From: Mike Box (mbox-l@vt.edu)
Date: Fri Jul 15 2005 - 15:22:01 EDT
Trying to implement the latest version of IP Filter results in the following
situation. (FWIW, I hope that someone can help. I've been waiting for two
days for subscribe confirmation from the "IP Filter listserv".)
Symptoms:
1) "... krtld: [ID ... kern.notice] miocpullup multiply defined" received
during system startup.
2) IP Filter rules work without "block in log all keep state" - meaning that,
using ipmon, I see traffic (in and out) being passed and logged as
expected. As a diagnostic effort, I've even used a rules file to log all
traffic:
pass in log all
pass out log all
However, when "block in log all keep state" is introduced, the
system hangs - no further input from console; no log produced; powering
the computer off is the only way to interrupt it. (Stop-a is disabled.)
Thinking that the symptoms may be related, I corrected No. 1 by changing
pfildrv.c to NOP the miocpullup function as shown and reinstalling pfil.
--> #if 0
#if SOLARIS2 == 8
int miocpullup(mblk_t *m, size_t len)
{
if (m->b_cont == NULL)
return 0;
return pullupmsg(m->b_cont, len);
}
#endif
--> #endif
Now I don't get the message denoting conflict during startup, but the system
still hangs as described in No. 2.
I load the rules by "ipf -FaS -f rules.file"
Thanks, in advance, for any help that you can offer.
Mike
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:08 EDT