Re: npf 'bpf.jit' errors out?

To: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Subject: Re: npf 'bpf.jit' errors out?
From: Roy Marples <roy%marples.name@localhost>
Date: Mon, 10 Apr 2017 15:31:27 +0100

On 10/04/2017 15:16, Hauke Fath wrote:
> On Mon, 10 Apr 2017 15:08:21 +0100, Roy Marples wrote:
>>
> http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/kern_module.c.diff?r1=1.117&r2=1.118&only_with_tag=MAIN&f=h
>>
>> Unsure if it applies to -7, but basically you have probably set a secure
>> level so that modules cannot be loaded and npfctl see's no permission
>> rather than it already exists.
> 
> I don't want to load any kernel modules, and after
> 
>      options BPFJIT
>      options SLJIT
> 
> I shouldn't have to, or should I? Does the cone resulting from *JIT 
> require module majjic?

No you shouldn't, and the above patch allows npf to work like that.
Basically, irregardless of anything you set, npf tries to load a kernel
module and shows an error if not EEXISTS.

My kernel change allows EEXISTS to be returned even if you don't have
permission to load modules.

> 
> securelevel is 1 - I thought about upping it, but haven't, yet.

You'll either have to drop it to 0 or apply the aforementioned patch if
you want to get rid of the error message.

Roy

Follow-Ups:
- Re: npf 'bpf.jit' errors out?
  - From: Hauke Fath

References:
- npf 'bpf.jit' errors out?
  - From: Hauke Fath
- Re: npf 'bpf.jit' errors out?
  - From: Roy Marples
- Re: npf 'bpf.jit' errors out?
  - From: Hauke Fath

Prev by Date: Re: npf 'bpf.jit' errors out?
Next by Date: Re: npf 'bpf.jit' errors out?
Previous by Thread: Re: npf 'bpf.jit' errors out?
Next by Thread: Re: npf 'bpf.jit' errors out?
Indexes:

Home | Main Index | Thread Index | Old Index