Date: Wed, 28 Dec 2005 15:50:41 +0000 From: Brian Candler <B.Candler@pobox.com> To: freebsd-stable@freebsd.org Subject: Strange problem with kldload and pf Message-ID: <20051228155041.GA7124@uk.tiscali.com>
next in thread | raw e-mail | index | archive | help
Fresh install of FreeBSD 6.0-RELEASE from CD. With the GENERIC kernel, I was able to 'kldload pf' to get the pf firewall. However this doesn't work after I rebuilt a new kernel; it fails to load. All I did was add IPSEC and disable IPv6. The exact config diff from GENERIC is attached below. I rebuilt the kernel using: # cd /usr/src/sys/i386/conf # cp GENERIC CANDLERB # vi CANDLERB ... see diff below # config CANDLERB # cd ../compile/CANDLERB # make cleandepend && make depend && make && make install # reboot Now when I try to load the pf module I get: # kldload pf kldload: can't load pf: No such file or directory # However this module file definitely exists, and has a timestamp from when the kernel was rebuilt: # ls -l /boot/kernel/pf.ko -r-xr-xr-x 1 root wheel 188030 Dec 28 15:15 /boot/kernel/pf.ko # wc -c /boot/kernel/pf.ko 188030 /boot/kernel/pf.ko An strace -id of the kldload process doesn't shed any light either: ... 834 kldload CALL sigprocmask(0x3,0x28067830,0) 834 kldload RET sigprocmask 0 834 kldload CALL kldload(0xbfbfeba4) 834 kldload NAMI "/boot/kernel/linker.hints" 834 kldload NAMI "/boot/kernel/pf.ko" 834 kldload NAMI "/boot/kernel/pf.ko" 834 kldload RET kldload -1 errno 2 No such file or directory 834 kldload CALL write(0x2,0xbfbfe3d0,0x9) 834 kldload GIO fd 2 wrote 9 bytes "kldload: " ... I can load other modules successfully (I tried 'kldload ng_nat' just to pick one at random) I guess I can go ahead and rebuild the kernel again, this time with pf built in. However I would like to know why I can't load pf as a module, even though it seems to have been successfully built as one. Regards, Brian. --- /usr/src/sys/i386/conf/GENERIC Fri Oct 28 20:22:41 2005 +++ /usr/src/sys/i386/conf/CANDLERB Wed Dec 28 14:19:48 2005 @@ -22,7 +22,7 @@ cpu I486_CPU cpu I586_CPU cpu I686_CPU -ident GENERIC +ident CANDLERB # To statically compile in device wiring instead of /boot/device.hints #hints "GENERIC.hints" # Default places to look for devices. @@ -33,7 +33,7 @@ options SCHED_4BSD # 4BSD scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking -options INET6 # IPv6 communications protocols +#options INET6 # IPv6 communications protocols options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists @@ -277,3 +277,7 @@ device firewire # FireWire bus code device sbp # SCSI over FireWire (Requires scbus and da) device fwe # Ethernet over FireWire (non-standard!) + +options IPSEC +options IPSEC_ESP +options IPSEC_DEBUG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051228155041.GA7124>