From owner-freebsd-net Tue Feb 6 10:41:19 2001 Delivered-To: freebsd-net@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id E955137B491 for ; Tue, 6 Feb 2001 10:41:01 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.1/8.11.1) id f16If1041610; Tue, 6 Feb 2001 10:41:01 -0800 (PST) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200102061841.f16If1041610@iguana.aciri.org> Subject: Re: IPFIREWALL + BRIDGE + IPDIVERT doesn't work? In-Reply-To: <20010206102958.N26076@fw.wintelcom.net> from Alfred Perlstein at "Feb 6, 2001 10:29:58 am" To: bright@wintelcom.net (Alfred Perlstein) Date: Tue, 6 Feb 2001 10:39:40 -0800 (PST) Cc: rizzo@aciri.org, net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i assume you have upgraded the .h files in /usr/include/net and /usr/include/netinet and recompiled the userland ipfw, right ? your report is kind of strange because none of the recent changes (unless you mean the tcp security fixes) involves additional specifiers in ipfw rules. Sure the ipfw struct and the pipe descriptor have changed size, but then the problem would occur for all rules not just the "via" ones. can you give use some more detail ? cheers luigi > Let me apologize in advance for this shoddyish bug report. > > In a recent -stable (since the new ipfw fixes) if you build > a kernel with options: > > IPFIREWALL > IPFIREWALL_VERBOSE > IPFIREWALL_DEFAULT_TO_ACCEPT > IPDIVERT > BRIDGE > DUMMYNET > > You wind up with a kernel that doesn't grok the ipfw 'via' keyword. > > Basically any rule that has a 'via' in it makes the userland ipfw > tool get a 'invalid setsockopt'. Anyone booting a kernel on a > system that relies on 'via' keywords is in for a big suprise as > all those rules won't load. > > -- > -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] > "I have the heart of a child; I keep it in a jar on my desk." > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message