ipfw kernel module not being built

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ipfw kernel module not being built

Bob Willcox
When I rebuild my kernel on Jun 13th none of the previous ipfw kernel modules were built:

ipfw.ko
ipfw_nat.ko
ipfw_nat64.ko
ipfw_nptv6.ko
ng_ipfw.ko

and only this ipfw module was built:

ng_ipfw.ko

However, the verson of /etc/rc.d/ipfw that I'm running (from the
freebsd-base-graphics branch) is failing to load ipfw so my firewall isn't
starting.

So, what am I missing? Is it possible that the freebsd-base-graphics branch
that I'm running has an old or improper version of /etc/rc.d/ipfw?

--
Bob Willcox    | Lawsuit, n.: A machine which you go into as a pig and
[hidden email] |    come out as a sausage.
Austin, TX     |    -- Ambrose Bierce
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ipfw kernel module not being built

Ngie Cooper (yaneurabeya)

> On Aug 11, 2017, at 10:36, Bob Willcox <[hidden email]> wrote:
>
> When I rebuild my kernel on Jun 13th none of the previous ipfw kernel modules were built:
>
> ipfw.ko
> ipfw_nat.ko
> ipfw_nat64.ko
> ipfw_nptv6.ko
> ng_ipfw.ko
>
> and only this ipfw module was built:
>
> ng_ipfw.ko
>
> However, the verson of /etc/rc.d/ipfw that I'm running (from the
> freebsd-base-graphics branch) is failing to load ipfw so my firewall isn't
> starting.
>
> So, what am I missing? Is it possible that the freebsd-base-graphics branch
> that I'm running has an old or improper version of /etc/rc.d/ipfw?

Hi Bob,
    Can you please provide your make.conf, src.conf, and KERNCONF?
Thank you!
-Ngie
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ipfw kernel module not being built

Bob Willcox
On Fri, Aug 11, 2017 at 12:55:14PM -0600, Ngie Cooper wrote:

>
> > On Aug 11, 2017, at 10:36, Bob Willcox <[hidden email]> wrote:
> >
> > When I rebuild my kernel on Jun 13th none of the previous ipfw kernel modules were built:
> >
> > ipfw.ko
> > ipfw_nat.ko
> > ipfw_nat64.ko
> > ipfw_nptv6.ko
> > ng_ipfw.ko
> >
> > and only this ipfw module was built:
> >
> > ng_ipfw.ko
> >
> > However, the verson of /etc/rc.d/ipfw that I'm running (from the
> > freebsd-base-graphics branch) is failing to load ipfw so my firewall isn't
> > starting.
> >
> > So, what am I missing? Is it possible that the freebsd-base-graphics branch
> > that I'm running has an old or improper version of /etc/rc.d/ipfw?
>
> Hi Bob,
>     Can you please provide your make.conf, src.conf, and KERNCONF?
> Thank you!
> -Ngie

Sure. BTW, I cd'd into /usr/freebsd-base-graphics/sys/modules (my drm-next src
is in /usr/freebsd-base-graphics), ran make, then copied the ipfw/ipfw.ko file
to /boot/kernel and was able to start ipfw after that.

***** make.conf *****
KERNCONF=       TAVION

ALWAYS_CHECK_MAKE= yes
BATCH=          yes

DEFAULT_VERSIONS+=      linux=c6
DEFAULT_VERSIONS+=      ssl=openssl

COMPAT4X=       yes
COMPAT5X=       yes
COMPAT6X=       yes
COMPAT7X=       yes
COMPAT8X=       yes
COMPAT9X=       yes

***** src.conf ***** -- doesn't exit

***** KERNCONF *****
#
# GENERIC -- Generic kernel configuration file for FreeBSD/amd64
#
# For more information on this file, please read the config(5) manual page,
# and/or the handbook section on Kernel Configuration Files:
#
#    http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ../../conf/NOTES and NOTES files.
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
# $FreeBSD$

include GENERIC_DRM

ident   TAVION_DRM

nooptions       INVARIANTS
nooptions       INVARIANT_SUPPORT
nooptions       DEBUG_MEMGUARD
nooptions       DEBUG_REDZONE
nooptions       WITNESS
nooptions       WITNESS_ALL
nooptions       WITNESS_SKIPSPIN

options         TMPFS


--
Bob Willcox    | Lawsuit, n.: A machine which you go into as a pig and
[hidden email] |    come out as a sausage.
Austin, TX     |    -- Ambrose Bierce
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ipfw kernel module not being built

