Date: Sat, 17 May 2008 11:32:01 +0900 From: Norikatsu Shigemura <nork@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: FreeBSD Current <current@FreeBSD.org> Subject: Re: vimage patches and example run. Message-ID: <20080517113201.7f7bc2d6.nork@FreeBSD.org> In-Reply-To: <20080517083938.9fd7ae60.nork@FreeBSD.org> References: <482D7FE6.6020405@elischer.org> <20080517081548.ce75ffd7.nork@FreeBSD.org> <20080517083938.9fd7ae60.nork@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --Multipart=_Sat__17_May_2008_11_32_01_+0900_OQEOHxD/TyhVL40Q Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Sat, 17 May 2008 08:39:38 +0900 Norikatsu Shigemura <nork@freebsd.org> wrote: On Sat, 17 May 2008 08:15:48 +0900 > Norikatsu Shigemura <nork@freebsd.org> wrote: > > On Fri, 16 May 2008 08:36:54 -0400 > > Julian Elischer <julian@elischer.org> wrote: > > > vimage patches as of 8AM in ottawa: > > > http://www.freebsd.org/~julian/vimage.diff > > Wow! I'll try to do it! :-) > Oops, I couldn't compile kdump. Please add following patch > for vimage.diff. Hum... There are many bugs in ipfw's code. *ip_fw.h 1. struct ip_fw_chain in #ifdef IPFW_INTERNAL - #endif So remove it (dupplicate define). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #ifdef IPFW_INTERNAL -#define IPFW_TABLES_MAX 128 -struct ip_fw_chain { - struct ip_fw *rules; /* list of rules */ - struct ip_fw *reap; /* list of rules to reap */ - LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ - struct radix_node_head *tables[IPFW_TABLES_MAX]; - struct rwlock rwmtx; -}; #define IPFW_LOCK_INIT(_chain) \ rw_init(&(_chain)->rwmtx, "IPFW static rules") - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *ip_fw2.c 1. Not enough to replacement. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - LOOKUP_NAT(layer3_chain, nat_id, t); + LOOKUP_NAT(V_layer3_chain, nat_id, t); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2. extra remove code is bad. Don't apply following code. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4359,7 +4400,6 @@ else { printf("IP_FW_NAT_CFG: ipfw_nat not present, please load it.\n"); error = EINVAL; - } } break; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3. bad extra code in new ipfw_init. So replase new one. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny"); +#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT + "accept" +#else + "deny" +#endif - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please replace my attached patches for your vimage.diff. P.S. Oops! netgraph has ... orz - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:173:1: error: "NG_ID_HASH_SIZE" redefined In file included from /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:71: @/netgraph/vnetgraph.h:44:1: error: this is the location of the previous definition : - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --Multipart=_Sat__17_May_2008_11_32_01_+0900_OQEOHxD/TyhVL40Q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080517113201.7f7bc2d6.nork>