'Re: Solaris IPFilter binaries'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Solaris IPFilter binaries
From:       Jim Sandoz <sandoz () lucent ! com>
Date:       2001-04-28 20:00:40
[Download RAW message or body]


dave,
1)
some info on the solaris.c issue.  looking back it appears
that this issue affects solaris on new sun "blades" and x86,
while there appears to be no problem with the sun4u (e.g.
ultra1/2/5/10/30/60) or sun4m (sparc5/10/20) platforms...
http://false.net/ipfilter/2001_04/0318.html
http://false.net/ipfilter/2001_04/0110.html
http://false.net/ipfilter/2001_04/0159.html
http://false.net/ipfilter/2001_04/0168.html
http://false.net/ipfilter/2001_04/0331.html
i'm not sure whether darren has mucked with the current
3.4.17 tarball on the ftp site to change out solaris.c. but
i doubt it.  so you may just want to note on your binaries
page that those files are *not* for use on new sun blades.

2)
statetop is such a useful feature-- once you see it in action
you will wonder how you got along without it. you can use
"patch" along with the info below to automake the changes.
yes, that link contains everything you need in one place. i'll
send you the patched files (fils.c and Makefile) in another
email. you can test the result by pkgadd'ing the new ipf and
then "ipfstat -t" should show you the current state table a la
unix's "top" command.  man ipfstat for some display options.

jim


"David F. Newman" wrote:

> What are the issues regarding the solaris.c file?  I've been using
> these packages on my own systems and I haven't found a problem, of
> course I'm not doing NAT at the moment, only filtering.
>
> As far as this statetop thing is concerned, do I just make the
> changes listed in the web page below?
>
> -Dave
>
> On Sat, 28 Apr 2001, Jim Sandoz wrote:
>
> >
> > dave,
> >
> > this is a great idea.  i have two questions, however...
> >
> > 1st, in reference to the current version 3.4.17 -- as you know there
> > is a problem with solaris.c in 3.4.17, necessitating the substitution of
> > solaris.c from 3.4.16. was this done for these 3.4.17 binaries?
> >
> > 2nd, it would be nice if you could enable the statetop feature when
> > you compile.  if you need instructions on doing so, let me know--
> > solaris needs a couple of Makefile and source tweaks to get the right
> > curses libs. see http://www.false.net/ipfilter/2001_04/0487.html
> > for the details.  thanks for the diff hans.
> >
> > n.b.
> > as for those of us using your solaris binaries, resizing the NAT and
> > state tables can be done in situ-- a while ago darren posted details
> > for doing so at boot time via your /etc/system , see
> > http://false.net/ipfilter/2000_05/0100.html
> > http://false.net/ipfilter/2000_07/0082.html
> > and
> > http://www.utm.edu/research/primes/lists/small/10000.txt
> > http://www.false.net/ipfilter/2001_03/0012.html
> >
> > jim
> >
> >
> > "David F. Newman" wrote:
> >
> > > When I was looking for 64-bit binaries of IPFilter I couldn't find them,
> > > which made using IPFilter a real pain.  So now that I have permanent
> > > licenses for Sun Workshop I will be making binaries avaiable, at least
> > > until gcc is capable of producing 64-bit code.
> > >
> > > Download Solaris binaries here: http://www.maraudingpirates.org/ipfilter.
> > >
> > > -Dave
> >
> >

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic