From owner-freebsd-stable@FreeBSD.ORG Wed Aug 18 13:39:54 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5495616A4CE for ; Wed, 18 Aug 2004 13:39:54 +0000 (GMT) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9292743D41 for ; Wed, 18 Aug 2004 13:39:53 +0000 (GMT) (envelope-from andre.albsmeier@siemens.com) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.12.6/8.12.6) with ESMTP id i7IDdqLs005583; Wed, 18 Aug 2004 15:39:52 +0200 Received: from mars.cert.siemens.com (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.12.6/8.12.6) with ESMTP id i7IDdqxA001861; Wed, 18 Aug 2004 15:39:52 +0200 Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7]) mail/cert.mc.pre,v 1.61 2004/06/20 16:46:46 mailadm Exp $) with ESMTP id i7IDdpTo089875; Wed, 18 Aug 2004 15:39:52 +0200 (CEST) Received: (from localhost) by curry.mchp.siemens.de (8.13.1/8.13.1) id i7IDdptn088925; Date: Wed, 18 Aug 2004 15:39:51 +0200 From: Andre Albsmeier To: Michael Handler Message-ID: <20040818133951.GA12273@curry.mchp.siemens.de> References: <411D03EC.1020900@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Echelon: codes, Osama, MI6, AA, fraud X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.4i cc: freebsd-stable@freebsd.org Subject: Re: problem with ipfilter and todays -stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 13:39:54 -0000 On Fri, 13-Aug-2004 at 19:19:02 +0000, Michael Handler wrote: > On 2004-08-13, Bernhard Valenti wrote: > > i just updated from 4.8 to 4.10-stable(from today). i noticed that i > > can't ping the machine. [...] > > I just did the same upgrade last night, and am experiencing similar > troubles. ("block in quick log on dc0" isn't actually blocking > anything.) Someone on freebsd-net just noticed this as well: > > http://lists.freebsd.org/pipermail/freebsd-net/2004-August/004675.html > > Darren Reed MFCed IPFilter 3.4.35 in early July, and I don't think > that ipfilter was updated completely in both of the relevant places > (src/contrib/ipfilter and src/sys/contrib/ipfilter). If you diff Yes, he forgot to MFC ipl.h into src/contrib/ipfilter, see PR# 70492. > the files that exist in both locations, there are some troubling > differences, especially the missing member of the qif structure in > ip_compat.h, etc. Well, it seems that src/contrib/ipfilter/ip_compat.h simply isn't used by the userland parts of ipfilter (only by the kernel stuff in src/sys/contrib/ipfilter where the file is up to date). However, since there have always been confusing discrepancies (at least for me) between the files in src/sys/contrib/ipfilter and src/contrib/ipfilter, I have replaced src/contrib/ipfilter by the offical ip_filter-3.4.35 package and made src/sys/contrib/ipfilter/netinet a symlink to this location just to be sure to use consistent versions of all files. (I have done this several times before when I wanted to test a not yet commited version of ipfilter). However, this does not fix my problem which can be found at http://marc.theaimsgroup.com/?l=ipfilter&m=109259371522385 When looking at HISTORY, we find a lot of changes w.r.t. checksum corrections in ICMP packages so I assume there are still some bugs in there. > > I'm seeing the same problem that the freebsd-net poster did: > > root@lair:~# ipf -V > ipf: IP Filter: v3.4.31 (336) > Kernel: IP Filter: v3.4.35 Same here (before replacing src/contrib/ipfilter as described above) due to the missing MFC of ipl.h. -Andre