Mark Johnston-2
On Fri, Aug 11, 2017 at 02:06:02PM -0500, Bob Willcox wrote:

> > > On Aug 11, 2017, at 10:36, Bob Willcox <[hidden email]> wrote:
> > >
> > > When I rebuild my kernel on Jun 13th none of the previous ipfw kernel modules were built:
> > >
> > > ipfw.ko
> > > ipfw_nat.ko
> > > ipfw_nat64.ko
> > > ipfw_nptv6.ko
> > > ng_ipfw.ko
> > >
> > > and only this ipfw module was built:
> > >
> > > ng_ipfw.ko
> > >
> > > However, the verson of /etc/rc.d/ipfw that I'm running (from the
> > > freebsd-base-graphics branch) is failing to load ipfw so my firewall isn't
> > > starting.
> > >
> > > So, what am I missing? Is it possible that the freebsd-base-graphics branch
> > > that I'm running has an old or improper version of /etc/rc.d/ipfw?

[...]

> include GENERIC_DRM

GENERIC_DRM sets MODULES_OVERRIDE, so only the specified modules are
built. In particular, ipfw*.ko does not get built. You'll need to either
remove the MODULES_OVERRIDE setting in GENERIC_DRM (which will make
kernel builds somewhat slower), or add

makeoptions MODULES_OVERRIDE+= ipfw ...

to your custom config.

>
> ident   TAVION_DRM
>
> nooptions       INVARIANTS
> nooptions       INVARIANT_SUPPORT
> nooptions       DEBUG_MEMGUARD
> nooptions       DEBUG_REDZONE
> nooptions       WITNESS
> nooptions       WITNESS_ALL
> nooptions       WITNESS_SKIPSPIN
>
> options         TMPFS
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ipfw kernel module not being built

Bob Willcox
On Fri, Aug 11, 2017 at 12:21:49PM -0700, Mark Johnston wrote:

> On Fri, Aug 11, 2017 at 02:06:02PM -0500, Bob Willcox wrote:
> > > > On Aug 11, 2017, at 10:36, Bob Willcox <[hidden email]> wrote:
> > > >
> > > > When I rebuild my kernel on Jun 13th none of the previous ipfw kernel modules were built:
> > > >
> > > > ipfw.ko
> > > > ipfw_nat.ko
> > > > ipfw_nat64.ko
> > > > ipfw_nptv6.ko
> > > > ng_ipfw.ko
> > > >
> > > > and only this ipfw module was built:
> > > >
> > > > ng_ipfw.ko
> > > >
> > > > However, the verson of /etc/rc.d/ipfw that I'm running (from the
> > > > freebsd-base-graphics branch) is failing to load ipfw so my firewall isn't
> > > > starting.
> > > >
> > > > So, what am I missing? Is it possible that the freebsd-base-graphics branch
> > > > that I'm running has an old or improper version of /etc/rc.d/ipfw?
>
> [...]
>
> > include GENERIC_DRM
>
> GENERIC_DRM sets MODULES_OVERRIDE, so only the specified modules are
> built. In particular, ipfw*.ko does not get built. You'll need to either
> remove the MODULES_OVERRIDE setting in GENERIC_DRM (which will make
> kernel builds somewhat slower), or add
>
> makeoptions MODULES_OVERRIDE+= ipfw ...
>
> to your custom config.
>
> >
> > ident   TAVION_DRM
> >
> > nooptions       INVARIANTS
> > nooptions       INVARIANT_SUPPORT
> > nooptions       DEBUG_MEMGUARD
> > nooptions       DEBUG_REDZONE
> > nooptions       WITNESS
> > nooptions       WITNESS_ALL
> > nooptions       WITNESS_SKIPSPIN
> >
> > options         TMPFS

Ok, thanks for that. I'll give that a try, but probably not till next time I
am ready to update this system (I use it for my day job and updating it is a
pain since I need to run the drm-next mods/branch).

