Date: Wed, 2 Nov 2011 21:54:13 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Sergey Kandaurov <pluknet@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw Message-ID: <alpine.BSF.2.00.1111022153170.68690@ai.fobar.qr> In-Reply-To: <alpine.BSF.2.00.1111021516110.68690@ai.fobar.qr> References: <201109271327.p8RDRHs8024689@svn.freebsd.org> <CAE-mSOLZsHXFyu_oSO8EY78j8ijbqNaGmFDzqtoGx5SqOq0y1Q@mail.gmail.com> <alpine.BSF.2.00.1111021250100.68690@ai.fobar.qr> <CAE-mSOLUfsAee3UL7P70YkjFuXbh9uHM5mmQqvF=4T5utR_G_A@mail.gmail.com> <alpine.BSF.2.00.1111021516110.68690@ai.fobar.qr>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-863113531-1320270854=:68690 Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT On Wed, 2 Nov 2011, Bjoern A. Zeeb wrote: > On Wed, 2 Nov 2011, Sergey Kandaurov wrote: > >> On 2 November 2011 16:53, Bjoern A. Zeeb <bz@freebsd.org> wrote: >>> On Wed, 2 Nov 2011, Sergey Kandaurov wrote: >>> >>>> On 27 September 2011 17:27, Bjoern A. Zeeb <bz@freebsd.org> wrote: >>>>> >>>>> Author: bz >>>>> Date: Tue Sep 27 13:27:17 2011 >>>>> New Revision: 225793 >>>>> URL: http://svn.freebsd.org/changeset/base/225793 >>>>> >>>>> Log: >>>>> Unbreak no-ip and no-inet6 module builds with ipfw. For now continue >>>>> to >>>>> build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under the >>>>> assumption that the private L2 hook (which hopefully eventually will be >>>>> a >>>>> pfil hook as well) can still be useful. >>>>> >>>>> Allow building the module without inet as well. >>>>> >>>>> Glanced at by: jhb >>>>> MFC after: 3 days >>>>> >>>>> Modified: >>>>> head/sys/modules/ipfw/Makefile >>>>> head/sys/netinet/ipfw/ip_fw_pfil.c >>>>> >>>>> Modified: head/sys/modules/ipfw/Makefile >>>>> >>>>> ============================================================================== >>>>> --- head/sys/modules/ipfw/Makefile Tue Sep 27 13:20:41 2011 >>>>> (r225792) >>>>> +++ head/sys/modules/ipfw/Makefile Tue Sep 27 13:27:17 2011 >>>>> (r225793) >>>>> @@ -8,7 +8,7 @@ KMOD= ipfw >>>>> SRCS= ip_fw2.c ip_fw_pfil.c >>>>> SRCS+= ip_fw_dynamic.c ip_fw_log.c >>>>> SRCS+= ip_fw_sockopt.c ip_fw_table.c >>>>> -SRCS+= opt_inet6.h opt_ipfw.h opt_ipsec.h >>>>> +SRCS+= opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h >>>>> >>>>> CFLAGS+= -DIPFIREWALL >>>>> CFLAGS+= -I${.CURDIR}/../../contrib/pf >>>>> @@ -22,6 +22,10 @@ CFLAGS+= -I${.CURDIR}/../../contrib/pf >>>>> # >>>>> >>>>> .if !defined(KERNBUILDDIR) >>>>> +.if ${MK_INET_SUPPORT} != "no" >>>>> +opt_inet.h: >>>>> + echo "#define INET 1" > ${.TARGET} >>>>> +.endif >>>>> .if ${MK_INET6_SUPPORT} != "no" >>>>> opt_inet6.h: >>>>> echo "#define INET6 1" > ${.TARGET} >>>>> >>>>> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c >>>>> >>>>> ============================================================================== >>>>> --- head/sys/netinet/ipfw/ip_fw_pfil.c Tue Sep 27 13:20:41 2011 >>>>> (r225792) >>>>> +++ head/sys/netinet/ipfw/ip_fw_pfil.c Tue Sep 27 13:27:17 2011 >>>>> (r225793) >>>>> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$"); >>>>> #if !defined(KLD_MODULE) >>>>> #include "opt_ipdn.h" >>>>> #include "opt_inet.h" >>>>> +#include "opt_inet6.h" >>>>> #ifndef INET >>>>> #error IPFIREWALL requires INET. >>>>> #endif /* INET */ >>>>> #endif /* KLD_MODULE */ >>>>> -#include "opt_inet6.h" >>>> >>>> Hello. >>>> >>>> This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabled >>>> kernel. >>>> >>>> Found by /etc/rc.d/ipfw restart: >>>> [...] >>>> /etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall >>>> >>>> i.e. sysctl net.inet6.ip6.fw.enable doesn't present. >>>> >>>> Reversion of this hunk fixed the problem. >>>> NO_INET[46] lints aren't tested though. >>> >>> >>> Just to double-check -- this only happens for you if you build and >>> use the module, not when you link it into the kernel? >>> >>> As in that case I do have: >>> lion3# sysctl net.inet6.ip6.fw.enable net.inet6.ip6.fw.enable: 1 >> >> ipfw is built and installed as a module as part of make kernel target. > > Can you try to see if this fixes the problem? > http://people.freebsd.org/~bz/20111102-01-ipfw-kld.diff > > Please not that in the module case we'd most likely also built out > some INET parts, not just INET6 once -- silently. here's an updated patch that cleans up some more: http://people.freebsd.org/~bz/20111102-03-ipfw-kld.diff Any other testers and reviewers welcome as well. -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family. --0-863113531-1320270854=:68690--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1111022153170.68690>