From owner-freebsd-current Mon Nov 29 12:30: 5 1999 Delivered-To: freebsd-current@freebsd.org Received: from dnvrpop1.dnvr.uswest.net (dnvrpop1.dnvr.uswest.net [206.196.128.3]) by hub.freebsd.org (Postfix) with SMTP id E9A0015340 for ; Mon, 29 Nov 1999 12:30:01 -0800 (PST) (envelope-from Davec@unforgettable.com) Received: (qmail 19172 invoked by alias); 29 Nov 1999 20:02:24 -0000 Delivered-To: fixup-current@FreeBSD.ORG@fixme Received: (qmail 4805 invoked by uid 0); 29 Nov 1999 19:21:47 -0000 Received: from odsl228.dnvr.uswest.net (HELO Amber.XtremeDev.com) (209.181.79.228) by dnvrpop1.dnvr.uswest.net with SMTP; 29 Nov 1999 19:21:47 -0000 From: Davec Reply-To: Davec@unforgettable.com To: ipfilter@coombs.anu.edu.au Subject: IP Filter 3.3.3 in FreeBSD -CURRENT [LONG] Date: Mon, 29 Nov 1999 11:58:53 -0700 X-Mailer: KMail [version 1.0.28] Content-Type: text/plain References: <99112814445100.78810@Amber.XtremeDev.com> <3643.991128@v-wave.com> <99112816325700.79094@Amber.XtremeDev.com> In-Reply-To: <99112816325700.79094@Amber.XtremeDev.com> Cc: current@FreeBSD.ORG MIME-Version: 1.0 Message-Id: <99112912214800.72589@Amber.XtremeDev.com> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ok, I just tried downloading the IP Filter sources for 3.3.3 and followed the instructions at http://www.freebsddiary.org/freebsd/ipfilter333.htm. Unfortunately I have ended up with the same errors: open device: Device not configured ioctl(SIOCIPFFL): Bad file descriptor To reiterate for -CURRENT newsgroup, I'm trying to get IP Filter 3.3.3 to work in FreeBSD 4.0-CURRENT since it's reinstatement by Guido back into the source tree. I have the following in my kernel config file: pseudo-device bpf #Berkeley packet filter options IPFILTER options IPFILTER_LOG #options IPFILTER_LKM #options IPFIREWALL #options IPFIREWALL_FORWARD #options IPFIREWALL_VERBOSE #options "IPFIREWALL_VERBOSE_LIMIT=10" (Note the lines that are commented out and the lines that aren't.) I made world and built a new kernel, upon reboot I was greeted with: Nov 28 20:02:34 /kernel: IP Filter: initialized. Default = pass all, Logging = enabled Nov 28 20:02:34 /kernel: IP Filter: v3.3.3 But when I try to load any rules, I get the error messages above. Same result with ipnat. I checked to make sure I was using the right version of ipf: ~# ls -la `which ipf` -rwxr-xr-x 1 root wheel 28096 Nov 28 19:37 /sbin/ipf ~# ipf -V ipf: IP Filter: v3.3.3 (192) open device: Device not configured ioctl(SIOCGETFS: Bad file descriptor ~# ls -la /dev/ip* crw-r--r-- 1 root wheel 79, 3 Nov 28 16:27 /dev/ipauth crw-r--r-- 1 root wheel 79, 0 Nov 28 16:26 /dev/ipl crw-r--r-- 1 root wheel 79, 1 Nov 28 16:26 /dev/ipnat crw-r--r-- 1 root wheel 79, 2 Nov 28 16:26 /dev/ipstate ~# truss /sbin/ipf -V | egrep syscall syscall __sysctl(0xbfbfd62c,0x2,0x18061428,0xbfbfd628,0x0,0x0) returns 0 (0x0) syscall mmap(0x0,32768,0x3,0x1002,-1,0x0) returns 403054592 (0x18062000) syscall geteuid() returns 0 (0x0) syscall getuid() returns 0 (0x0) syscall getegid() returns 0 (0x0) syscall getgid() returns 0 (0x0) syscall open("/var/run/ld-elf.so.hints",0,00) returns 3 (0x3) syscall read(0x3,0xbfbfd60c,0x80) returns 128 (0x80) syscall lseek(3,0x80,0) returns 128 (0x80) syscall read(0x3,0x18066000,0x7c) returns 124 (0x7c) syscall close(3) returns 0 (0x0) syscall access("/usr/lib/libc.so.4",0) returns 0 (0x0) syscall open("/usr/lib/libc.so.4",0,027757753204) returns 3 (0x3) syscall fstat(3,0xbfbfd654) returns 0 (0x0) syscall read(0x3,0xbfbfc624,0x1000) returns 4096 (0x1000) syscall mmap(0x0,581632,0x5,0x2,3,0x0) returns 403087360 (0x1806a000) syscall mmap(0x180e4000,20480,0x3,0x12,3,0x79000) returns 403587072 (0x180e4000) syscall mmap(0x180e9000,61440,0x3,0x1012,-1,0x0) returns 403607552 (0x180e9000) syscall close(3) returns 0 (0x0) syscall fstat(1,0xbfbfce10) returns 0 (0x0) syscall readlink("/etc/malloc.conf",0xbfbfcdf0,63) errno 2 'No such file or directory' syscall mmap(0x0,4096,0x3,0x1002,-1,0x0) returns 403668992 (0x180f8000) syscall break(0x8052000) returns 0 (0x0) syscall break(0x8056000) returns 0 (0x0) syscall open("/dev/ipl",2,027757753004) <<-- Relevant text errno 6 'Device not configured' syscall open("/dev/ipl",0,027757753004) errno 6 'Device not configured' open device: Device not configured syscall writev(0x2,0xbfbfd5a0,0x4) returns 35 (0x23) syscall ioctl(-1,SIOCGETFS,0xbfbfd614) errno 9 'Bad file descriptor' ioctl(SIOCGETFS: Bad file descriptor syscall writev(0x2,0xbfbfd5d0,0x4) returns 37 (0x25) syscall write(1,0x8052000,29) returns 29 (0x1d) syscall exit(0x0) process exit, rval = 0 I got the same result and errors from compiling with the IPFilter present in the FreeBSD 4.0-CURRENT source tree and from downloading the IP Filter 3.3.3 from it's home page and following the simple instructions at freebsddiary.org. Misc info: ~# ls -la /dev/bpf* crw------- 1 root wheel 23, 0 Nov 28 20:02 /dev/bpf0 I have gotten many numerous suggestions and advice from the ipfilter mailing list, and they have been most helpful in helping me narrow this down, but I still have not been able to resolve this problem. Does anyone else have any more hints or tips for me to search? From either IPFilter mailing list or FreeBSD-CURRENT? One final note. I updated to the latest snap of -CURRENT from an Oct. 10 snap, since that was the last date when IP Filter was still in the source tree before it was removed due to old age. And it worked perfectly then. Thank you for any help or suggestions. Davec -- Davec@unforgettable.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message