--
Bob Willcox    | Lawsuit, n.: A machine which you go into as a pig and
[hidden email] |    come out as a sausage.
Austin, TX     |    -- Ambrose Bierce
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ipfw kernel module not being built

Ngie Cooper (yaneurabeya)

> On Aug 11, 2017, at 12:34, Bob Willcox <[hidden email]> wrote:
>
>> On Fri, Aug 11, 2017 at 12:21:49PM -0700, Mark Johnston wrote:
>> On Fri, Aug 11, 2017 at 02:06:02PM -0500, Bob Willcox wrote:
>>>>> On Aug 11, 2017, at 10:36, Bob Willcox <[hidden email]> wrote:
>>>>>
>>>>> When I rebuild my kernel on Jun 13th none of the previous ipfw kernel modules were built:
>>>>>
>>>>> ipfw.ko
>>>>> ipfw_nat.ko
>>>>> ipfw_nat64.ko
>>>>> ipfw_nptv6.ko
>>>>> ng_ipfw.ko
>>>>>
>>>>> and only this ipfw module was built:
>>>>>
>>>>> ng_ipfw.ko
>>>>>
>>>>> However, the verson of /etc/rc.d/ipfw that I'm running (from the
>>>>> freebsd-base-graphics branch) is failing to load ipfw so my firewall isn't
>>>>> starting.
>>>>>
>>>>> So, what am I missing? Is it possible that the freebsd-base-graphics branch
>>>>> that I'm running has an old or improper version of /etc/rc.d/ipfw?
>>
>> [...]
>>
>>> include GENERIC_DRM
>>
>> GENERIC_DRM sets MODULES_OVERRIDE, so only the specified modules are
>> built. In particular, ipfw*.ko does not get built. You'll need to either
>> remove the MODULES_OVERRIDE setting in GENERIC_DRM (which will make
>> kernel builds somewhat slower), or add
>>
>> makeoptions    MODULES_OVERRIDE+= ipfw ...
>>
>> to your custom config.

Or add "MODULES_OVERRIDE+= ipfw..." to your src.conf.
Cheers,
-Ngie
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: ipfw kernel module not being built

Bob Willcox
On Fri, Aug 11, 2017 at 03:14:39PM -0700, Ngie Cooper wrote:

>
> > On Aug 11, 2017, at 12:34, Bob Willcox <[hidden email]> wrote:
> >
> >> On Fri, Aug 11, 2017 at 12:21:49PM -0700, Mark Johnston wrote:
> >> On Fri, Aug 11, 2017 at 02:06:02PM -0500, Bob Willcox wrote:
> >>>>> On Aug 11, 2017, at 10:36, Bob Willcox <[hidden email]> wrote:
> >>>>>
> >>>>> When I rebuild my kernel on Jun 13th none of the previous ipfw kernel modules were built:
> >>>>>
> >>>>> ipfw.ko
> >>>>> ipfw_nat.ko
> >>>>> ipfw_nat64.ko
> >>>>> ipfw_nptv6.ko
> >>>>> ng_ipfw.ko
> >>>>>
> >>>>> and only this ipfw module was built:
> >>>>>
> >>>>> ng_ipfw.ko
> >>>>>
> >>>>> However, the verson of /etc/rc.d/ipfw that I'm running (from the
> >>>>> freebsd-base-graphics branch) is failing to load ipfw so my firewall isn't
> >>>>> starting.
> >>>>>
> >>>>> So, what am I missing? Is it possible that the freebsd-base-graphics branch
> >>>>> that I'm running has an old or improper version of /etc/rc.d/ipfw?
> >>
> >> [...]
> >>
> >>> include GENERIC_DRM
> >>
> >> GENERIC_DRM sets MODULES_OVERRIDE, so only the specified modules are
> >> built. In particular, ipfw*.ko does not get built. You'll need to either
> >> remove the MODULES_OVERRIDE setting in GENERIC_DRM (which will make
> >> kernel builds somewhat slower), or add
> >>
> >> makeoptions    MODULES_OVERRIDE+= ipfw ...
> >>
> >> to your custom config.
>
> Or add "MODULES_OVERRIDE+= ipfw..." to your src.conf.
> Cheers,
> -Ngie

Well, I added the 'makeoptions MODULES_OVERRIDE+= ipfw' to my kernel config
and rebuilt my kernel and it did build ipfw.ko as expected. I haven't
installed this new kernel yet since I am not at a good point here at work to
do that right now...but will when I get a chance.

Thanks all for the help.

--
Bob Willcox    | Lawsuit, n.: A machine which you go into as a pig and
[hidden email] |    come out as a sausage.
Austin, TX     |    -- Ambrose Bierce
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Loading...