How to install ipf filter (IP Filter) on Solaris 9 x86
By dmytro - Posted on March 31st, 2009
There was a request for me to install ipf filter package on one Solaris 9 x86 box. Unfortunately there is no precompiled package on http://www.sunfreeware.com/. http://coombs.anu.edu.au/~avalon/ipf-mentat.html says - Install pfil and then to just "make Solaris" in the ipf directory, followed by a "cd SunOS5; make install". But it would be too easy.
So before making the ipf, I downloaded pfil.
bash# wget http://coombs.anu.edu.au/~avalon/pfil-2.1.13.tar.gz
bash# tar -zxvf pfil-2.1.13.tar.gz
bash# cd pfil; make And the first problem I faced trying to build it on sunos5 was
cc -I.. -I. -D_KERNEL -DSUNDDI -DSOLARIS2=9 -DPFILDEBUG -c ../pfil.c -o pfil.o
In file included from /usr/include/sys/reg.h:13,
from /usr/include/sys/pcb.h:11,
from /usr/include/sys/klwp.h:16,
from /usr/include/sys/thread.h:13,
from /usr/include/sys/semaphore.h:18,
from /usr/include/sys/t_lock.h:22,
from /usr/include/sys/systm.h:18,
from ../pfil.c:17:
/usr/include/ia32/sys/reg.h:300: error: syntax error before "upad128_t"
/usr/include/ia32/sys/reg.h:302: error: syntax error before '}' token
/usr/include/ia32/sys/reg.h:309: error: field `kfpu_fx' has incomplete type
/usr/include/ia32/sys/reg.h:331: error: syntax error before "upad128_t"
/usr/include/ia32/sys/reg.h:338: error: syntax error before '}' token
/usr/include/ia32/sys/reg.h:339: error: syntax error before '}' token
/usr/include/ia32/sys/reg.h:376: error: syntax error before "fpregset_t"To fix this you can check http://coombs.anu.edu.au/~avalon/ipfilfaq.html#solaris19 . They say this is because sunos5 headers changed during the update. The solution is pretty easy (http://groups.yahoo.com/group/solarisx86/message/6617) - just locate mkheaders script of the proper gcc version, that you have on your server and launch it.
bash# locate mkheaders
bash# /usr/local/libexec/gcc/i386-pc-solaris2.9/3.4.6/install-tools/mkheadersAfter the second make attempt I saw new error message
ld -r pfil.o qif.o pfildrv.o pfilstream.o pkt.o misc.o ndd.o -o pfil32
make[3]: ld: Command not found
make[3]: *** [pfil] Error 127
make[3]: Leaving directory `/tmp/build/pfil/SunOS'
make[2]: *** [SunOS32] Error 2
make[2]: Leaving directory `/tmp/build/pfil'
make[1]: [SunOS] Error 2 (ignored)
make[1]: Leaving directory `/tmp/build/pfil'This means that ld binary (from binutils package) could not be found on your system. I just included the directory where it located to the PATH variable
bash# locate ld | grep -w ld
bash# PATH=$PATH:/usr/ccs/binThis time it was OK. I tried to build the ipf package again, but after some time it complained
../../ip_fil_solaris.c: In function `fr_fastroute':
../../ip_fil_solaris.c:1099: warning: assignment makes pointer from integer without a cast
../../ip_fil_solaris.c:1170: warning: passing arg 1 of `pfil_sendbuf' from incompatible pointer type
../../ip_fil_solaris.c:1170: error: too many arguments to function `pfil_sendbuf'
../../ip_fil_solaris.c: In function `ipf_inject':
../../ip_fil_solaris.c:1260: error: `qifpkt_t' undeclared (first use in this function)
../../ip_fil_solaris.c:1260: error: (Each undeclared identifier is reported only once
../../ip_fil_solaris.c:1260: error: for each function it appears in.)
../../ip_fil_solaris.c:1260: error: `qp' undeclared (first use in this function)
*** Error code 1
make: Fatal error: Command failed for target `ip_fil.o'
Current working directory /tmp/build/ip_fil4.1.31/SunOS5/i386-5.9
*** Error code 1
make: Fatal error: Command failed for target `sunos5'
Current working directory /tmp/build/ip_fil4.1.31
make: *** [solaris] Error 1This problem arise as I built the old version of pfil and it missing something for the ipf. It's pretty funny as on the ftp (ftp://coombs.anu.edu.au/pub/net/ip-filter/) they have latest version of pfil-2.1.6.tar.gz. Damn. So I downloaded latest version from http://coombs.anu.edu.au/~avalon/pfil-2.1.13.tar.gz, and tried to rebuild it again.
However I saw a new problem. In the latest version of pfil the have broken Makefile. And you can see recursive infinitive loop
bash# make
i=`uname -s`; case $i in HP-UX) make hpux;; *) make $i;; esac
make[1]: Entering directory `/tmp/build/pfil'
cp Makefile SunOS
make SunOS
make[2]: Entering directory `/tmp/build/pfil'
make SunOS
make[3]: Entering directory `/tmp/build/pfil'
make SunOS
make[4]: Entering directory `/tmp/build/pfil'
make SunOS
make[5]: Entering directory `/tmp/build/pfil'
make SunOS
make[6]: Entering directory `/tmp/build/pfil'
...After digging in the Makefile I just run the required line to build pfil
bash# cd SunOS/
bash# make pfil "BITS=32" OS=solaris DO=pfil "ADEF=-I.. -I. -D_KERNEL -DSUNDDI -DSOLARIS2=9"Now I was lucky. All went OK and I installed pfil package successfully with
bash# make install-SunOS This will install Solaris package of pfil and you should see following message in the end
"Installation of <pfil> was successful."Now I tried to built the ipf (ip_fil) package again.
bash# cd ../../ip_fil4.1.31
bash# make solaris
bash# cd SunOS5/
bash# make installThis was the last required set of commands to build ipf - IP Filter. And I saw cherished line in the end.
"Installation of <ipf> was successful."After this - reboot. And ipf is ready to use.
Links :
IP Filter 4.1 HPUX and Solaris notes - http://coombs.anu.edu.au/~avalon/ipf-mentat.html
IP Filter FAQ - http://coombs.anu.edu.au/~avalon/ipfilfaq.html#solaris19
Solaris 10+install ipf filter howto http://marc.info/?l=ipfilter&m=112808870127741&w=2
Solaris 9 x86 GCC has to be rebuilt - http://groups.yahoo.com/group/solarisx86/message/6617
GCC for Solaris 9 x86 - http://sunfreeware.com/programlistintel9.html#gcc34
