ipfilter 4.1.6 won't build on FreeBSD5.3 amd64 (fwd)

Goran Gajic ggajic at mail.sbb.co.yu
Mon Mar 7 22:42:24 GMT 2005 


Hi,

I have tried to build ipfilter 4.1.6 as module and as part of kernel on FreeBSD 
5.3 on amd64 but in both cases I have failed. When I use
option IPFILTER in kernel config this is what I get:

cc -c -O2 -frename-registers -pipe -fno-strict-aliasing  -Wall 
-Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes 
-Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99  -nostdinc 
-I-  -I. -I../../.. -I../../../contrib/dev/acpica -I../../../contrib/altq 
-I../../../contrib/ipfilter
-I../../../contrib/pf -I../../../contrib/dev/ath 
-I../../../contrib/dev/ath/freebsd -I../../../contrib/ngatm -D_KERNEL -include 
opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 
--param large-function-growth=1000  -mcmodel=kernel -mno-red-zone  -mfpmath=387 
-mno-sse -mno-sse2 -mno-mmx -mno-3dnow -msoft-float 
-fno-asynchronous-unwind-tables -ffreestanding -Werror 
../../../contrib/ipfilter/netinet/ip_frag.c
../../../contrib/ipfilter/netinet/ip_frag.c: In function `fr_ipid_newfrag':
../../../contrib/ipfilter/netinet/ip_frag.c:394: warning: cast to pointer from 
integer of different size
../../../contrib/ipfilter/netinet/ip_frag.c: In function `fr_ipid_knownfrag':
../../../contrib/ipfilter/netinet/ip_frag.c:579: warning: cast from pointer to 
integer of different size
*** Error code 1

Stop in /usr/src/sys/amd64/compile/SENT.


When I have tried to build ipf.ko this is what I get:
ld -warn-common -r -d -o ipf.kld.5 ip_fil.o fil.o ml_ipl.o ip_nat.o ip_frag.o 
ip_state.o ip_proxy.o  ip_auth.o ip_log.o ip_pool.o ip_htable.o ip_lookup.o 
ip_rules.o  ip_scan.o ip_sync.o
ld -Bshareable -d -warn-common -o ipf.ko ipf.kld.5
ld: ipf.kld.5: relocation R_X86_64_32 can not be used when making a shared 
object; recompile with -fPIC
ipf.kld.5: could not read symbols: Bad value
*** Error code 1

Stop in /root/ip_fil4.1.6/BSD/FreeBSD-5.3-RELEASE-amd64.
*** Error code 1

Stop in /root/ip_fil4.1.6.

I have tried recompling with -fPIC but when I do kld_load ipf.ko this is what I 
get:
sen# kldload /boot/kernel/ipf.ko
dmesg output:
kldload: can't load /boot/kernel/ipf.ko: Exec format error
kldload: Unsupported file type
kldload: unexpected relocation type 7
link_elf: symbol appr_check undefined


So, my question is: can ipfilter be used to NAT something like 7000 hosts on 
FreeBSD? Currently I have cisco 7206 that is running IOS 12.3(4r)T1 only IOS 
that  has NAT inside CEF (otherwise CPU load is something like 80% with this 
IOS it is something like 20% for 7000 hosts). I want my amd64 only to NAT 
inside network (10.1.0.0/16) but when I have tried ipfilter
v3.4.35 that comes with freebsd5.3 (compiled with LARGE_NAT) it had poor
performance. (it could handle something like 120000 connections although vaules 
in ip_nat.h were much greater, maybe I have missed some other parameters?). 
Machine has two broadcom NICs so I  don't think that is problem, can someone 
advise what to do to?

Regards,
Goran Gajic

More information about the freebsd-amd64 mailing list