From owner-freebsd-stable@FreeBSD.ORG  Wed Dec 28 15:50:45 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 88C2816A420
	for <freebsd-stable@freebsd.org>; Wed, 28 Dec 2005 15:50:45 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8049943D80
	for <freebsd-stable@freebsd.org>; Wed, 28 Dec 2005 15:50:44 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from thorn (localhost [127.0.0.1])
	by thorn.pobox.com (Postfix) with ESMTP id A85A5C1
	for <freebsd-stable@freebsd.org>; Wed, 28 Dec 2005 10:51:05 -0500 (EST)
Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com
	[212.74.113.67])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 7214325E4
	for <freebsd-stable@freebsd.org>; Wed, 28 Dec 2005 10:51:05 -0500 (EST)
Received: from brian by mappit.local.linnet.org with local (Exim 4.60
	(FreeBSD)) (envelope-from <b.candler@pobox.com>) id 1ErdZZ-0001rR-UJ
	for freebsd-stable@freebsd.org; Wed, 28 Dec 2005 15:50:42 +0000
Date: Wed, 28 Dec 2005 15:50:41 +0000
From: Brian Candler <B.Candler@pobox.com>
To: freebsd-stable@freebsd.org
Message-ID: <20051228155041.GA7124@uk.tiscali.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Subject: Strange problem with kldload and pf
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2005 15:50:45 -0000

Fresh install of FreeBSD 6.0-RELEASE from CD.

With the GENERIC kernel, I was able to 'kldload pf' to get the pf firewall.
However this doesn't work after I rebuilt a new kernel; it fails to load.

All I did was add IPSEC and disable IPv6. The exact config diff from GENERIC
is attached below.

I rebuilt the kernel using:

    # cd /usr/src/sys/i386/conf
    # cp GENERIC CANDLERB
    # vi CANDLERB
    ... see diff below
    # config CANDLERB
    # cd ../compile/CANDLERB
    # make cleandepend && make depend && make && make install
    # reboot

Now when I try to load the pf module I get:

    # kldload pf
    kldload: can't load pf: No such file or directory
    #

However this module file definitely exists, and has a timestamp from when
the kernel was rebuilt:

    # ls -l /boot/kernel/pf.ko
    -r-xr-xr-x  1 root  wheel  188030 Dec 28 15:15 /boot/kernel/pf.ko
    # wc -c /boot/kernel/pf.ko
      188030 /boot/kernel/pf.ko

An strace -id of the kldload process doesn't shed any light either:

...
   834 kldload  CALL  sigprocmask(0x3,0x28067830,0)
   834 kldload  RET   sigprocmask 0
   834 kldload  CALL  kldload(0xbfbfeba4)
   834 kldload  NAMI  "/boot/kernel/linker.hints"
   834 kldload  NAMI  "/boot/kernel/pf.ko"
   834 kldload  NAMI  "/boot/kernel/pf.ko"
   834 kldload  RET   kldload -1 errno 2 No such file or directory
   834 kldload  CALL  write(0x2,0xbfbfe3d0,0x9)
   834 kldload  GIO   fd 2 wrote 9 bytes
       "kldload: "
...

I can load other modules successfully (I tried 'kldload ng_nat' just to pick
one at random)

I guess I can go ahead and rebuild the kernel again, this time with pf built
in. However I would like to know why I can't load pf as a module, even
though it seems to have been successfully built as one.

Regards,

Brian.

--- /usr/src/sys/i386/conf/GENERIC      Fri Oct 28 20:22:41 2005
+++ /usr/src/sys/i386/conf/CANDLERB     Wed Dec 28 14:19:48 2005
@@ -22,7 +22,7 @@
 cpu            I486_CPU
 cpu            I586_CPU
 cpu            I686_CPU
-ident          GENERIC
+ident          CANDLERB

 # To statically compile in device wiring instead of /boot/device.hints
 #hints         "GENERIC.hints"         # Default places to look for devices.
@@ -33,7 +33,7 @@
 options        SCHED_4BSD              # 4BSD scheduler
 options        PREEMPTION              # Enable kernel thread preemption
 options        INET                    # InterNETworking
-options        INET6                   # IPv6 communications protocols
+#options       INET6                   # IPv6 communications protocols
 options        FFS                     # Berkeley Fast Filesystem
 options        SOFTUPDATES             # Enable FFS soft updates support
 options        UFS_ACL                 # Support for access control lists
@@ -277,3 +277,7 @@
 device         firewire        # FireWire bus code
 device         sbp             # SCSI over FireWire (Requires scbus and da)
 device         fwe             # Ethernet over FireWire (non-standard!)
+
+options                IPSEC
+options                IPSEC_ESP
+options                IPSEC_DEBUG