Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility)

12.06.06 @ 05:30 Joao Barros wrote:

ld  -d -warn-common -r -d -o ng_tag.kld ng_tag.o
touch export_syms
awk -f /sys/conf/kmod_syms.awk ng_tag.kld  export_syms | xargs -J%
objcopy % ng_tag.kld
ld -Bshareable  -d -warn-common -o ng_tag.ko ng_tag.kld
objcopy --strip-debug ng_tag.ko
ultra5# kldload ./ng_tag.kld
kldload: can't load ./ng_tag.kld: Exec format error
ultra5# file ng_tag.kld
ng_tag.kld: ELF 64-bit MSB relocatable, SPARC V9, version 1 (FreeBSD),
not stripped

Huh, you should load ng_tag.ko, not ng_tag.kld - as you can see ng_tag.ko (final version) is produced from ng_tag.kld (immediate file).

Another possibility you should mention is using both firewalls at the same time, ipfw and pf. The rule order traversal, AFAIK, depends on order of module loading, so you should experiment a little with it.

WBR, Vadim Goncharov
