From owner-freebsd-current@FreeBSD.ORG Mon Oct 25 20:25:47 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE90616A4CE for ; Mon, 25 Oct 2004 20:25:47 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AAB143D49 for ; Mon, 25 Oct 2004 20:25:47 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 13835 invoked from network); 25 Oct 2004 20:23:38 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 25 Oct 2004 20:23:38 -0000 Message-ID: <417D6148.6050807@freebsd.org> Date: Mon, 25 Oct 2004 22:25:44 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a1) Gecko/20040520 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sean McNeil References: <417B128B.7080904@gddsn.org.cn> <20041024133045.40733f45@dolphin.local.net> <417D5E51.2060100@freebsd.org> <1098735588.41693.4.camel@server.mcneil.com> In-Reply-To: <1098735588.41693.4.camel@server.mcneil.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: "Conrad J. Sabatier" cc: freebsd-current@freebsd.org Subject: Re: make buildkernel failed related to ip_divert module X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2004 20:25:48 -0000 Sean McNeil wrote: > On Mon, 2004-10-25 at 13:13, Andre Oppermann wrote: >>Conrad J. Sabatier wrote: >>>For a further bit of clarification (I know, should have done this the >>>first time): >>> >>>This problem is occurring with the following kernel options: >>> >>>options IPDIVERT >>>options IPFILTER >>>options IPFILTER_LOG >>> >>>The only workaround at this time is adding "options IPFIREWALL". >> >>Yes, that is correct. >> >>IPDIVERT is a module now and you can dynamically load it just like you >>can load ipfw (options IPFIREWALL). >> >>IPDIVERT depends on ipfw being loaded or compiled into the kernel. >> >>I have done the last step of IPDIVERT's transition into a KLD a few >>minutes ago. It will warn you now if you try to compile it into a >>kernel without IPFIREWALL as well. As a module it will simply complain >>that ipfw needs to be loaded first. > > > I build my kernel with > > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPDIVERT > > Can I now use loadable modules as well? Will IPFIREWALL have the > forwarding option or would I still have to specify that? You can certainly use IPDIVERT as a loadable module. The FORWARD option to IPFIREWALL needs to be compiled into the module if you want to load it as a module. For modules options in the kernel configuration file are not automatically included. You have to edit sys/modules/ipfw/Makefile instead. Then you can load everything as module. If you start natd from rc.conf it will load ipdivert.ko automatically (if you have run mergemaster to update your rc scripts). -- Andre