From owner-freebsd-current@FreeBSD.ORG  Sat May 17 03:15:14 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CB3361065672
	for <current@FreeBSD.org>; Sat, 17 May 2008 03:15:14 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from outN.internet-mail-service.net (outn.internet-mail-service.net
	[216.240.47.237])
	by mx1.freebsd.org (Postfix) with ESMTP id 726B78FC16
	for <current@FreeBSD.org>; Sat, 17 May 2008 03:15:14 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160)
	by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP;
	Sat, 17 May 2008 12:35:36 -0700
Received: from julian-mac.elischer.org (localhost [127.0.0.1])
	by idiom.com (Postfix) with ESMTP id CAAC82D600D;
	Fri, 16 May 2008 20:15:12 -0700 (PDT)
Message-ID: <482E4DC3.7080601@elischer.org>
Date: Fri, 16 May 2008 23:15:15 -0400
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: Norikatsu Shigemura <nork@FreeBSD.org>
References: <482D7FE6.6020405@elischer.org>	<20080517081548.ce75ffd7.nork@FreeBSD.org>	<20080517083938.9fd7ae60.nork@FreeBSD.org>
	<20080517113201.7f7bc2d6.nork@FreeBSD.org>
In-Reply-To: <20080517113201.7f7bc2d6.nork@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Current <current@FreeBSD.org>
Subject: Re: vimage patches and example run.
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 May 2008 03:15:14 -0000

Norikatsu Shigemura wrote:
> On Sat, 17 May 2008 08:39:38 +0900
> Norikatsu Shigemura <nork@freebsd.org> wrote:
> On Sat, 17 May 2008 08:15:48 +0900
>> Norikatsu Shigemura <nork@freebsd.org> wrote:
>>> On Fri, 16 May 2008 08:36:54 -0400
>>> Julian Elischer <julian@elischer.org> wrote:
>>>> vimage patches as of 8AM in ottawa:
>>>> http://www.freebsd.org/~julian/vimage.diff
>>> 	Wow! I'll try to do it! :-)
>> 	Oops, I couldn't compile kdump.  Please add following patch
>> 	for vimage.diff.
> 
> 	Hum... There are many bugs in ipfw's code.

thank you ..

what you see is the first real public release adn not completely 
debugged..
Thank you..

I will correct these immediatly :-)

> 	*ip_fw.h
> 	1. struct ip_fw_chain in #ifdef IPFW_INTERNAL - #endif
> 	   So remove it (dupplicate define).
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>  #ifdef IPFW_INTERNAL
>  
> -#define        IPFW_TABLES_MAX         128
> -struct ip_fw_chain {
> -       struct ip_fw    *rules;         /* list of rules */
> -       struct ip_fw    *reap;          /* list of rules to reap */
> -       LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
> -       struct radix_node_head *tables[IPFW_TABLES_MAX];
> -       struct rwlock   rwmtx;
> -};
>  #define        IPFW_LOCK_INIT(_chain) \
>         rw_init(&(_chain)->rwmtx, "IPFW static rules")
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 
> 	*ip_fw2.c
> 	1. Not enough to replacement.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> -							LOOKUP_NAT(layer3_chain, nat_id, t);
> +							LOOKUP_NAT(V_layer3_chain, nat_id, t);
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 	2. extra remove code is bad.  Don't apply following code.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> @@ -4359,7 +4400,6 @@
>                 else {
>                         printf("IP_FW_NAT_CFG: ipfw_nat not present, please load it.\n");
>                         error = EINVAL;
> -               }
>         }
>         break;
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 	3. bad extra code in new ipfw_init.  So replase new one.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> -		default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny");
> +#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT
> +		"accept"
> +#else
> +		"deny"
> +#endif
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 	Please replace my attached patches for your vimage.diff.
> 
> P.S.  Oops! netgraph has ...  orz
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:173:1: error: "NG_ID_HASH_SIZE" redefined
> In file included from /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:71:
> @/netgraph/vnetgraph.h:44:1: error: this is the location of the previous definition
>   :
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>