From owner-freebsd-bugs Mon May 6 13:20:31 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6654337B40A for ; Mon, 6 May 2002 13:20:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g46KK1j16883; Mon, 6 May 2002 13:20:01 -0700 (PDT) (envelope-from gnats) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by hub.freebsd.org (Postfix) with ESMTP id 2E1E537B405 for ; Mon, 6 May 2002 13:13:51 -0700 (PDT) Received: (from marck@localhost) by woozle.rinet.ru (8.11.6/8.11.6) id g46KDnw11276; Tue, 7 May 2002 00:13:49 +0400 (MSD) (envelope-from marck) Message-Id: <200205062013.g46KDnw11276@woozle.rinet.ru> Date: Tue, 7 May 2002 00:13:49 +0400 (MSD) From: Dmitry Morozovsky Reply-To: Dmitry Morozovsky To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: i386/37799: [patch] ipfw_divert kernel module (for natd) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 37799 >Category: i386 >Synopsis: [patch] ipfw_divert kernel module (for natd) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon May 06 13:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Dmitry Morozovsky >Release: FreeBSD 4-STABLE i386 >Organization: Cronyx Plus LLC (RiNet ISP) >Environment: System: FreeBSD 4-STABLE (currently 4.6-PRE) >Description: If someone wants to use kernel-loadable ipfw with natd, [s]he has to either recompile kernel with IPFIREWALL and IPDIVERT options, or recompile ipfw.ko by hand using -DIPDIVERT So, I suppose a little slave module may be used. >How-To-Repeat: [none] >Fix: Add sys/modules/ipfw_divert directory with Makefile in it: --- # $FreeBSD$ MASTER= ../ipfw CFLAGS+= -DIPDIVERT KMOD= ipfw-divert .include "${MASTER}/Makefile" ---- Apply the following patch: Index: modules/Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/Makefile,v retrieving revision 1.110.2.50 diff -u -r1.110.2.50 Makefile --- modules/Makefile 4 May 2002 08:23:52 -0000 1.110.2.50 +++ modules/Makefile 6 May 2002 20:01:11 -0000 @@ -34,6 +34,7 @@ ip6fw \ ipfilter \ ipfw \ + ipfw_divert \ ispfw \ joy \ kernfs \ Index: boot/forth/loader.conf =================================================================== RCS file: /home/ncvs/src/sys/boot/forth/loader.conf,v retrieving revision 1.25.2.18 diff -u -r1.25.2.18 loader.conf --- boot/forth/loader.conf 28 Apr 2002 22:49:54 -0000 1.25.2.18 +++ boot/forth/loader.conf 6 May 2002 19:56:01 -0000 @@ -138,7 +138,8 @@ if_ppp_load="NO" # Kernel ppp if_sl_load="NO" # SLIP if_tun_load="NO" # Tunnel driver (user process ppp) -ipfw_load="NO" # Firewall +ipfw_load="NO" # Firewall (mutually exclusive with the next) +ipfw_divert_load="NO" # Firewall with divert ############################################################## Index: modules/ipfw/Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/ipfw/Makefile,v retrieving revision 1.11 diff -u -r1.11 Makefile --- modules/ipfw/Makefile 28 Aug 1999 00:47:21 -0000 1.11 +++ modules/ipfw/Makefile 6 May 2002 19:37:26 -0000 @@ -1,7 +1,7 @@ # $FreeBSD: src/sys/modules/ipfw/Makefile,v 1.11 1999/08/28 00:47:21 peter Exp $ .PATH: ${.CURDIR}/../../netinet -KMOD= ipfw +KMOD?= ipfw SRCS= ip_fw.c NOMAN= CFLAGS+= -DIPFIREWALL >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message