From owner-freebsd-isp@FreeBSD.ORG Mon Jun 12 09:56:01 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52ADC16A41F; Mon, 12 Jun 2006 09:56:01 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79F3943D48; Mon, 12 Jun 2006 09:56:00 +0000 (GMT) (envelope-from vadimnuclight@tpu.ru) Received: by relay1.tpu.ru (Postfix, from userid 501) id 6DA2E10D33C; Mon, 12 Jun 2006 16:55:57 +0700 (NOVST) Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3]) by relay1.tpu.ru (Postfix) with ESMTP id 2F35510D337; Mon, 12 Jun 2006 16:55:57 +0700 (NOVST) Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with Microsoft SMTPSVC(6.0.3790.1830); Mon, 12 Jun 2006 16:55:57 +0700 Received: from nuclight.avtf.net ([82.117.64.107]) by mail.tpu.ru over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 12 Jun 2006 16:55:56 +0700 To: "Joao Barros" References: <70e8236f0606110836j38f7ca33wa3058eaecf386fb5@mail.gmail.com> <70e8236f0606111530i5ec5cd7eh7230ac76f466f1d@mail.gmail.com> Message-ID: Date: Mon, 12 Jun 2006 16:55:41 +0700 From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In-Reply-To: <70e8236f0606111530i5ec5cd7eh7230ac76f466f1d@mail.gmail.com> User-Agent: Opera M2/7.54 (Win32, build 3865) X-OriginalArrivalTime: 12 Jun 2006 09:55:56.0951 (UTC) FILETIME=[66A27A70:01C68E06] Cc: freebsd-isp@freebsd.org, "freebsd-net@freebsd.org" , "freebsd-current@freebsd.org" , "freebsd-ipfw@freebsd.org" Subject: Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jun 2006 09:56:01 -0000 12.06.06 @ 05:30 Joao Barros wrote: > ld -d -warn-common -r -d -o ng_tag.kld ng_tag.o > touch export_syms > awk -f /sys/conf/kmod_syms.awk ng_tag.kld export_syms | xargs -J% > objcopy % ng_tag.kld > ld -Bshareable -d -warn-common -o ng_tag.ko ng_tag.kld > objcopy --strip-debug ng_tag.ko > ultra5# kldload ./ng_tag.kld > kldload: can't load ./ng_tag.kld: Exec format error > ultra5# file ng_tag.kld > ng_tag.kld: ELF 64-bit MSB relocatable, SPARC V9, version 1 (FreeBSD), > not stripped Huh, you should load ng_tag.ko, not ng_tag.kld - as you can see ng_tag.ko (final version) is produced from ng_tag.kld (immediate file). Another possibility you should mention is using both firewalls at the same time, ipfw and pf. The rule order traversal, AFAIK, depends on order of module loading, so you should experiment a little with it. -- WBR, Vadim Goncharov