From owner-freebsd-current  Mon Nov 29 12:57:14 1999
Delivered-To: freebsd-current@freebsd.org
Received: from mentisworks.com (valkery.mentisworks.com [207.227.89.226])
	by hub.freebsd.org (Postfix) with ESMTP id 6F7F6158D6
	for <freebsd-current@freebsd.org>; Mon, 29 Nov 1999 12:56:53 -0800 (PST)
	(envelope-from nathank@mentisworks.com)
Received: from [24.29.197.186] (HELO mentisworks.com)
  by mentisworks.com (CommuniGate Pro SMTP 3.2b5)
  with ESMTP id 590319 for freebsd-current@freebsd.org; Mon, 29 Nov 1999 14:56:50 -0600
Received: from [192.168.245.111] (HELO mentisworks.com)
  by mentisworks.com (CommuniGate Pro SMTP 3.2b5)
  with ESMTP id 1630004 for freebsd-current@freebsd.org; Mon, 29 Nov 1999 14:56:51 -0600
Message-ID: <3842E850.36DEC632@mentisworks.com>
Date: Mon, 29 Nov 1999 14:55:44 -0600
From: Nathan Kinsman <nathank@mentisworks.com>
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-current@freebsd.org
Subject: Re: IP Filter 3.3.3 in FreeBSD -CURRENT [LONG]
References: <99112814445100.78810@Amber.XtremeDev.com> <3643.991128@v-wave.com> <99112816325700.79094@Amber.XtremeDev.com> <99112912214800.72589@Amber.XtremeDev.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


No solutions for you, but I have had the same exact problems with
Current and Ip Filter 3.3.3.  Giving up.

Current Ip Filter works fine on 3.3-STABLE.  Can't hardly wait for 4.0
to be stable and released, I'm not happy with my current mangling of
different compilers in STABLE.
_
Nathan Kinsman


