From owner-freebsd-pf@FreeBSD.ORG Wed Dec 8 03:08:17 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 997B716A4CE; Wed, 8 Dec 2004 03:08:17 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 278D443D46; Wed, 8 Dec 2004 03:08:17 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CbsBb-00052j-00; Wed, 08 Dec 2004 04:08:15 +0100 Received: from [84.128.135.121] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CbsBb-0002uy-00; Wed, 08 Dec 2004 04:08:15 +0100 From: Max Laier To: freebsd-stable@freebsd.org Date: Wed, 8 Dec 2004 04:08:54 +0100 User-Agent: KMail/1.7.1 References: <20041208023428.M17241@vampextream.com> <20041208025713.GA11341@xor.obsecurity.org> In-Reply-To: <20041208025713.GA11341@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart38017013.28ohUi3WyH"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200412080409.02608.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-pf@freebsd.org cc: Kris Kennaway Subject: Re: custom kern build X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Dec 2004 03:08:17 -0000 --nextPart38017013.28ohUi3WyH Content-Type: multipart/mixed; boundary="Boundary-01=_JBntBGiUg4lJHwv" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_JBntBGiUg4lJHwv Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 08 December 2004 03:57, Kris Kennaway wrote: > On Tue, Dec 07, 2004 at 06:47:07PM -0800, whitevamp wrote: > > not sure if this is the right place to post this .. > > i am currently trying to buld a custom kern ( this in an upgrade from 4= =2E9 > > to 5.3 ) and every time i goto build the kern i get an error saying > > something is an unknowen option and now im getting this one and i got=20 > > this out of src/UPDATING option PFIL_HOOKS ( note that the kern make h= as > > complained about ,10 options so far that i have placed in the kern file= ) > > > > so what would be causeing this error ? a bad cvs up ? or ? i did a cvs = up > > to relang 5_3 > > Bad kernel config; if you compare to GENERIC or NOTES (or read > UPDATING) you'll see that the PFIL_HOOKS option was removed. It's > best to stick to GENERIC unless you know what you're doing. This gets me wondering, might the attached diff be helpful? Is there any ru= le=20 to (not) remove outdated/expired entries? I know we tell people to really *READ* UPDATING and I really, really sugges= t=20 that to everybody. But we can still make it easier - right? Are there similar instances? RANDOM_IP_ID does only have the "was removed"= =20 note, AFAIR. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_JBntBGiUg4lJHwv Content-Type: text/x-diff; charset="iso-8859-1"; name="PFIL_HOOKS.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="PFIL_HOOKS.diff" Index: UPDATING =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/UPDATING,v retrieving revision 1.379 diff -u -r1.379 UPDATING =2D-- UPDATING 16 Nov 2004 21:18:41 -0000 1.379 +++ UPDATING 8 Dec 2004 03:04:32 -0000 @@ -198,9 +198,7 @@ IPFW has been converted to use PFIL_HOOKS. This change is transparent to userland and preserves the ipfw ABI. The ipfw core packet inspection and filtering functions have not been =2D changed, only how ipfw is invoked is different. Note that =2D "option PFIL_HOOKS" is required to use IPFIREWALL compiled =2D into the kernel or as KLD. + changed, only how ipfw is invoked is different. =20 20040814: The RANDOM_IP_ID option has been replaced by the sysctl @@ -423,8 +421,7 @@ sure to run mergemaster -p before installworld to create required user account ("proxy"). If you do not want to build pf with your system you can use the NO_PF knob in make.conf. =2D Also note that pf requires "options PFIL_HOOKS" in the kernel. The =2D pf system consists of the following three devices: + The pf system consists of the following three devices: device pf # required device pflog # optional device pfsync # optional @@ -580,13 +577,6 @@ kiconv(3) has been added. mount_msdosfs(8), mount_ntfs(8) and mount_cd9660(8) need to be in sync with kernel. =20 =2D20030925: =2D Configuring a system to use IPFILTER now requires that PFIL_HOOKS =2D also be explicitly configured. Previously this dependency was =2D magically handled through some cruft in net/pfil.h; but that has =2D been removed. Building a kernel with IPFILTER but not PFIL_HOOKS =2D will fail with obtuse errors in ip_fil.c. =2D 20030923: Fix a bug in arplookup(), whereby a hostile party on a locally attached network could exhaust kernel memory, and cause a system --Boundary-01=_JBntBGiUg4lJHwv-- --nextPart38017013.28ohUi3WyH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBtnBOXyyEoT62BG0RAm0qAJsFM3LMf1OTRIAnlWvZRQt2A6XCqQCcCkuC NoOjaQ3HUlNnfChTxGF0Af4= =wohS -----END PGP SIGNATURE----- --nextPart38017013.28ohUi3WyH--