Date: Wed, 18 Aug 2004 15:39:51 +0200 From: Andre Albsmeier <andre.albsmeier@siemens.com> To: Michael Handler <handler@grendel.net> Cc: freebsd-stable@freebsd.org Subject: Re: problem with ipfilter and todays -stable Message-ID: <20040818133951.GA12273@curry.mchp.siemens.de> In-Reply-To: <slrnchq51r.1ta5.handler@monster.grendel.net> References: <411D03EC.1020900@gmx.net> <slrnchq51r.1ta5.handler@monster.grendel.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13-Aug-2004 at 19:19:02 +0000, Michael Handler wrote:
> On 2004-08-13, Bernhard Valenti <bernhard.valenti@gmx.net> wrote:
> > i just updated from 4.8 to 4.10-stable(from today). i noticed that i
> > can't ping the machine. [...]
>
> I just did the same upgrade last night, and am experiencing similar
> troubles. ("block in quick log on dc0" isn't actually blocking
> anything.) Someone on freebsd-net just noticed this as well:
>
> http://lists.freebsd.org/pipermail/freebsd-net/2004-August/004675.html
>
> Darren Reed MFCed IPFilter 3.4.35 in early July, and I don't think
> that ipfilter was updated completely in both of the relevant places
> (src/contrib/ipfilter and src/sys/contrib/ipfilter). If you diff
Yes, he forgot to MFC ipl.h into src/contrib/ipfilter, see PR# 70492.
> the files that exist in both locations, there are some troubling
> differences, especially the missing member of the qif structure in
> ip_compat.h, etc.
Well, it seems that src/contrib/ipfilter/ip_compat.h simply isn't
used by the userland parts of ipfilter (only by the kernel stuff
in src/sys/contrib/ipfilter where the file is up to date).
However, since there have always been confusing discrepancies (at
least for me) between the files in src/sys/contrib/ipfilter and
src/contrib/ipfilter, I have replaced src/contrib/ipfilter by the
offical ip_filter-3.4.35 package and made
src/sys/contrib/ipfilter/netinet a symlink to this location just
to be sure to use consistent versions of all files. (I have done
this several times before when I wanted to test a not yet commited
version of ipfilter).
However, this does not fix my problem which can be found at
http://marc.theaimsgroup.com/?l=ipfilter&m=109259371522385
When looking at HISTORY, we find a lot of changes w.r.t. checksum
corrections in ICMP packages so I assume there are still some bugs
in there.
>
> I'm seeing the same problem that the freebsd-net poster did:
>
> root@lair:~# ipf -V
> ipf: IP Filter: v3.4.31 (336)
> Kernel: IP Filter: v3.4.35
Same here (before replacing src/contrib/ipfilter as described
above) due to the missing MFC of ipl.h.
-Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818133951.GA12273>