From owner-freebsd-virtualization@FreeBSD.ORG Sat Mar 6 08:04:45 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7498F106568E; Sat, 6 Mar 2010 08:04:45 +0000 (UTC) (envelope-from jim@sifferle.net) Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by mx1.freebsd.org (Postfix) with ESMTP id BD2968FC24; Sat, 6 Mar 2010 08:04:44 +0000 (UTC) Received: from [192.65.23.38] (c-71-59-131-234.hsd1.wa.comcast.net [71.59.131.234]) by mrelay.perfora.net (node=mrus2) with ESMTP (Nemesis) id 0LjZyK-1NGx5f37pg-00bexL; Sat, 06 Mar 2010 03:04:41 -0500 From: Jim Sifferle To: Ermal =?ISO-8859-1?Q?Lu=E7i?= , Julian Elischer In-Reply-To: <477684154.296223.1267820136159.JavaMail.open-xchange@oxusltgw09.schlund.de> References: <1266739527.25137.519.camel@localhost> <4B80F076.5020109@elischer.org> <20100221084118.W27327@maildrop.int.zabbadoz.net> <4B8169EB.4030100@elischer.org> <9a542da31002230211k2fb5d99do7ed574a8cd94f4d9@mail.gmail.com> <900375163.294375.1267816560546.JavaMail.open-xchange@oxusltgw09.schlund.de> <4B915CB5.4070702@elischer.org> <477684154.296223.1267820136159.JavaMail.open-xchange@oxusltgw09.schlund.de> Content-Type: text/plain; charset="UTF-8" Date: Sat, 06 Mar 2010 00:04:34 -0800 Message-ID: <1267862674.29050.25.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.28.2 (2.28.2-1.fc12) Content-Transfer-Encoding: 7bit X-Provags-ID: V01U2FsdGVkX19qibcLk1GLAd5pd4uP/ApsGK3QNf0PgjRQkih 2O6h2LJQ1wr3WKKZ5hbOAvXKDjFkJmEln3mHN2CmAsIMjY7O6u z3BqKvvymgZBHtIjVWqTA== Cc: "Bjoern A. Zeeb" , FreeBSD virtualization mailing list , pf@freebsd.org Subject: Re: Network simulation using jails & vimage X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2010 08:04:45 -0000 On Fri, 2010-03-05 at 15:15 -0500, jim@sifferle.net wrote: > On March 5, 2010 at 7:34 PM Julian Elischer wrote: > > > jim@sifferle.net wrote: > > > > > > I just now had some time to put together a CURRENT box for testing. I'm > > > getting a 'Fatal trap 12: page fault while in kernel mode' whenever I > > > boot with pf_enable set to YES in rc.conf. Here's my current setup: > > > > > > > This is unfortunately one for Ermal, as I wouldn't know a pfctl > > command if it came up and kicked me in the shins. :-) > > > > We really should try get the new pf stuff into -current so that > > it gets more testing. > > > Thanks for your quick reply... > > I think my first problem is I didn't pull the sources from the folder Ermal > mentioned: http://svn.freebsd.org/base/user/eri/pf45/head/. > > I misunderstood and thought it had been put in CURRENT. I will download > the correct > sources and try again. > Hi Ermal, Forgive my ignorance, but how would you recommend I build my system to test the new pf code? Here's what I tried earlier today: 1) Start with a CURRENT system with sources from 2/25 2) Download the new sources from svn using the link you provided na-lab-wan-3# svn info Path: . URL: http://svn.freebsd.org/base/user/eri/pf45/head Repository Root: http://svn.freebsd.org/base Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 204768 Node Kind: directory Schedule: normal Last Changed Author: eri Last Changed Rev: 204245 Last Changed Date: 2010-02-23 01:58:12 -0800 (Tue, 23 Feb 2010) 3) Build and install a new kernel with the updated sources. But, I could not compile with ALTQ support enabled. Is ALTQ available yet with the new pf, or is it still a work in progress like pflog and pfsync? cc -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In function 'pf_begin_altq': /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894: error: 'altqs_inactive_open' undeclared (first use in this function) /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894: error: (Each undeclared identifier is reported only once /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894: error: for each function it appears in.) /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In function 'pf_rollback_altq': /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:934: error: 'altqs_inactive_open' undeclared (first use in this function) /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In function 'pf_commit_altq': /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:1024: error: 'altqs_inactive_open' undeclared (first use in this function) *** Error code 1 4) Reboot, load pf module, attempt to run pfctl -f /etc/pf.conf with this error: No ALTQ support in kernel ALTQ related functions disabled pfctl: DIOCADDRULE: Operation not supported by device 5) Attempt to rebuild pfctl from /usr/src_new/sbin/pfctl to deal with the 'Operation not supported by device' error. I get this error: cc -O2 -pipe -Wall -Wmissing-prototypes -Wno-uninitialized -Wstrict-prototypes -I/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl -DENABLE_ALTQ -std=gnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -c /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c cc1: warnings being treated as errors In file included from /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:64: /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:119: warning: 'struct pfsync_state_peer' declared inside parameter list /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:119: warning: its scope is only this definition or declaration, which is probably not what you want /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:120: warning: 'struct pfsync_state' declared inside parameter list /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_clear_states': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:393: error: 'struct pfioc_state_kill' has no member named 'psk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_kill_src_nodes': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:532: error: 'struct pfioc_src_node_kill' has no member named 'psnk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:538: error: 'struct pfioc_src_node_kill' has no member named 'psnk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_net_kill_states': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:638: error: 'struct pfioc_state_kill' has no member named 'psk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:644: error: 'struct pfioc_state_kill' has no member named 'psk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_label_kill_states': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:670: error: 'struct pfioc_state_kill' has no member named 'psk_label' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:670: error: 'struct pfioc_state_kill' has no member named 'psk_label' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:671: error: 'struct pfioc_state_kill' has no member named 'psk_label' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:678: error: 'struct pfioc_state_kill' has no member named 'psk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_id_kill_states': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:695: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:695: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:696: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:696: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:697: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:698: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:703: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:708: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:708: error: 'struct pfioc_state_kill' has no member named 'psk_pfcmp' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:713: error: 'struct pfioc_state_kill' has no member named 'psk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_print_rule_counters': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:805: error: 'struct pf_rule' has no member named 'states_cur' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:810: error: 'struct pf_rule' has no member named 'states_tot' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_show_rules': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:922: error: 'struct pf_rule' has no member named 'states_tot' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_show_states': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1087: warning: assignment from incompatible pointer type /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1088: error: dereferencing pointer to incomplete type /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1088: error: increment of pointer to unknown structure /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1088: error: arithmetic on pointer to an incomplete type /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1088: warning: left-hand operand of comma expression has no effect /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1089: error: dereferencing pointer to incomplete type /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:1095: warning: passing argument 1 of 'print_state' from incompatible pointer type *** Error code 1 Thanks for any help you can provide... Jim