From owner-freebsd-hackers Wed Apr 9 13:59:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA17444 for hackers-outgoing; Wed, 9 Apr 1997 13:59:09 -0700 (PDT) Received: from kremvax.demos.su (kremvax.demos.su [194.87.0.20]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA17436 for ; Wed, 9 Apr 1997 13:59:06 -0700 (PDT) Received: by kremvax.demos.su (8.6.13/D) from 0@skraldespand.demos.su [194.87.0.19] with ESMTP id XAA23425; Wed, 9 Apr 1997 23:58:14 +0300 Received: by skraldespand.demos.su id AAA16126; (8.8.5/D) Thu, 10 Apr 1997 00:59:04 +0400 (MSD) Message-Id: <199704092059.AAA16126@skraldespand.demos.su> Subject: Re: ipfilter/2.2.1 / devfs (general) In-Reply-To: <19970409202248.2334.qmail@suburbia.net> from "proff@suburbia.net" at "Apr 10, 97 06:22:48 am" X-ELM-OSV: (Our standard violations) no-mime=1; no-hdr-encoding=1 To: proff@suburbia.net Date: Thu, 10 Apr 1997 00:58:57 +0400 (MSD) Cc: hackers@freebsd.org From: "Mikhail A. Sokolov" X-Class: Fast Organization: Demos Company, Ltd. Reply-To: mishania@demos.su X-Mailer: ELM [version 2.4ME+ PL31 (25)] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Did you rebuild your kernel ? what does dmesg|grep -i ipf say ? ^^^^^^^^^^^^^^^^^^^ yes, several times, since I tried both versions.^^^^^ nothing, but now it works, since DDEVFS was commented out. > Btw, in line 294 of /sys/netinet/ip_input.c there's a line which reflects what to do if some if failed, like 'goto next;' but this next is never defined. I am talking about patched version of ip_input.c. Talking about if it works now: since I made it very ugly way to override error, described above (i.e. commented out line 294, so if the rule failes it will just use another if ) just to check if it loads for now, I see the machine crashed and reboots and of course it has disk being tested on it which failed fsck and nobody there to press enter :-( Those lines are as follows (I took it from your diffs): * Check if we want to allow this packet to be processed. * Consider it to be bad if not. */ - if (fr_check) { + if (fr_checkp) { struct mbuf *m1 = m; if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1) ^^^^^^^^^^^^^^^^^^^^ After this line we have goto next;, which is nowhere. Another problem is if_ipf compiles with loads of warnings about redeclaration from different types in various *.h's which belong to ip_filter 3.2a4, though it compiles. Might be I messed the things up myself though. Thanks you, > Julian. -mishania