Date: Mon, 06 Sep 2004 01:30:20 +0200 From: Andre Oppermann <andre@freebsd.org> To: Gleb Smirnoff <glebius@freebsd.org> Cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <413BA18C.D7A35736@freebsd.org> References: <200409052006.i85K6ovn042219@repoman.freebsd.org> <413B8C06.CBC43282@freebsd.org> <20040905230743.GA82892@cell.sick.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Gleb Smirnoff wrote: > > On Sun, Sep 05, 2004 at 11:58:30PM +0200, Andre Oppermann wrote: > A> Thanks. I was at the SUCON'04 the last days and only infrequently checking > A> my inbox. The ipfw2 code never returned EINVAL for divert actions when the > A> IPDIVERT was not compiled in. I didn't change that with the conversion to > A> pfil_hooks. > > May be this check was in other place. I clearly remeber that rc.firewall > on my 4.x boxes produced errors on divert with GENERIC loaded. > > I haven't looked at code but I have just checked: > > root@fade:~:|>ipfw add 65000 divert natd all from any to any > ipfw: getsockopt(IP_FW_ADD): Invalid argument > root@fade:~:|>uname -a > FreeBSD fade.bestcom.ru 4.9-STABLE FreeBSD 4.9-STABLE #3: Mon Jan 12 12:30:42 MSK 2004 root@fade.bestcom.ru:/usr/obj/usr/src/sys/FADE i386 > > (no DIVERT in kernel). Is that ipfw or ipfw2 (ipfw != ipfw2)? Anyway, if ipfw behaved this way on 4.x it should continue to do so in 5.x. So your change is correct. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413BA18C.D7A35736>