From owner-freebsd-security  Thu Oct 29 02:43:53 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA06386
          for freebsd-security-outgoing; Thu, 29 Oct 1998 02:43:53 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA06378
          for <freebsd-security@freebsd.org>; Thu, 29 Oct 1998 02:43:50 -0800 (PST)
          (envelope-from kkennawa@physics.adelaide.edu.au)
Received: from mercury (mercury [129.127.36.44])
	by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id VAA23646;
	Thu, 29 Oct 1998 21:13:46 +1030 (CST)
Received: from localhost by mercury; (5.65v3.2/1.1.8.2/27Nov97-0404PM)
	id AA25594; Thu, 29 Oct 1998 21:13:45 +1030
Date: Thu, 29 Oct 1998 21:13:45 +1030 (CST)
From: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
To: Open Systems Networking <opsys@mail.webspan.net>
Cc: Andrew McNaughton <andrew@squiz.co.nz>, freebsd-security@FreeBSD.ORG
Subject: Re: IPFW problems...
In-Reply-To: <Pine.BSF.4.02.9810290423340.22650-100000@orion.webspan.net>
Message-Id: <Pine.OSF.4.05.9810292106020.13520-100000@mercury.physics.adelaide.edu.au>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 29 Oct 1998, Open Systems Networking wrote:

> On Thu, 29 Oct 1998, Andrew McNaughton wrote:
> 
> > I had this one when my build world was out of sync with my kernel build.
> > I presume there's been a change since the release (dummynet?) which has
> > changed the size of the data structure passed from ipfw to the kernel.
> 
> I wish that was it :)
> But since I only have 2.2.7-RELEASE kernel sources installed then cvsup'ed
> to 2.2.7-STABLE I dont quite see how the os could be out of sync with the
> kernel. its the same release. It appears that message comes from ip_fw.c

xxx-STABLE isnt "the same release" as xxx-RELEASE, and they're not guaranteed
to be backwards compatible - the numbering in the -STABLE name refers to the
most recent previous release along that development branch). i.e the
xxx-RELEASEs are just snapshot of -STABLE taken at a certain time. So
2.2.7-STABLE keeps creeping along from the 2.2.7-RELEASE codebase, and the
name will change to 2.2.8-STABLE once 2.2.8-RELEASE is out the door.

It isn't supposed to happen in -STABLE very often, but occasionally the kernel
structures change (to add features, etc) and becomes incompatible with a world
which was not compiled expecting those changes. Almost certainly this is the
problem you are seeing (in fact I seem to remember reading about something
Luigi Rizzo did to ipfw in -stable which broke backwards-compatibility of the
ipfw binary). If you're goign to track a -stable kernel, you should be
subscribed to the freebsd-stable mailing list for exactly this reason (so you
know when you have to update your world sources as well).

Recompiling ipfw with sources taken from -stable at the same point your kernel
sources were from should make the problem go away.

Kris


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message