From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 12 04:02:46 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8024816A41A for ; Mon, 12 Jun 2006 04:02:46 +0000 (UTC) (envelope-from ozkan@mersin.edu.tr) Received: from mail.mersin.edu.tr (mail.mersin.edu.tr [193.255.128.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id D65ED43D45 for ; Mon, 12 Jun 2006 04:02:43 +0000 (GMT) (envelope-from ozkan@mersin.edu.tr) Received: from localhost (localhost.mersin.edu.tr [127.0.0.1]) by mail.mersin.edu.tr (Postfix) with ESMTP id 1F74645187; Mon, 12 Jun 2006 07:02:54 +0300 (EEST) Received: from mail.mersin.edu.tr ([127.0.0.1]) by localhost (mail.mersin.edu.tr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20525-07; Mon, 12 Jun 2006 07:02:41 +0300 (EEST) Received: from [10.0.50.20] (unknown [81.213.166.209]) by mail.mersin.edu.tr (Postfix) with ESMTP id 40F50451B5; Mon, 12 Jun 2006 07:02:41 +0300 (EEST) Message-ID: <448CE752.6080507@mersin.edu.tr> Date: Mon, 12 Jun 2006 07:02:26 +0300 From: =?ISO-8859-9?Q?=D6zkan_KIRIK?= User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050927) X-Accept-Language: tr-TR, tr, en-US, en MIME-Version: 1.0 To: Joao Barros , freebsd-ipfw@freebsd.org References: <70e8236f0606110836j38f7ca33wa3058eaecf386fb5@mail.gmail.com> <70e8236f0606111530i5ec5cd7eh7230ac76f466f1d@mail.gmail.com> In-Reply-To: <70e8236f0606111530i5ec5cd7eh7230ac76f466f1d@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-9; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at mersin.edu.tr Cc: Subject: Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jun 2006 04:02:46 -0000 Try to load kernel object file kldload ./ng_tag.ko Ozkan KIRIK Joao Barros yazmış: > On 6/11/06, Vadim Goncharov wrote: > >> 11.06.06 @ 22:36 Joao Barros wrote: >> >> Original message is at: >> http://lists.freebsd.org/pipermail/freebsd-current/2006-June/063821.html >> >> > I'm very interested in this, great work! :-) >> > I can't load the kld on my Sun Sparc, I think I messed up ld yesterday >> > trying to patch for a bug that show's in firefox and mozilla. It >> > compiles, just doesn't run. As soon as I have it up and running I'll >> > give you feedback. >> >> Umm, that's a kernel module, it shouldn't have any relations with ld. >> What >> diagnostics has it said on failed load? > > > ultra5# make > Warning: Object directory not changed from original /root/ng_tag > @ -> /usr/src/sys > machine -> /usr/src/sys/sparc64/include > touch opt_netgraph.h > cc -O2 -pipe -g -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE > -nostdinc -I- -I/root/ng_tag -I. -I@ -I@/contrib/altq -I@/../include > -I/usr/include -finline-limit=15000 -fno-common -mcmodel=medlow > -msoft-float -ffreestanding -Wall -Wredundant-decls -Wnested-externs > -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline > -Wcast-qual -fformat-extensions -std=c99 -c ng_tag.c > ld -d -warn-common -r -d -o ng_tag.kld ng_tag.o > touch export_syms > awk -f /sys/conf/kmod_syms.awk ng_tag.kld export_syms | xargs -J% > objcopy % ng_tag.kld > ld -Bshareable -d -warn-common -o ng_tag.ko ng_tag.kld > objcopy --strip-debug ng_tag.ko > ultra5# kldload ./ng_tag.kld > kldload: can't load ./ng_tag.kld: Exec format error > ultra5# file ng_tag.kld > ng_tag.kld: ELF 64-bit MSB relocatable, SPARC V9, version 1 (FreeBSD), > not stripped > >> >> > Have you tested it with pf? If so can you give me some examples? >> >> No, it wasn't tested with pf. The problem with pf is that pf compiles >> all >> the rules at the time, so exact tags representation can change each time >> (for this reason ipfw tags were made incompatible with pf), and you must >> that values to supply them to . However, if you find a method how to >> obtain tag values info from in-kernel pf structures, you'll be able >> to use >> it with pf. It doesn't support well integration with netgraph, though. >> >> Another option is to use ipfw - it supports pf's altq(4) shaping, if >> that >> is all you need. >> >> > I'm particularly interested in this for doing packed shaping, >> especially >> > on P2P. >> >> Yes, I'm also looking for possibility of shaping, but I can't test (no >> resources) it currently. Also, as it seems non-trivial on current ipfw >> dynamic rules implementation, I don't know if shaping will work at all. > > > I'm not a ipfw user, but if this were to be possible it would be very > nice :-) >