Date: Wed, 21 Aug 2002 21:03:05 +0400 From: "Sergey Mokryshev" <mokr@mokr.net> To: "David W. Chapman Jr." <dwcjr@inethouston.net> Cc: <cjclark@alum.mit.edu>, <current@FreeBSD.ORG> Subject: Re: question about ipl.ko Message-ID: <0b6601c24934$9dcf97f0$0f0010ac@office.tersys.ru> References: <20020816130147.GA39907@studnet.sk> <20020816193854.GC47465@blossom.cjclark.org> <062201c2475f$9f19ab40$0f0010ac@office.tersys.ru> <20020820181519.GA69240@blossom.cjclark.org> <0ab501c2492d$bc90fe10$0f0010ac@office.tersys.ru> <20020821162631.GA38043@leviathan.inethouston.net>
next in thread | previous in thread | raw e-mail | index | archive | help
(removed questions@ from Cc) Hello, David! You wrote to "Sergey Mokryshev" <mokr@mokr.net> on Wed, 21 Aug 2002 11:26:32 -0500: >> Another point - you can upgrade ipfilter stuff without rebooting, >> it is useful in situations where minimum downtime is possible. >> PFIL_HOOKS does not add much functionality to the kernel and >> I always turn this on on every box. DWC> I think you are missing his point though. Some people kldload DWC> ipl.ko because they don't want to recompile their kernel. IF DWC> they recompile it with PFIL_HOOKS might as well do ipfilter at DWC> the same time. No, David. I understand it. For those who load modules dynamically because they don't want to recompile kernel this is not a solution. My practice is to load modules dynamically to share the same kernel between several boxes. One of this PCs works as a firewall, another one serve my personal CVS repository and works as a test box (there are other machines running -CURRENT and virtually all use the same kernel and modules). Some time ago I tried to upgrade IPFilter on the fly (kldunload && kldload) and it worked like a charm. It is an endless discussion, and I really don't want to continue. I wrote a letter because I disagree with Crist J. Clark > CJC> Both. If you are getting an 'Exec format error,' there is > CJC> something wrong at your end. However, ipl.ko has been broken in > CJC> CURRENT for a "long time" (over a year at least) and will not > CJC> load (albeit with a different error message). No, ipl.ko is not broken. It depends on pfil(9). Sincerely yours, Sergey Mokryshev. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0b6601c24934$9dcf97f0$0f0010ac>