Logan O'Sullivan Bruns
2012-03-06 19:44:45 UTC
Hi Darren,
If it is helpful here are a few very minor changes I made to get ipf
5.1.1 working on my openindiana configuration.
For the 64 bit kernel build on intel it seems to need -xmodel=kernel
(using solarisstudio 12.3):
--- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800
+++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800
@@ -98,7 +98,7 @@
XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s"
if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then
XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s"
- XARCH64_i386="$XARCH32 -m64"
+ XARCH64_i386="$XARCH32 -m64 -xmodel=kernel"
else
XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32"
XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
To work around a missing header error:
--- ip_fil5.1.1/ipsend/ipsend.h 2006-06-15 09:31:45.000000000 -0700
+++ ip_fil5.1.1-patched/ipsend/ipsend.h 2012-02-27 21:40:25.165142645 -0800
@@ -26,8 +26,11 @@
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
-#endif
+#elif defined(SOLARIS2)
+#include <netinet/tcpip.h>
+#else
#include "tcpip.h"
+#endif
#include "ipt.h"
extern int resolve __P((char *, char *));
To correctly select neti instead of pfil when building a zone and neti
can't be directly checked:
--- ip_fil5.1.1/SunOS5/Makefile 2012-01-27 05:44:14.000000000 -0800
+++ ip_fil5.1.1-patched/SunOS5/Makefile 2012-02-28 01:29:27.660369539 -0800
@@ -235,13 +235,13 @@
$(CC) -I$(TOP) -DIPFILTER_COMPILED $(DFLAGS) -c $(OBJ)/ip_rules.c -o $@
$(OBJ)/ipfrule: $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o
- ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
+ /usr/ccs/bin/ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
$(OBJ)/ipf: $(MODOBJS)
- if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti ] ; then \
- ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
+ if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti -o `uname -r | cut -d. -f2` -ge 11 ] ; then \
+ /usr/ccs/bin/ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
else \
- ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
+ /usr/ccs/bin/ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
fi
$(CTFMERGE) $@ $(MODOBJS)
And perhaps not the best complete fix since it still harmless tries
modload but a change to make ipfboot work in a zone:
--- ip_fil5.1.1/SunOS5/ipfboot 2009-05-01 10:52:04.000000000 -0700
+++ ip_fil5.1.1-patched/SunOS5/ipfboot 2012-03-06 08:46:02.034381607 -0800
@@ -7,7 +7,7 @@
IP6FILCONF=${IPFBASE}/ipf6.conf
IPNATCONF=${IPFBASE}/ipnat.conf
IPPOOLCONF=${IPFBASE}/ippool.conf
-if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti ] ; then
+if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti -o x`zonename` != xglobal ] ; then
PFILCHECKED=yes
else
PFILCHECKED=no
Thanks,
logan
If it is helpful here are a few very minor changes I made to get ipf
5.1.1 working on my openindiana configuration.
For the 64 bit kernel build on intel it seems to need -xmodel=kernel
(using solarisstudio 12.3):
--- ip_fil5.1.1/buildsunos 2011-11-15 04:39:16.000000000 -0800
+++ ip_fil5.1.1-patched/buildsunos 2012-02-28 01:11:42.455690979 -0800
@@ -98,7 +98,7 @@
XARCH32_sparc="-Xa -xildoff -xarch=v8 -xmemalign=8s"
if [ `cc -xarch=amd64 -xarch=v9 2>&1 | grep -c deprec` -eq 1 ] ; then
XARCH64_sparc="-Xa -xildoff -m64 -xmemalign=8s"
- XARCH64_i386="$XARCH32 -m64"
+ XARCH64_i386="$XARCH32 -m64 -xmodel=kernel"
else
XARCH64_sparc="-Xa -xildoff -xarch=v9 -xchip=ultra -xmemalign=8s -xcode=abs32"
XARCH64_i386="$XARCH32 -xarch=amd64 -xcode=abs32"
To work around a missing header error:
--- ip_fil5.1.1/ipsend/ipsend.h 2006-06-15 09:31:45.000000000 -0700
+++ ip_fil5.1.1-patched/ipsend/ipsend.h 2012-02-27 21:40:25.165142645 -0800
@@ -26,8 +26,11 @@
#include "ipf.h"
#ifdef linux
#include <linux/sockios.h>
-#endif
+#elif defined(SOLARIS2)
+#include <netinet/tcpip.h>
+#else
#include "tcpip.h"
+#endif
#include "ipt.h"
extern int resolve __P((char *, char *));
To correctly select neti instead of pfil when building a zone and neti
can't be directly checked:
--- ip_fil5.1.1/SunOS5/Makefile 2012-01-27 05:44:14.000000000 -0800
+++ ip_fil5.1.1-patched/SunOS5/Makefile 2012-02-28 01:29:27.660369539 -0800
@@ -235,13 +235,13 @@
$(CC) -I$(TOP) -DIPFILTER_COMPILED $(DFLAGS) -c $(OBJ)/ip_rules.c -o $@
$(OBJ)/ipfrule: $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o
- ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
+ /usr/ccs/bin/ld -r $(OBJ)/ip_rulesx.o $(OBJ)/mlso_rule.o -o $@
$(OBJ)/ipf: $(MODOBJS)
- if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti ] ; then \
- ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
+ if [ -f /kernel/misc/sparcv9/neti -o -f /kernel/misc/neti -o `uname -r | cut -d. -f2` -ge 11 ] ; then \
+ /usr/ccs/bin/ld -dy -Nmisc/hook -Nmisc/neti -Nmisc/md5 -Ndrv/ip -r $(MODOBJS) -o $@; \
else \
- ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
+ /usr/ccs/bin/ld -dy -Ndrv/ip -Ndrv/pfil -Nmisc/md5 -r $(MODOBJS) -o $@; \
fi
$(CTFMERGE) $@ $(MODOBJS)
And perhaps not the best complete fix since it still harmless tries
modload but a change to make ipfboot work in a zone:
--- ip_fil5.1.1/SunOS5/ipfboot 2009-05-01 10:52:04.000000000 -0700
+++ ip_fil5.1.1-patched/SunOS5/ipfboot 2012-03-06 08:46:02.034381607 -0800
@@ -7,7 +7,7 @@
IP6FILCONF=${IPFBASE}/ipf6.conf
IPNATCONF=${IPFBASE}/ipnat.conf
IPPOOLCONF=${IPFBASE}/ippool.conf
-if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti ] ; then
+if [ -f /kernel/misc/neti -o -f /kernel/misc/sparcv9/neti -o x`zonename` != xglobal ] ; then
PFILCHECKED=yes
else
PFILCHECKED=no
Thanks,
logan