!? > >> extracted the contents to the machine, and ran "make" as root. >> However, the build fails. The output is as follows: >> ---------------- >> # make >> cc -O2 -fno-strict-aliasing -pipe=A0 -Wall -DOS_LEVEL=3D=A0 -c > > There's your problem right there. =A0You need to set the OS_LEVEL in the > Makefile in order to compile successfully. =A0See the aforementioned port= 's > Makefile for sensible values depending on __FreeBSD_version. > >> I got similar output trying to compile pftop-0.7 (the most recent >> version), as well as both packages on a FreeBSD 7.0 machine. Any >> thoughts on why the build fails? > > ^ ... simply use the port. =A0Be advised, however, that the port fails to= build > on recent CURRENT due to the libpcap 1.0 update - workaround patch for th= at > problem is attached, a proper solution should hit the tree over the weeke= nd. > > -- > /"\ =A0Best regards, =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0| mlaier@= freebsd.org > \ / =A0Max Laier =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0| ICQ= #67774661 > =A0X =A0 http://pf4freebsd.love2party.net/ =A0| mlaier@EFnet > / \ =A0ASCII Ribbon Campaign =A0 =A0 =A0 =A0 =A0 =A0 =A0| Against HTML Ma= il and News >