Date: Wed, 8 Dec 2004 04:08:54 +0100 From: Max Laier <max@love2party.net> To: freebsd-stable@freebsd.org Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: custom kern build Message-ID: <200412080409.02608.max@love2party.net> In-Reply-To: <20041208025713.GA11341@xor.obsecurity.org> References: <20041208023428.M17241@vampextream.com> <20041208025713.GA11341@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart38017013.28ohUi3WyH Content-Type: multipart/mixed; boundary="Boundary-01=_JBntBGiUg4lJHwv" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_JBntBGiUg4lJHwv Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 08 December 2004 03:57, Kris Kennaway wrote: > On Tue, Dec 07, 2004 at 06:47:07PM -0800, whitevamp wrote: > > not sure if this is the right place to post this .. > > i am currently trying to buld a custom kern ( this in an upgrade from 4= =2E9 > > to 5.3 ) and every time i goto build the kern i get an error saying > > something is an unknowen option and now im getting this one and i got=20 > > this out of src/UPDATING option PFIL_HOOKS ( note that the kern make h= as > > complained about ,10 options so far that i have placed in the kern file= ) > > > > so what would be causeing this error ? a bad cvs up ? or ? i did a cvs = up > > to relang 5_3 > > Bad kernel config; if you compare to GENERIC or NOTES (or read > UPDATING) you'll see that the PFIL_HOOKS option was removed. It's > best to stick to GENERIC unless you know what you're doing. This gets me wondering, might the attached diff be helpful? Is there any ru= le=20 to (not) remove outdated/expired entries? I know we tell people to really *READ* UPDATING and I really, really sugges= t=20 that to everybody. But we can still make it easier - right? Are there similar instances? RANDOM_IP_ID does only have the "was removed"= =20 note, AFAIR. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_JBntBGiUg4lJHwv Content-Type: text/x-diff; charset="iso-8859-1"; name="PFIL_HOOKS.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="PFIL_HOOKS.diff" Index: UPDATING =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/UPDATING,v retrieving revision 1.379 diff -u -r1.379 UPDATING =2D-- UPDATING 16 Nov 2004 21:18:41 -0000 1.379 +++ UPDATING 8 Dec 2004 03:04:32 -0000 @@ -198,9 +198,7 @@ IPFW has been converted to use PFIL_HOOKS. This change is transparent to userland and preserves the ipfw ABI. The ipfw core packet inspection and filtering functions have not been =2D changed, only how ipfw is invoked is different. Note that =2D "option PFIL_HOOKS" is required to use IPFIREWALL compiled =2D into the kernel or as KLD. + changed, only how ipfw is invoked is different. =20 20040814: The RANDOM_IP_ID option has been replaced by the sysctl @@ -423,8 +421,7 @@ sure to run mergemaster -p before installworld to create required user account ("proxy"). If you do not want to build pf with your system you can use the NO_PF knob in make.conf. =2D Also note that pf requires "options PFIL_HOOKS" in the kernel. The =2D pf system consists of the following three devices: + The pf system consists of the following three devices: device pf # required device pflog # optional device pfsync # optional @@ -580,13 +577,6 @@ kiconv(3) has been added. mount_msdosfs(8), mount_ntfs(8) and mount_cd9660(8) need to be in sync with kernel. =20 =2D20030925: =2D Configuring a system to use IPFILTER now requires that PFIL_HOOKS =2D also be explicitly configured. Previously this dependency was =2D magically handled through some cruft in net/pfil.h; but that has =2D been removed. Building a kernel with IPFILTER but not PFIL_HOOKS =2D will fail with obtuse errors in ip_fil.c. =2D 20030923: Fix a bug in arplookup(), whereby a hostile party on a locally attached network could exhaust kernel memory, and cause a system --Boundary-01=_JBntBGiUg4lJHwv-- --nextPart38017013.28ohUi3WyH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBtnBOXyyEoT62BG0RAm0qAJsFM3LMf1OTRIAnlWvZRQt2A6XCqQCcCkuC NoOjaQ3HUlNnfChTxGF0Af4= =wohS -----END PGP SIGNATURE----- --nextPart38017013.28ohUi3WyH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412080409.02608.max>