From owner-svn-src-head@FreeBSD.ORG Wed Nov 2 18:26:47 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DB28106566C; Wed, 2 Nov 2011 18:26:47 +0000 (UTC) (envelope-from pluknet@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 177768FC08; Wed, 2 Nov 2011 18:26:46 +0000 (UTC) Received: by vcbfk26 with SMTP id fk26so657274vcb.13 for ; Wed, 02 Nov 2011 11:26:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=V8JVJiAKzQL/38PlxwMoylnPHd2yII6d4f5Mbeo0u9k=; b=TDr7s6Z8tV0NF4Rl6E3R/mBdfadQfdyBLu9JdCcxLvWrxcIFN4XtkF2MRFvf2wflkg cDOhBpz0ZI5ZEGKP6YgUXQkDK25xouA49xZfAUPdLduVpr2233OcXcYCfr0jhTywkQoa +vJxxgIJ6MbSPBj7xQEvF7q2ktRL1GjZw3xT4= MIME-Version: 1.0 Received: by 10.182.110.1 with SMTP id hw1mr1136294obb.38.1320258406289; Wed, 02 Nov 2011 11:26:46 -0700 (PDT) Sender: pluknet@gmail.com Received: by 10.182.89.41 with HTTP; Wed, 2 Nov 2011 11:26:46 -0700 (PDT) In-Reply-To: References: <201109271327.p8RDRHs8024689@svn.freebsd.org> Date: Wed, 2 Nov 2011 21:26:46 +0300 X-Google-Sender-Auth: IMlazqwJFLMecc4U3T1MOLSeI5g Message-ID: From: Sergey Kandaurov To: "Bjoern A. Zeeb" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2011 18:26:47 -0000 On 2 November 2011 19:17, Bjoern A. Zeeb wrote: > On Wed, 2 Nov 2011, Sergey Kandaurov wrote: > >> On 2 November 2011 16:53, Bjoern A. Zeeb wrote: >>> >>> On Wed, 2 Nov 2011, Sergey Kandaurov wrote: >>> >>>> On 27 September 2011 17:27, Bjoern A. Zeeb wrote: >>>>> >>>>> Author: bz >>>>> Date: Tue Sep 27 13:27:17 2011 >>>>> New Revision: 225793 >>>>> URL: http://svn.freebsd.org/changeset/base/225793 >>>>> >>>>> Log: >>>>> =A0Unbreak no-ip and no-inet6 module builds with ipfw. =A0For now con= tinue >>>>> to >>>>> =A0build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under = the >>>>> =A0assumption that the private L2 hook (which hopefully eventually wi= ll >>>>> be >>>>> a >>>>> =A0pfil hook as well) can still be useful. >>>>> >>>>> =A0Allow building the module without inet as well. >>>>> >>>>> =A0Glanced at by: =A0 =A0 =A0 =A0jhb >>>>> =A0MFC after: =A0 =A03 days >>>>> >>>>> Modified: >>>>> =A0head/sys/modules/ipfw/Makefile >>>>> =A0head/sys/netinet/ipfw/ip_fw_pfil.c >>>>> >>>>> Modified: head/sys/modules/ipfw/Makefile >>>>> >>>>> >>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>>>> --- head/sys/modules/ipfw/Makefile =A0 =A0 =A0Tue Sep 27 13:20:41 201= 1 >>>>> =A0(r225792) >>>>> +++ head/sys/modules/ipfw/Makefile =A0 =A0 =A0Tue Sep 27 13:27:17 201= 1 >>>>> =A0(r225793) >>>>> @@ -8,7 +8,7 @@ KMOD=3D =A0 ipfw >>>>> =A0SRCS=3D =A0ip_fw2.c ip_fw_pfil.c >>>>> =A0SRCS+=3D ip_fw_dynamic.c ip_fw_log.c >>>>> =A0SRCS+=3D ip_fw_sockopt.c ip_fw_table.c >>>>> -SRCS+=3D opt_inet6.h opt_ipfw.h opt_ipsec.h >>>>> +SRCS+=3D opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h >>>>> >>>>> =A0CFLAGS+=3D -DIPFIREWALL >>>>> =A0CFLAGS+=3D -I${.CURDIR}/../../contrib/pf >>>>> @@ -22,6 +22,10 @@ CFLAGS+=3D -I${.CURDIR}/../../contrib/pf >>>>> =A0# >>>>> >>>>> =A0.if !defined(KERNBUILDDIR) >>>>> +.if ${MK_INET_SUPPORT} !=3D "no" >>>>> +opt_inet.h: >>>>> + =A0 =A0 =A0 echo "#define INET 1" > ${.TARGET} >>>>> +.endif >>>>> =A0.if ${MK_INET6_SUPPORT} !=3D "no" >>>>> =A0opt_inet6.h: >>>>> =A0 =A0 =A0 =A0echo "#define INET6 1" > ${.TARGET} >>>>> >>>>> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c >>>>> >>>>> >>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>>>> --- head/sys/netinet/ipfw/ip_fw_pfil.c =A0Tue Sep 27 13:20:41 2011 >>>>> =A0(r225792) >>>>> +++ head/sys/netinet/ipfw/ip_fw_pfil.c =A0Tue Sep 27 13:27:17 2011 >>>>> =A0(r225793) >>>>> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$"); >>>>> =A0#if !defined(KLD_MODULE) >>>>> =A0#include "opt_ipdn.h" >>>>> =A0#include "opt_inet.h" >>>>> +#include "opt_inet6.h" >>>>> =A0#ifndef INET >>>>> =A0#error IPFIREWALL requires INET. >>>>> =A0#endif /* INET */ >>>>> =A0#endif /* KLD_MODULE */ >>>>> -#include "opt_inet6.h" >>>> >>>> Hello. >>>> >>>> This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabl= ed >>>> kernel. >>>> >>>> Found by /etc/rc.d/ipfw restart: >>>> [...] >>>> /etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall >>>> >>>> i.e. sysctl net.inet6.ip6.fw.enable doesn't present. >>>> >>>> Reversion of this hunk fixed the problem. >>>> NO_INET[46] lints aren't tested though. >>> >>> >>> Just to double-check -- this only happens for you if you build and >>> use the module, not when you link it into the kernel? >>> >>> As in that case I do have: >>> lion3# =A0sysctl net.inet6.ip6.fw.enable net.inet6.ip6.fw.enable: 1 >> >> ipfw is built and installed as a module as part of make kernel target. > > Can you try to see if this fixes the problem? > http://people.freebsd.org/~bz/20111102-01-ipfw-kld.diff > > Please not that in the module case we'd most likely also built out > some INET parts, not just INET6 once -- silently. > Hmm.. It is compiled differently when is built standalone and as part of make buildkernel. If built from sys/modules/ipfw: # make Warning: Object directory not changed from original /usr/src/sys/modules/ip= fw cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/src/sys/modules/ipfw/../../contrib/pf -I. -I@ -I@/contrib/altq -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-function-growth=3D1000 -fno-common -fno-omit-frame-pointer -mno-sse -mcmodel=3Dkernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw2.c /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw2.c:34:26: error: opt_ipdivert.h: No such file or directory /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw2.c:35:22: error: opt_ipdn.h: No such file or directory *** Error code 1 # ls sys/modules/ipfw/opt* sys/modules/ipfw/opt_inet.h sys/modules/ipfw/opt_ipfw.h sys/modules/ipfw/opt_inet6.h sys/modules/ipfw/opt_ipsec.h Maybe add the missing opt* into module's Makefile? Index: sys/modules/ipfw/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/modules/ipfw/Makefile (revision 226966) +++ sys/modules/ipfw/Makefile (working copy) @@ -8,7 +8,8 @@ SRCS=3D ip_fw2.c ip_fw_pfil.c SRCS+=3D ip_fw_dynamic.c ip_fw_log.c SRCS+=3D ip_fw_sockopt.c ip_fw_table.c -SRCS+=3D opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h +SRCS+=3D opt_inet.h opt_inet6.h opt_ipdivert.h opt_ipdn.h opt_ipfw.h opt_i= psec.h +SRCS+=3D opt_compat.h # for a local change CFLAGS+=3D -DIPFIREWALL CFLAGS+=3D -I${.CURDIR}/../../contrib/pf And successfully as part of make buildkernel (w/o the above change to Makef= ile): [...] =3D=3D=3D> ipfw (all) cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/src/sys/modules/ipfw/../../contrib/pf -DHAVE_KERNEL_OPTION_HEADERS -include /usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer -I/usr/obj/usr/src/sys/TST -mno-sse -mcmodel=3Dkernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw2.c cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/src/sys/modules/ipfw/../../contrib/pf -DHAVE_KERNEL_OPTION_HEADERS -include /usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer -I/usr/obj/usr/src/sys/TST -mno-sse -mcmodel=3Dkernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_pfil.c cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/src/sys/modules/ipfw/../../contrib/pf -DHAVE_KERNEL_OPTION_HEADERS -include /usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer -I/usr/obj/usr/src/sys/TST -mno-sse -mcmodel=3Dkernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_dynamic.c cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/src/sys/modules/ipfw/../../contrib/pf -DHAVE_KERNEL_OPTION_HEADERS -include /usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer -I/usr/obj/usr/src/sys/TST -mno-sse -mcmodel=3Dkernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_log.c ctfconvert -L VERSION -g ip_fw_pfil.o ctfconvert -L VERSION -g ip_fw_log.o cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/src/sys/modules/ipfw/../../contrib/pf -DHAVE_KERNEL_OPTION_HEADERS -include /usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer -I/usr/obj/usr/src/sys/TST -mno-sse -mcmodel=3Dkernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_sockopt.c cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I/usr/src/sys/modules/ipfw/../../contrib/pf -DHAVE_KERNEL_OPTION_HEADERS -include /usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer -I/usr/obj/usr/src/sys/TST -mno-sse -mcmodel=3Dkernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_table.c ctfconvert -L VERSION -g ip_fw_dynamic.o ctfconvert -L VERSION -g ip_fw_table.o ctfconvert -L VERSION -g ip_fw_sockopt.o ctfconvert -L VERSION -g ip_fw2.o ld -d -warn-common -r -d -o ipfw.ko.debug ip_fw2.o ip_fw_pfil.o ip_fw_dynamic.o ip_fw_log.o ip_fw_sockopt.o ip_fw_table.o :> export_syms awk -f /usr/src/sys/conf/kmod_syms.awk ipfw.ko.debug export_syms | xargs -J% objcopy % ipfw.ko.debug objcopy --only-keep-debug ipfw.ko.debug ipfw.ko.symbols objcopy --strip-debug --add-gnu-debuglink=3Dipfw.ko.symbols ipfw.ko.debug i= pfw.ko [...] --=20 wbr, pluknet