From owner-svn-src-head@FreeBSD.ORG Wed Nov 2 15:18:11 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9ED4E1065670; Wed, 2 Nov 2011 15:18:11 +0000 (UTC) (envelope-from bz@freebsd.org) Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90]) by mx1.freebsd.org (Postfix) with ESMTP id B604B8FC0C; Wed, 2 Nov 2011 15:18:10 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 8DF3325D3892; Wed, 2 Nov 2011 15:17:39 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id A9A77BD40AC; Wed, 2 Nov 2011 15:17:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id rcsPbEBc-euj; Wed, 2 Nov 2011 15:17:36 +0000 (UTC) Received: from nv.sbone.de (nv.sbone.de [IPv6:fde9:577b:c1a9:31::2013:138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 9F6F5BD40A5; Wed, 2 Nov 2011 15:17:36 +0000 (UTC) Date: Wed, 2 Nov 2011 15:17:36 +0000 (UTC) From: "Bjoern A. Zeeb" To: Sergey Kandaurov In-Reply-To: Message-ID: References: <201109271327.p8RDRHs8024689@svn.freebsd.org> X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1886949233-1320247056=:68690" Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2011 15:18:11 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1886949233-1320247056=:68690 Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT On Wed, 2 Nov 2011, Sergey Kandaurov wrote: > On 2 November 2011 16:53, Bjoern A. Zeeb wrote: >> On Wed, 2 Nov 2011, Sergey Kandaurov wrote: >> >>> On 27 September 2011 17:27, Bjoern A. Zeeb wrote: >>>> >>>> Author: bz >>>> Date: Tue Sep 27 13:27:17 2011 >>>> New Revision: 225793 >>>> URL: http://svn.freebsd.org/changeset/base/225793 >>>> >>>> Log: >>>>  Unbreak no-ip and no-inet6 module builds with ipfw.  For now continue to >>>>  build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under the >>>>  assumption that the private L2 hook (which hopefully eventually will be >>>> a >>>>  pfil hook as well) can still be useful. >>>> >>>>  Allow building the module without inet as well. >>>> >>>>  Glanced at by:        jhb >>>>  MFC after:    3 days >>>> >>>> Modified: >>>>  head/sys/modules/ipfw/Makefile >>>>  head/sys/netinet/ipfw/ip_fw_pfil.c >>>> >>>> Modified: head/sys/modules/ipfw/Makefile >>>> >>>> ============================================================================== >>>> --- head/sys/modules/ipfw/Makefile      Tue Sep 27 13:20:41 2011 >>>>  (r225792) >>>> +++ head/sys/modules/ipfw/Makefile      Tue Sep 27 13:27:17 2011 >>>>  (r225793) >>>> @@ -8,7 +8,7 @@ KMOD=   ipfw >>>>  SRCS=  ip_fw2.c ip_fw_pfil.c >>>>  SRCS+= ip_fw_dynamic.c ip_fw_log.c >>>>  SRCS+= ip_fw_sockopt.c ip_fw_table.c >>>> -SRCS+= opt_inet6.h opt_ipfw.h opt_ipsec.h >>>> +SRCS+= opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h >>>> >>>>  CFLAGS+= -DIPFIREWALL >>>>  CFLAGS+= -I${.CURDIR}/../../contrib/pf >>>> @@ -22,6 +22,10 @@ CFLAGS+= -I${.CURDIR}/../../contrib/pf >>>>  # >>>> >>>>  .if !defined(KERNBUILDDIR) >>>> +.if ${MK_INET_SUPPORT} != "no" >>>> +opt_inet.h: >>>> +       echo "#define INET 1" > ${.TARGET} >>>> +.endif >>>>  .if ${MK_INET6_SUPPORT} != "no" >>>>  opt_inet6.h: >>>>        echo "#define INET6 1" > ${.TARGET} >>>> >>>> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c >>>> >>>> ============================================================================== >>>> --- head/sys/netinet/ipfw/ip_fw_pfil.c  Tue Sep 27 13:20:41 2011 >>>>  (r225792) >>>> +++ head/sys/netinet/ipfw/ip_fw_pfil.c  Tue Sep 27 13:27:17 2011 >>>>  (r225793) >>>> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$"); >>>>  #if !defined(KLD_MODULE) >>>>  #include "opt_ipdn.h" >>>>  #include "opt_inet.h" >>>> +#include "opt_inet6.h" >>>>  #ifndef INET >>>>  #error IPFIREWALL requires INET. >>>>  #endif /* INET */ >>>>  #endif /* KLD_MODULE */ >>>> -#include "opt_inet6.h" >>> >>> Hello. >>> >>> This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabled >>> kernel. >>> >>> Found by /etc/rc.d/ipfw restart: >>> [...] >>> /etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall >>> >>> i.e. sysctl net.inet6.ip6.fw.enable doesn't present. >>> >>> Reversion of this hunk fixed the problem. >>> NO_INET[46] lints aren't tested though. >> >> >> Just to double-check -- this only happens for you if you build and >> use the module, not when you link it into the kernel? >> >> As in that case I do have: >> lion3#  sysctl net.inet6.ip6.fw.enable net.inet6.ip6.fw.enable: 1 > > ipfw is built and installed as a module as part of make kernel target. Can you try to see if this fixes the problem? http://people.freebsd.org/~bz/20111102-01-ipfw-kld.diff Please not that in the module case we'd most likely also built out some INET parts, not just INET6 once -- silently. /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family. --0-1886949233-1320247056=:68690--