Davec wrote:
> 
> Ok, I just tried downloading the IP Filter sources for 3.3.3 and followed the
> instructions at http://www.freebsddiary.org/freebsd/ipfilter333.htm.
> Unfortunately I have ended up with the same errors:
> 
> open device: Device not configured
> ioctl(SIOCIPFFL): Bad file descriptor
> 
> To reiterate for -CURRENT newsgroup, I'm trying to get IP Filter 3.3.3 to work
> in FreeBSD 4.0-CURRENT since it's reinstatement by Guido back into the source
> tree. I have the following in my kernel config file:
> 
> pseudo-device   bpf             #Berkeley packet filter
> options         IPFILTER
> options         IPFILTER_LOG
> #options                IPFILTER_LKM
> #options                IPFIREWALL
> #options                IPFIREWALL_FORWARD
> #options                IPFIREWALL_VERBOSE
> #options                "IPFIREWALL_VERBOSE_LIMIT=10"
> 
> (Note the lines that are commented out and the lines that aren't.)
> I made world and built a new kernel, upon reboot I was greeted with:
> 
> Nov 28 20:02:34 /kernel: IP Filter: initialized.  Default = pass all, Logging = enabled
> Nov 28 20:02:34 /kernel: IP Filter: v3.3.3
> 
> But when I try to load any rules, I get the error messages above. Same result
> with ipnat. I checked to make sure I was using the right version of ipf:
> 
> ~# ls -la `which ipf`
> -rwxr-xr-x  1 root  wheel  28096 Nov 28 19:37 /sbin/ipf
> 
> ~# ipf -V
> ipf: IP Filter: v3.3.3 (192)
> open device: Device not configured
> ioctl(SIOCGETFS: Bad file descriptor
> 
> ~# ls -la /dev/ip*
> crw-r--r--  1 root  wheel   79,   3 Nov 28 16:27 /dev/ipauth
> crw-r--r--  1 root  wheel   79,   0 Nov 28 16:26 /dev/ipl
> crw-r--r--  1 root  wheel   79,   1 Nov 28 16:26 /dev/ipnat
> crw-r--r--  1 root  wheel   79,   2 Nov 28 16:26 /dev/ipstate
> 
> ~# truss /sbin/ipf -V | egrep syscall
> syscall __sysctl(0xbfbfd62c,0x2,0x18061428,0xbfbfd628,0x0,0x0)
>         returns 0 (0x0)
> syscall mmap(0x0,32768,0x3,0x1002,-1,0x0)
>         returns 403054592 (0x18062000)
> syscall geteuid()
>         returns 0 (0x0)
> syscall getuid()
>         returns 0 (0x0)
> syscall getegid()
>         returns 0 (0x0)
> syscall getgid()
>         returns 0 (0x0)
> syscall open("/var/run/ld-elf.so.hints",0,00)
>         returns 3 (0x3)
> syscall read(0x3,0xbfbfd60c,0x80)
>         returns 128 (0x80)
> syscall lseek(3,0x80,0)
>         returns 128 (0x80)
> syscall read(0x3,0x18066000,0x7c)
>         returns 124 (0x7c)
> syscall close(3)
>         returns 0 (0x0)
> syscall access("/usr/lib/libc.so.4",0)
>         returns 0 (0x0)
> syscall open("/usr/lib/libc.so.4",0,027757753204)
>         returns 3 (0x3)
> syscall fstat(3,0xbfbfd654)
>         returns 0 (0x0)
> syscall read(0x3,0xbfbfc624,0x1000)
>         returns 4096 (0x1000)
> syscall mmap(0x0,581632,0x5,0x2,3,0x0)
>         returns 403087360 (0x1806a000)
> syscall mmap(0x180e4000,20480,0x3,0x12,3,0x79000)
>         returns 403587072 (0x180e4000)
> syscall mmap(0x180e9000,61440,0x3,0x1012,-1,0x0)
>         returns 403607552 (0x180e9000)
> syscall close(3)
>         returns 0 (0x0)
> syscall fstat(1,0xbfbfce10)
>         returns 0 (0x0)
> syscall readlink("/etc/malloc.conf",0xbfbfcdf0,63)
>         errno 2 'No such file or directory'
> syscall mmap(0x0,4096,0x3,0x1002,-1,0x0)
>         returns 403668992 (0x180f8000)
> syscall break(0x8052000)
>         returns 0 (0x0)
> syscall break(0x8056000)
>         returns 0 (0x0)
> syscall open("/dev/ipl",2,027757753004) <<-- Relevant text
>         errno 6 'Device not configured'
> syscall open("/dev/ipl",0,027757753004)
>         errno 6 'Device not configured'
> open device: Device not configured
> syscall writev(0x2,0xbfbfd5a0,0x4)
>         returns 35 (0x23)
> syscall ioctl(-1,SIOCGETFS,0xbfbfd614)
>         errno 9 'Bad file descriptor'
> ioctl(SIOCGETFS: Bad file descriptor
> syscall writev(0x2,0xbfbfd5d0,0x4)
>         returns 37 (0x25)
> syscall write(1,0x8052000,29)
>         returns 29 (0x1d)
> syscall exit(0x0)
>         process exit, rval = 0
> 
> I got the same result and errors from compiling with the IPFilter present in
> the FreeBSD 4.0-CURRENT source tree and from downloading the IP Filter 3.3.3
> from it's home page and following the simple instructions at freebsddiary.org.
> 
> Misc info:
> ~# ls -la /dev/bpf*
> crw-------  1 root  wheel   23,   0 Nov 28 20:02 /dev/bpf0
> 
> I have gotten many numerous suggestions and advice from the ipfilter mailing
> list, and they have been most helpful in helping me narrow this down, but I
> still have not been able to resolve this problem. Does anyone else have any
> more hints or tips for me to search? From either IPFilter mailing list or
> FreeBSD-CURRENT?
> 
> One final note. I updated to the latest snap of -CURRENT from an Oct. 10 snap,
> since that was the last date when IP Filter was still in the source tree before
> it was removed due to old age. And it worked perfectly then.
> 
> Thank you for any help or suggestions.
> 
> Davec
> --
> Davec@unforgettable.com
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message