freebsd stable - Dec 2005 - Strange problem with kldload and pf

Fresh install of FreeBSD 6.0-RELEASE from CD.

With the GENERIC kernel, I was able to 'kldload pf' to get the pf
firewall.
However this doesn't work after I rebuilt a new kernel; it fails to load.

All I did was add IPSEC and disable IPv6. The exact config diff from GENERIC
is attached below.

I rebuilt the kernel using:

    # cd /usr/src/sys/i386/conf
    # cp GENERIC CANDLERB
    # vi CANDLERB
    ... see diff below
    # config CANDLERB
    # cd ../compile/CANDLERB
    # make cleandepend && make depend && make && make
install
    # reboot

Now when I try to load the pf module I get:

    # kldload pf
    kldload: can't load pf: No such file or directory
    #

However this module file definitely exists, and has a timestamp from when
the kernel was rebuilt:

    # ls -l /boot/kernel/pf.ko
    -r-xr-xr-x  1 root  wheel  188030 Dec 28 15:15 /boot/kernel/pf.ko
    # wc -c /boot/kernel/pf.ko
      188030 /boot/kernel/pf.ko

An strace -id of the kldload process doesn't shed any light either:

...
   834 kldload  CALL  sigprocmask(0x3,0x28067830,0)
   834 kldload  RET   sigprocmask 0
   834 kldload  CALL  kldload(0xbfbfeba4)
   834 kldload  NAMI  "/boot/kernel/linker.hints"
   834 kldload  NAMI  "/boot/kernel/pf.ko"
   834 kldload  NAMI  "/boot/kernel/pf.ko"
   834 kldload  RET   kldload -1 errno 2 No such file or directory
   834 kldload  CALL  write(0x2,0xbfbfe3d0,0x9)
   834 kldload  GIO   fd 2 wrote 9 bytes
       "kldload: "
...

I can load other modules successfully (I tried 'kldload ng_nat' just to
pick
one at random)

I guess I can go ahead and rebuild the kernel again, this time with pf built
in. However I would like to know why I can't load pf as a module, even
though it seems to have been successfully built as one.

Regards,

Brian.

--- /usr/src/sys/i386/conf/GENERIC      Fri Oct 28 20:22:41 2005
+++ /usr/src/sys/i386/conf/CANDLERB     Wed Dec 28 14:19:48 2005
@@ -22,7 +22,7 @@
 cpu            I486_CPU
 cpu            I586_CPU
 cpu            I686_CPU
-ident          GENERIC
+ident          CANDLERB

 # To statically compile in device wiring instead of /boot/device.hints
 #hints         "GENERIC.hints"         # Default places to look for
devices.
@@ -33,7 +33,7 @@
 options        SCHED_4BSD              # 4BSD scheduler
 options        PREEMPTION              # Enable kernel thread preemption
 options        INET                    # InterNETworking
-options        INET6                   # IPv6 communications protocols
+#options       INET6                   # IPv6 communications protocols
 options        FFS                     # Berkeley Fast Filesystem
 options        SOFTUPDATES             # Enable FFS soft updates support
 options        UFS_ACL                 # Support for access control lists
@@ -277,3 +277,7 @@
 device         firewire        # FireWire bus code
 device         sbp             # SCSI over FireWire (Requires scbus and da)
 device         fwe             # Ethernet over FireWire (non-standard!)
+
+options                IPSEC
+options                IPSEC_ESP
+options                IPSEC_DEBUG

> Fresh install of FreeBSD 6.0-RELEASE from CD.
>
> With the GENERIC kernel, I was able to 'kldload pf' to get the pf
firewall.
> However this doesn't work after I rebuilt a new kernel; it fails to
load.
>
> All I did was add IPSEC and disable IPv6. The exact config diff from
GENERIC
> is attached below.
>
> However this module file definitely exists, and has a timestamp from when
> the kernel was rebuilt:
>
>     # ls -l /boot/kernel/pf.ko
>     -r-xr-xr-x  1 root  wheel  188030 Dec 28 15:15 /boot/kernel/pf.ko
>     # wc -c /boot/kernel/pf.ko
>       188030 /boot/kernel/pf.ko
>
> I guess I can go ahead and rebuild the kernel again, this time with pf
built
> in. However I would like to know why I can't load pf as a module, even
> though it seems to have been successfully built as one.
Sometimes kldload fails mysteriously, and more helpful error messages are
dumped in /var/log/messages.  But only sometimes.

--
Matt Emmerton