Date: Mon, 17 Jun 2002 16:23:23 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Michael Grant <mg-fbsd3@grant.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: making kernel with ipfilter Message-ID: <20020617162322.A2839@blossom.cjclark.org> In-Reply-To: <200206171720.g5HHKN108114@splat.grant.org>; from mg-fbsd3@grant.org on Mon, Jun 17, 2002 at 07:20:23PM %2B0200 References: <200206171720.g5HHKN108114@splat.grant.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 17, 2002 at 07:20:23PM +0200, Michael Grant wrote:
> I'm still having trouble making a 4.6 kernel with ipfilter (using the
> version in the contrib directory.
>
> When I cvsup RELENG_4_6, I get the following files (note the dates):
>
> ls -l /usr/src/sys/contrib/ipfilter/netinet/
> total 408
> -rw-r--r-- 1 root wheel 49761 Apr 27 13:37 fil.c
> -rw-r--r-- 1 root wheel 13692 Apr 27 13:37 ip_auth.c
> -rw-r--r-- 1 root wheel 1564 Apr 27 13:37 ip_auth.h
> -rw-r--r-- 1 root wheel 34148 Apr 27 13:37 ip_compat.h
> -rw-r--r-- 1 root wheel 46942 Apr 27 13:37 ip_fil.c
> -rw-r--r-- 1 root wheel 21840 Apr 27 13:37 ip_fil.h
> -rw-r--r-- 1 root wheel 13789 Apr 27 13:37 ip_frag.c
> -rw-r--r-- 1 root wheel 1905 Apr 27 13:37 ip_frag.h
> -rw-r--r-- 1 root wheel 19942 Apr 27 13:37 ip_ftp_pxy.c
> -rw-r--r-- 1 root wheel 6891 Apr 27 13:37 ip_h323_pxy.c
> -rw-r--r-- 1 root wheel 6940 Apr 27 13:37 ip_ipsec_pxy.c
> -rw-r--r-- 1 root wheel 10886 Apr 27 13:37 ip_log.c
> -rw-r--r-- 1 root wheel 70882 Apr 27 13:37 ip_nat.c
> -rw-r--r-- 1 root wheel 8826 Apr 27 13:37 ip_nat.h
> -rw-r--r-- 1 root wheel 3252 Apr 27 13:37 ip_netbios_pxy.c
> -rw-r--r-- 1 root wheel 12032 Apr 27 13:37 ip_proxy.c
> -rw-r--r-- 1 root wheel 4559 Apr 27 13:37 ip_proxy.h
> -rw-r--r-- 1 root wheel 7177 Apr 27 13:37 ip_raudio_pxy.c
> -rw-r--r-- 1 root wheel 3690 Apr 27 13:37 ip_rcmd_pxy.c
> -rw-r--r-- 1 root wheel 54294 Apr 27 13:37 ip_state.c
> -rw-r--r-- 1 root wheel 5621 Apr 27 13:37 ip_state.h
> -rw-r--r-- 1 root wheel 324 Apr 27 13:37 ipl.h
> -rw-r--r-- 1 root wheel 6238 Apr 27 13:37 mlfk_ipl.c
Those dates are correct.
> These files appear to be quite old relative to what's in
> /usr/src/contrib/ipfilter.
Strange. The times in there should be about the same. Get an ident(1)
on files that look newer and see if you have the right ones.
> When building a kernel, the old version of
> these files are included and the build bombs out here:
>
> cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/../include -I/usr/src/sys/contrib/ipfilter -D_KERNEL -include opt_global.h -elf -mpreferred-stack-boundary=2 /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c
> In file included from /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:102:
> /usr/src/sys/netinet/ip_ipsec_pxy.c: In function `ippr_ipsec_new':
> /usr/src/sys/netinet/ip_ipsec_pxy.c:49: too many arguments to function `nat_outlookup'
> /usr/src/sys/netinet/ip_ipsec_pxy.c:60: structure has no member named `ipsc_spi'
> /usr/src/sys/netinet/ip_ipsec_pxy.c:88: warning: passing arg 1 of `nat_new' from incompatible pointer type
> /usr/src/sys/netinet/ip_ipsec_pxy.c:88: warning: passing arg 3 of `nat_new' from incompatible pointer type
> /usr/src/sys/netinet/ip_ipsec_pxy.c:88: too few arguments to function `nat_new'
> /usr/src/sys/netinet/ip_ipsec_pxy.c:90: too few arguments to function `fr_addstate'
> /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c: At top level:
> /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:122: `ippr_ipsec_del' undeclared here (not in a function)
> /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:122: initializer element is not constant
> /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:122: (near initialization for `ap_proxies[3].apr_del')
> /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:123: `ippr_ipsec_match' undeclared here (not in a function)
> /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:123: initializer element is not constant
> /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:123: (near initialization for `ap_proxies[3].apr_match')
> *** Error code 1
>
> So, 2 questions:
>
> 1) How do I get around this problem, am I (as usual) the only one
> having it?
>
> 2) What's the right way to build a kernel using the latest ipfilter
> (3.4.28) *and* use the files in /usr/src rather than the ones
> installed in /usr/sys (which is 4.5 because I haven't installed 4.6
> yet).
Ah, so you are trying to import newer version of IPFilter. The "right"
way to do it is the way laid out in the FreeBSD-4.0/INST.FreeBSD-4
file you got with 3.4.28. Darren does not recommend trying to
integrate the code into the tree to be used with the
build{world,kernel} targets.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020617162322.A2839>