From owner-freebsd-net@FreeBSD.ORG Tue Mar 8 00:08:33 2005 Return-Path: Delivered-To: freebsd-net@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2694816A4CE; Tue, 8 Mar 2005 00:08:33 +0000 (GMT) Received: from mxsf19.cluster1.charter.net (mxsf19.cluster1.charter.net [209.225.28.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D8EC43D1D; Tue, 8 Mar 2005 00:08:32 +0000 (GMT) (envelope-from c0ldbyte@myrealbox.com) Received: from mxip19.cluster1.charter.net (mxip19a.cluster1.charter.net [209.225.28.149])j2808UGG010668; Mon, 7 Mar 2005 19:08:31 -0500 Received: from 24.247.253.134.gha.mi.chartermi.net (HELO eleanor.us1.wmi.uvac.net) (24.247.253.134) by mxip19.cluster1.charter.net with ESMTP; 07 Mar 2005 19:08:30 -0500 X-Ironport-AV: i="3.90,145,1107752400"; d="scan'208"; a="789508998:sNHT14213372" Date: Mon, 7 Mar 2005 19:08:24 -0500 (EST) From: c0ldbyte To: Goran Gajic In-Reply-To: Message-ID: <20050307190552.M80041@eleanor.us1.wmi.uvac.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-amd64@www.freebsd.org cc: freebsd-net@www.freebsd.org Subject: Re: ipfilter 4.1.6 won't build on FreeBSD5.3 amd64 (fwd) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Mar 2005 00:08:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 7 Mar 2005, Goran Gajic wrote: > Hi, > > I have tried to build ipfilter 4.1.6 as module and as part of kernel on > FreeBSD 5.3 on amd64 but in both cases I have failed. When I use > option IPFILTER in kernel config this is what I get: > > cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -Wall > -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes > -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -nostdinc > -I- -I. -I../../.. -I../../../contrib/dev/acpica -I../../../contrib/altq > -I../../../contrib/ipfilter > -I../../../contrib/pf -I../../../contrib/dev/ath > -I../../../contrib/dev/ath/freebsd -I../../../contrib/ngatm -D_KERNEL > -include opt_global.h -fno-common -finline-limit=8000 --param > inline-unit-growth=100 --param large-function-growth=1000 -mcmodel=kernel > -mno-red-zone -mfpmath=387 -mno-sse -mno-sse2 -mno-mmx -mno-3dnow > -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -Werror > .../../../contrib/ipfilter/netinet/ip_frag.c > .../../../contrib/ipfilter/netinet/ip_frag.c: In function `fr_ipid_newfrag': > .../../../contrib/ipfilter/netinet/ip_frag.c:394: warning: cast to pointer > from integer of different size > .../../../contrib/ipfilter/netinet/ip_frag.c: In function > `fr_ipid_knownfrag': > .../../../contrib/ipfilter/netinet/ip_frag.c:579: warning: cast from pointer > to integer of different size > *** Error code 1 > > Stop in /usr/src/sys/amd64/compile/SENT. > > > When I have tried to build ipf.ko this is what I get: > ld -warn-common -r -d -o ipf.kld.5 ip_fil.o fil.o ml_ipl.o ip_nat.o ip_frag.o > ip_state.o ip_proxy.o ip_auth.o ip_log.o ip_pool.o ip_htable.o ip_lookup.o > ip_rules.o ip_scan.o ip_sync.o > ld -Bshareable -d -warn-common -o ipf.ko ipf.kld.5 > ld: ipf.kld.5: relocation R_X86_64_32 can not be used when making a shared > object; recompile with -fPIC > ipf.kld.5: could not read symbols: Bad value > *** Error code 1 > > Stop in /root/ip_fil4.1.6/BSD/FreeBSD-5.3-RELEASE-amd64. > *** Error code 1 > > Stop in /root/ip_fil4.1.6. > > I have tried recompling with -fPIC but when I do kld_load ipf.ko this is what > I get: > sen# kldload /boot/kernel/ipf.ko > dmesg output: > kldload: can't load /boot/kernel/ipf.ko: Exec format error > kldload: Unsupported file type > kldload: unexpected relocation type 7 > link_elf: symbol appr_check undefined > > > So, my question is: can ipfilter be used to NAT something like 7000 hosts on > FreeBSD? Currently I have cisco 7206 that is running IOS 12.3(4r)T1 only IOS > that has NAT inside CEF (otherwise CPU load is something like 80% with this > IOS it is something like 20% for 7000 hosts). I want my amd64 only to NAT > inside network (10.1.0.0/16) but when I have tried ipfilter > v3.4.35 that comes with freebsd5.3 (compiled with LARGE_NAT) it had poor > performance. (it could handle something like 120000 connections although > vaules in ip_nat.h were much greater, maybe I have missed some other > parameters?). Machine has two broadcom NICs so I don't think that is > problem, can someone advise what to do to? > > Regards, > Goran Gajic Are those CFLAGS=-O2, a standard compilation or is that something you added to the make.conf ?. Ive tried some optimizations myself well building the kernel and its modules and got a very sparse build of things they dont seem to build to well when being built with -O2 opts. Good luck and best regards, check your /etc/make.conf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF7DF979F iD8DBQFCLOz8smFQuvffl58RAp8HAJ4qcQuzBU3uI9koXuoypA2lJaw6jgCeNk7O 1ffKaacnysptQNLxaaP17TE= =A712 -----END PGP SIGNATURE-----