From owner-freebsd-current@FreeBSD.ORG  Sat May 17 02:32:08 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6330C106566B
	for <current@FreeBSD.org>; Sat, 17 May 2008 02:32:08 +0000 (UTC)
	(envelope-from nork@FreeBSD.org)
Received: from sakura.ninth-nine.com (unknown
	[IPv6:2001:2f0:104:80a0:230:48ff:fe41:2455])
	by mx1.freebsd.org (Postfix) with ESMTP id B9FDE8FC17
	for <current@FreeBSD.org>; Sat, 17 May 2008 02:32:06 +0000 (UTC)
	(envelope-from nork@FreeBSD.org)
Received: from nadesico.ninth-nine.com (nadesico.ninth-nine.com
	[219.127.74.122]) by sakura.ninth-nine.com
	(8.14.1/8.14.1/NinthNine) with SMTP id m4H2W2aD054054;
	Sat, 17 May 2008 11:32:02 +0900 (JST) (envelope-from nork@FreeBSD.org)
Date: Sat, 17 May 2008 11:32:01 +0900
From: Norikatsu Shigemura <nork@FreeBSD.org>
To: Julian Elischer <julian@elischer.org>
Message-Id: <20080517113201.7f7bc2d6.nork@FreeBSD.org>
In-Reply-To: <20080517083938.9fd7ae60.nork@FreeBSD.org>
References: <482D7FE6.6020405@elischer.org>
	<20080517081548.ce75ffd7.nork@FreeBSD.org>
	<20080517083938.9fd7ae60.nork@FreeBSD.org>
X-Mailer: Sylpheed 2.5.0beta3 (GTK+ 2.12.9; i386-portbld-freebsd8.0)
Mime-Version: 1.0
Content-Type: multipart/mixed;
	boundary="Multipart=_Sat__17_May_2008_11_32_01_+0900_OQEOHxD/TyhVL40Q"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2
	(sakura.ninth-nine.com [219.127.74.121]);
	Sat, 17 May 2008 11:32:02 +0900 (JST)
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: FreeBSD Current <current@FreeBSD.org>
Subject: Re: vimage patches and example run.
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 May 2008 02:32:08 -0000

This is a multi-part message in MIME format.

--Multipart=_Sat__17_May_2008_11_32_01_+0900_OQEOHxD/TyhVL40Q
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Sat, 17 May 2008 08:39:38 +0900
Norikatsu Shigemura <nork@freebsd.org> wrote:
On Sat, 17 May 2008 08:15:48 +0900
> Norikatsu Shigemura <nork@freebsd.org> wrote:
> > On Fri, 16 May 2008 08:36:54 -0400
> > Julian Elischer <julian@elischer.org> wrote:
> > > vimage patches as of 8AM in ottawa:
> > > http://www.freebsd.org/~julian/vimage.diff
> > 	Wow! I'll try to do it! :-)
> 	Oops, I couldn't compile kdump.  Please add following patch
> 	for vimage.diff.

	Hum... There are many bugs in ipfw's code.
	*ip_fw.h
	1. struct ip_fw_chain in #ifdef IPFW_INTERNAL - #endif
	   So remove it (dupplicate define).

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #ifdef IPFW_INTERNAL
 
-#define        IPFW_TABLES_MAX         128
-struct ip_fw_chain {
-       struct ip_fw    *rules;         /* list of rules */
-       struct ip_fw    *reap;          /* list of rules to reap */
-       LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
-       struct radix_node_head *tables[IPFW_TABLES_MAX];
-       struct rwlock   rwmtx;
-};
 #define        IPFW_LOCK_INIT(_chain) \
        rw_init(&(_chain)->rwmtx, "IPFW static rules")
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


	*ip_fw2.c
	1. Not enough to replacement.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-							LOOKUP_NAT(layer3_chain, nat_id, t);
+							LOOKUP_NAT(V_layer3_chain, nat_id, t);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	2. extra remove code is bad.  Don't apply following code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -4359,7 +4400,6 @@
                else {
                        printf("IP_FW_NAT_CFG: ipfw_nat not present, please load it.\n");
                        error = EINVAL;
-               }
        }
        break;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	3. bad extra code in new ipfw_init.  So replase new one.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-		default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny");
+#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT
+		"accept"
+#else
+		"deny"
+#endif
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	Please replace my attached patches for your vimage.diff.

P.S.  Oops! netgraph has ...  orz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:173:1: error: "NG_ID_HASH_SIZE" redefined
In file included from /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:71:
@/netgraph/vnetgraph.h:44:1: error: this is the location of the previous definition
  :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

--Multipart=_Sat__17_May_2008_11_32_01_+0900_OQEOHxD/TyhVL40Q--