From owner-freebsd-stable@FreeBSD.ORG Tue Apr 3 06:56:55 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F18DB16A404 for ; Tue, 3 Apr 2007 06:56:55 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outG.internet-mail-service.net (outG.internet-mail-service.net [216.240.47.230]) by mx1.freebsd.org (Postfix) with ESMTP id DC42913C487 for ; Tue, 3 Apr 2007 06:56:55 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Mon, 02 Apr 2007 23:27:13 -0700 Received: from [192.168.2.5] (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 05E2F125B26; Mon, 2 Apr 2007 23:56:54 -0700 (PDT) Message-ID: <4611FAB6.4090201@elischer.org> Date: Mon, 02 Apr 2007 23:56:54 -0700 From: Julian Elischer User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: Mike Tancsa References: <200704011107.22750.joao@matik.com.br> <200704030239.l332dC89044128@lava.sentex.ca> In-Reply-To: <200704030239.l332dC89044128@lava.sentex.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: julian@freebsd.org, freebsd-stable@freebsd.org, JoaoBR Subject: Re: ipfw add pipe broken in RELENG_6 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 06:56:56 -0000 Mike Tancsa wrote: > At 10:07 AM 4/1/2007, JoaoBR wrote: > >> it seems I can not add pipes with releng6 sources from the last days >> >> ipfw add pipe 1 ip from any to any >> ipfw: getsockopt(IP_FW_ADD): Invalid argument > > I think this is whats needed in /usr/src/sbin/ipfw. Looking at the > diffs between HEAD and RELENG_6 (apart from the kernel nat stuff), below > seems to be whats different. somewhere between my MFC testing and the commits there seems to have been a screwup. I think it happenned because I reverted a MFC out of my list of MFC's to do after I had done some tests because they causled a failure and I hadn't realised that they affected this code too. I'm doing testing now and should be able to confirm this in a short while. > > > [smicro1U]# diff -u ipfw2.c.orig ipfw2.c > --- ipfw2.c.orig Mon Apr 2 22:28:33 2007 > +++ ipfw2.c Mon Apr 2 22:30:45 2007 > @@ -3973,11 +3973,9 @@ > break; > > case TOK_QUEUE: > - action->len = F_INSN_SIZE(ipfw_insn_pipe); > action->opcode = O_QUEUE; > goto chkarg; > case TOK_PIPE: > - action->len = F_INSN_SIZE(ipfw_insn_pipe); > action->opcode = O_PIPE; > goto chkarg; > case TOK_SKIPTO: > @@ -4043,11 +4041,13 @@ > "illegal forwarding port ``%s''", s); > p->sa.sin_port = (u_short)i; > } > - lookup_host(*av, &(p->sa.sin_addr)); > - } > + if (_substrcmp(*av, "tablearg") == 0) > + p->sa.sin_addr.s_addr = INADDR_ANY; > + else > + lookup_host(*av, &(p->sa.sin_addr)); > ac--; av++; > break; > - > + } > case TOK_COMMENT: > /* pretend it is a 'count' rule followed by the comment */ > action->opcode = O_COUNT; > [smicro1U]# > > > > The command seems to be getting tripped up in /usr/src/sys/netinet/ip_fw2.c > > case O_QUEUE: > if (cmdlen != F_INSN_SIZE(ipfw_insn)) > goto bad_size; > goto check_action; > > where size=2 and cmdlen=1 on opcode=50 > > ---Mike