From jeff.stelzner@esca.com  Thu Dec 12 17:59:11 2002
Return-Path: <jeff.stelzner@esca.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6525A37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 12 Dec 2002 17:59:11 -0800 (PST)
Received: from nimbus.esca.com (nimbus-2.esca.com [207.175.186.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EA52A43ED4
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 12 Dec 2002 17:59:10 -0800 (PST)
	(envelope-from jeff.stelzner@esca.com)
Received: from drizzle.esca.com (drizzle.esca.com [199.245.134.254])
	by nimbus.esca.com (8.12.5/8.12.5) with ESMTP id gBD1x0D2026327;
	Thu, 12 Dec 2002 17:59:00 -0800 (PST)
Received: from pc1070 by drizzle.esca.com (8.8.8/1.1.10.5/25Jan98-0347PM)
	id RAA0000025645; Thu, 12 Dec 2002 17:59:09 -0800 (PST)
Message-Id: <NOEDJPGGKLOKMMOCJBHOOENODEAA.jeff.stelzner@esca.com>
Date: Thu, 12 Dec 2002 17:59:09 -0800
From: "Jeff Stelzner" <jeff.stelzner@esca.com>
To: <FreeBSD-gnats-submit@freebsd.org>
Subject: 5.0-RC1 ipfilter module [ipl.ko] fails to load

>Number:         46226
>Category:       kern
>Synopsis:       5.0-RC1 ipfilter module [ipl.ko] fails to load
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    darrenr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 12 18:00:08 PST 2002
>Closed-Date:    Sat Jan 24 07:34:08 PST 2004
>Last-Modified:  Sat Jan 24 07:34:08 PST 2004
>Originator:     Jeff Stelzner <jeff.stelzner@esca.com>
>Release:        FreeBSD 5.0-RC1 i386
>Organization:
ALSTOM
>Environment:
System: FreeBSD lihue.esca.com 5.0-RC1 FreeBSD 5.0-RC1 #0

Digital Personal Workstation 200i - Pentium Pro 200

>Description:

--In console boot messages I see [link_elf message repeats]:
Dec 10 16:14:03 lihue kernel: link_elf: symbol pfil_add_hook undefined
kldload: can't load ipl: No such file or directory
Dec 10 16:35:10 lihue xxx: ./ipfilter: WARNING: IP-filter module failed to
load.

--When I try to load the ipfilter module manually I get:
lihue# ls -l /boot/kernel/ipl.ko
-r-xr-xr-x  1 root  wheel  92992 Dec  7 14:27 /boot/kernel/ipl.ko
lihue# kldload ipl
kldload: can't load ipl: No such file or directory
lihue# kldload ipl.ko
kldload: can't load ipl.ko: No such file or directory

>How-To-Repeat:

cat >> /etc/rc.conf
ipfilter_enable = "YES"
^D

touch /etc/ipf.rules

>Fix:

>Release-Note:
>Audit-Trail:

From: Hiten Pandya <hiten@angelica.unixdaemons.com>
To: bug-followup@FreeBSD.org
Cc: jeff.stelzner@esca.com
Subject: Re: kern/46226: 5.0-RC1 ipfilter module [ipl.ko] fails to load
Date: Fri, 13 Dec 2002 10:39:47 -0500

 > --In console boot messages I see [link_elf message repeats]:
 > Dec 10 16:14:03 lihue kernel: link_elf: symbol pfil_add_hook undefined
 > kldload: can't load ipl: No such file or directory
 
 OK.  I tested this on my 28th Nov. CURRENT-JPSNAP, and the issue still
 persists.  The reason you are getting that message, is because,
 apparently, ipfilter is dependant on the PFIL_HOOKS kernel option, and
 it cannot be loaded without it (I tried). 
 
 So, either that you add the option to the kernel config file, and the
 problem will kinda go away.  I do not think the former is an interesting
 thing to do, because ipfilter is a loadable module, then it makes less
 sense to recompile a kernel to satisfy a dependency.
 
 I have made some patches, which will make the PFIL_HOOKS into a loadable
 module, so you can avoid the trouble of recompiling your kernel.  The
 patches are tested by me, but I would like to have your comments, i.e.
 if they work for you or not.
 
 To use the module option, you will need to make a "pfil" dir in
 sys/modules, and then apply the following patches (also available from:
 http://www.unixdaemons.com/~hiten/work/diffs/pfil_ipfilter_dep.patch)
 
 %%%
 Index: contrib/ipfilter/netinet/mlfk_ipl.c
 ===================================================================
 RCS file: /home/hiten/ncvs/src/sys/contrib/ipfilter/netinet/mlfk_ipl.c,v
 retrieving revision 1.10
 diff -u -r1.10 mlfk_ipl.c
 --- contrib/ipfilter/netinet/mlfk_ipl.c	19 Mar 2002 11:44:16 -0000	1.10
 +++ contrib/ipfilter/netinet/mlfk_ipl.c	13 Dec 2002 07:32:01 -0000
 @@ -198,3 +198,4 @@
          0
  };
  DECLARE_MODULE(ipfilter, ipfiltermod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
 +MODULE_DEPEND(ipfilter, pfil, 1, 1, 1);
 
