Re: compile PF in a DomU kernel?

To: port-xen%NetBSD.org@localhost
Subject: Re: compile PF in a DomU kernel?
From: Philip <subs%christiantena.net@localhost>
Date: Fri, 23 Oct 2009 19:50:01 +0100

This is what I did.

cd /usr/src/sys/arch/i386/conf/
cp XEN3_DOMU XEN3_DOMU_PF

add to the bottom of XEN3_DOMU_PF:-

pseudo-device   pf              # PF packet filter
pseudo-device   pflog           # PF log interface

build the kernel as described in
http://www.netbsd.org/docs/kernel/

it seems to work fine

it didn't need PFIL_HOOKS as that was already included
I don't know enough about netbsd to understand why PFIL_HOOKS is
included by default but not the pseudo-device pf which is needed to
actually use it

thanks, Philip

Manuel Bouyer wrote:
> On Thu, Oct 22, 2009 at 07:36:41PM +0100, Philip wrote:
>> Hello
>>
>> I need to be able to use PF in a DomU kernel, but after some time trying
>> and failing my understanding is that LKM doesn't work in a DomU, and I
>> suppose modules have to be loaded with the kernel by Dom0 and all that?
> 
> No, you have to build modules for Xen (and not native x86), but there's
> no support in the build infrastructure for this yet.
> 
>> In fact when I tried the DomU hung and I had to mount the image file and
>> change the rc.conf back before I could boot it.
>>
>> I'm not a xen expert at all as you can probably see.....
>>
>> I'm thanking that the easiest thing to do is to compile a new DomU
>> kernel with PF support built in, so that LKM isn't needed.
> 
> Yes.
> 
>> Can anyone give me some guidance?  I have compiled Netbsd kernels before
>> but not xen ones.
> 
> It's exactly the same as a native kernel; you'll have the XEN_* config
> files in the arch/amd64/conf or arch/i386/conf directories.
> 
>> I think my domu is the one from
>> http://ftp.netbsd.org/pub/NetBSD/NetBSD-5.0.1/i386/binary/kernel/netbsd-XEN3_DOMU.gz
>>
>> I have read http://www.netbsd.org/docs/kernel/ and I'm guess that I use
>> the conf file from cd /usr/src/sys/arch/<ARCH>/conf with conf=xen, keep
>> everything the same but just add "options    PFIL_HOOKS      # pfil(9) packet
>> filter hooks" as it says at http://www.netbsd.org/docs/network/pf.html
>> or are there some other tricks?
> 
> I think you also need
> pseudo-device pf
> or something like that. And remove ipf.
>

References:
- compile PF in a DomU kernel?
  - From: Philip
- Re: compile PF in a DomU kernel?
  - From: Manuel Bouyer

Prev by Date: Re: NetBSD vs Linux
Next by Date: Re: NetBSD vs Linux
Previous by Thread: Re: compile PF in a DomU kernel?
Next by Thread: boot failure on Xen 3.4.x
Indexes:

Home | Main Index | Thread Index | Old Index