Date: Fri, 16 May 2008 23:15:15 -0400 From: Julian Elischer <julian@elischer.org> To: Norikatsu Shigemura <nork@FreeBSD.org> Cc: FreeBSD Current <current@FreeBSD.org> Subject: Re: vimage patches and example run. Message-ID: <482E4DC3.7080601@elischer.org> In-Reply-To: <20080517113201.7f7bc2d6.nork@FreeBSD.org> References: <482D7FE6.6020405@elischer.org> <20080517081548.ce75ffd7.nork@FreeBSD.org> <20080517083938.9fd7ae60.nork@FreeBSD.org> <20080517113201.7f7bc2d6.nork@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Norikatsu Shigemura wrote: > On Sat, 17 May 2008 08:39:38 +0900 > Norikatsu Shigemura <nork@freebsd.org> wrote: > On Sat, 17 May 2008 08:15:48 +0900 >> Norikatsu Shigemura <nork@freebsd.org> wrote: >>> On Fri, 16 May 2008 08:36:54 -0400 >>> Julian Elischer <julian@elischer.org> wrote: >>>> vimage patches as of 8AM in ottawa: >>>> http://www.freebsd.org/~julian/vimage.diff >>> Wow! I'll try to do it! :-) >> Oops, I couldn't compile kdump. Please add following patch >> for vimage.diff. > > Hum... There are many bugs in ipfw's code. thank you .. what you see is the first real public release adn not completely debugged.. Thank you.. I will correct these immediatly :-) > *ip_fw.h > 1. struct ip_fw_chain in #ifdef IPFW_INTERNAL - #endif > So remove it (dupplicate define). > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > #ifdef IPFW_INTERNAL > > -#define IPFW_TABLES_MAX 128 > -struct ip_fw_chain { > - struct ip_fw *rules; /* list of rules */ > - struct ip_fw *reap; /* list of rules to reap */ > - LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ > - struct radix_node_head *tables[IPFW_TABLES_MAX]; > - struct rwlock rwmtx; > -}; > #define IPFW_LOCK_INIT(_chain) \ > rw_init(&(_chain)->rwmtx, "IPFW static rules") > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > > *ip_fw2.c > 1. Not enough to replacement. > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - LOOKUP_NAT(layer3_chain, nat_id, t); > + LOOKUP_NAT(V_layer3_chain, nat_id, t); > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > 2. extra remove code is bad. Don't apply following code. > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > @@ -4359,7 +4400,6 @@ > else { > printf("IP_FW_NAT_CFG: ipfw_nat not present, please load it.\n"); > error = EINVAL; > - } > } > break; > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > 3. bad extra code in new ipfw_init. So replase new one. > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny"); > +#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT > + "accept" > +#else > + "deny" > +#endif > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Please replace my attached patches for your vimage.diff. > > P.S. Oops! netgraph has ... orz > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:173:1: error: "NG_ID_HASH_SIZE" redefined > In file included from /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:71: > @/netgraph/vnetgraph.h:44:1: error: this is the location of the previous definition > : > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?482E4DC3.7080601>