 Index: net/pfil.c
 ===================================================================
 RCS file: /home/hiten/ncvs/src/sys/net/pfil.c,v
 retrieving revision 1.5
 diff -u -r1.5 pfil.c
 --- net/pfil.c	19 Mar 2002 21:54:18 -0000	1.5
 +++ net/pfil.c	13 Dec 2002 07:32:33 -0000
 @@ -35,6 +35,8 @@
  #include <sys/socketvar.h>
  #include <sys/systm.h>
  #include <sys/queue.h>
 +#include <sys/kernel.h>
 +#include <sys/module.h>
  
  #include <net/if.h>
  #include <net/pfil.h>
 @@ -45,6 +47,14 @@
  static int pfil_list_remove(pfil_list_t *,
      int (*)(void *, int, struct ifnet *, int, struct mbuf **));
  
 +static int pfil_mod_handler(module_t mod, int cmd, void *data);
 +
 +static moduledata_t pfil_mod = {
 +	"pfil",
 +	pfil_mod_handler,
 +	0
 +};
 +
  static void
  pfil_init(ph)
  	 struct pfil_head *ph;
 @@ -169,3 +179,31 @@
  		}
  	return NULL;
  }
 +
 +static int
 +pfil_mod_handler(module_t mod, int cmd, void *data)
 +{
 +	int error = 0;
 +
 +	switch (cmd) {
 +	case MOD_LOAD:
 +		printf("Loaded PFIL_HOOKS\n");
 +		break;
 +
 +	case MOD_UNLOAD:
 +		break;
 +
 +	case MOD_SHUTDOWN:
 +		error = 0;
 +		break;
 +
 +	default:
 +		error = EOPNOTSUPP;
 +		break;
 +	}
 +
 +	return (error);
 +}
 +
 +MODULE_VERSION(pfil, 1);
 +DECLARE_MODULE(pfil, pfil_mod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
 
 --- /dev/null	Fri Dec 13 07:33:00 2002
 +++ modules/pfil/Makefile	Fri Dec 13 07:32:45 2002
 @@ -0,0 +1,8 @@
 +# $FreeBSD$
 +
 +.PATH: ${.CURDIR}/../../net
 +
 +KMOD=	pfil
 +SRCS=	pfil.c
 +
 +.include <bsd.kmod.mk>
 %%%
 
 Apply the patches in /usr/src/sys.
 Comments and suggestions welcome.
 
 -- 
 Hiten Pandya (hiten@unixdaemons.com, hiten@uk.FreeBSD.org)
 http://www.unixdaemons.com/~hiten/

From: "Jeff Stelzner" <jeff.stelzner@esca.com>
To: <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: kern/46226: 5.0-RC1 ipfilter module [ipl.ko] fails to load
Date: Sun, 15 Dec 2002 16:22:54 -0800

 I applied the patches to a virgin 5.0-RC1 source tree, then did a 'make
 buildkernel installkernel' and got a new GENERIC kernel.
 Rebooted, and no longer see the link_elf: and kldload: errors but instead
 now see:
 
 Dec 13 16:48:21 lihue kernel: KLD ipl.ko: depends on pfil - not available
 
 To confirm that ipl.ko was rebuilt along with the rest:
 
 -r-xr-xr-x  1 root  wheel  5174977 Dec 13 16:31 /boot/kernel/kernel
 -r-xr-xr-x  1 root  wheel  93287 Dec 13 16:31 /boot/kernel/ipl.ko
 

From: "Jeff Stelzner" <jeff.stelzner@esca.com>
To: <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: kern/46226: 5.0-RC1 ipfilter module [ipl.ko] fails to load
Date: Mon, 16 Dec 2002 09:36:34 -0800

 > Can you please just add PFIL_HOOKS into the kernel, because the issue is
 > bigger than just making pfil hooks into a kernel module.  This is because
 > it is deep in the networking stack of FreeBSD.
 
 > A more practical fix will be up later on, but for now please use this
 > option, and request someone to close the PR, or put it in suspended
 > mode.
 
 I did that and ipfilter seems to activate fine from /etc/rc.conf.
 
 Thanks for taking a shot at it. I would assume that for 5.0-RELEASE the
 release team would want to ensure that PFIL_HOOKS was in the GENERIC
 configuration and commented to the effect that is mandatory for ipfilter to
 work by default
 as in 4.x.
 
 FreeBSD release team - Please incorporate the PFIL_HOOKS entry into GENERIC
 as listed above and suspend this PR for now. Thanks.
 
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: kris 
Responsible-Changed-When: Mon Jul 14 04:42:40 PDT 2003 
Responsible-Changed-Why:  
Assign to ipfilter author 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46226 
State-Changed-From-To: open->closed 
State-Changed-By: nectar 
State-Changed-When: Sat Jan 24 07:32:57 PST 2004 
State-Changed-Why:  
PFIL_HOOKS is now in the GENERIC kernel configuration. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46226 
>Unformatted:
 To: FreeBSD-gnats-submit@freebsd.org
 From: Jeff Stelzner <jeff.stelzner@esca.com>
 Reply-To: Jeff Stelzner <jeff.stelzner@esca.com>
 Cc:
 X-send-pr-version: 3.113
 X-GNATS-Notify:
 
