FreeBSD Mail Archives

Date:      Wed, 2 Nov 2011 15:13:15 +0300
From:      Sergey Kandaurov <pluknet@freebsd.org>
To:        "Bjoern A. Zeeb" <bz@freebsd.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw
Message-ID:  <CAE-mSOLZsHXFyu_oSO8EY78j8ijbqNaGmFDzqtoGx5SqOq0y1Q@mail.gmail.com>
In-Reply-To: <201109271327.p8RDRHs8024689@svn.freebsd.org>
References:  <201109271327.p8RDRHs8024689@svn.freebsd.org>

On 27 September 2011 17:27, Bjoern A. Zeeb <bz@freebsd.org> wrote:
> Author: bz
> Date: Tue Sep 27 13:27:17 2011
> New Revision: 225793
> URL: http://svn.freebsd.org/changeset/base/225793
>
> Log:
> =A0Unbreak no-ip and no-inet6 module builds with ipfw. =A0For now continu=
e to
> =A0build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under the
> =A0assumption that the private L2 hook (which hopefully eventually will b=
e a
> =A0pfil hook as well) can still be useful.
>
> =A0Allow building the module without inet as well.
>
> =A0Glanced at by: =A0 =A0 =A0 =A0jhb
> =A0MFC after: =A0 =A03 days
>
> Modified:
> =A0head/sys/modules/ipfw/Makefile
> =A0head/sys/netinet/ipfw/ip_fw_pfil.c
>
> Modified: head/sys/modules/ipfw/Makefile
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/sys/modules/ipfw/Makefile =A0 =A0 =A0Tue Sep 27 13:20:41 2011 =
=A0 =A0 =A0 =A0(r225792)
> +++ head/sys/modules/ipfw/Makefile =A0 =A0 =A0Tue Sep 27 13:27:17 2011 =
=A0 =A0 =A0 =A0(r225793)
> @@ -8,7 +8,7 @@ KMOD=3D =A0 ipfw
> =A0SRCS=3D =A0ip_fw2.c ip_fw_pfil.c
> =A0SRCS+=3D ip_fw_dynamic.c ip_fw_log.c
> =A0SRCS+=3D ip_fw_sockopt.c ip_fw_table.c
> -SRCS+=3D opt_inet6.h opt_ipfw.h opt_ipsec.h
> +SRCS+=3D opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h
>
> =A0CFLAGS+=3D -DIPFIREWALL
> =A0CFLAGS+=3D -I${.CURDIR}/../../contrib/pf
> @@ -22,6 +22,10 @@ CFLAGS+=3D -I${.CURDIR}/../../contrib/pf
> =A0#
>
> =A0.if !defined(KERNBUILDDIR)
> +.if ${MK_INET_SUPPORT} !=3D "no"
> +opt_inet.h:
> + =A0 =A0 =A0 echo "#define INET 1" > ${.TARGET}
> +.endif
> =A0.if ${MK_INET6_SUPPORT} !=3D "no"
> =A0opt_inet6.h:
> =A0 =A0 =A0 =A0echo "#define INET6 1" > ${.TARGET}
>
> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/sys/netinet/ipfw/ip_fw_pfil.c =A0Tue Sep 27 13:20:41 2011 =A0 =
=A0 =A0 =A0(r225792)
> +++ head/sys/netinet/ipfw/ip_fw_pfil.c =A0Tue Sep 27 13:27:17 2011 =A0 =
=A0 =A0 =A0(r225793)
> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$");
> =A0#if !defined(KLD_MODULE)
> =A0#include "opt_ipdn.h"
> =A0#include "opt_inet.h"
> +#include "opt_inet6.h"
> =A0#ifndef INET
> =A0#error IPFIREWALL requires INET.
> =A0#endif /* INET */
> =A0#endif /* KLD_MODULE */
> -#include "opt_inet6.h"

Hello.

This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabled ke=
rnel.

Found by /etc/rc.d/ipfw restart:
[...]
/etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall

i.e. sysctl net.inet6.ip6.fw.enable doesn't present.

Reversion of this hunk fixed the problem.
NO_INET[46] lints aren't tested though.

--=20
wbr,
pluknet

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-mSOLZsHXFyu_oSO8EY78j8ijbqNaGmFDzqtoGx5SqOq0y1Q>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation