Date: Wed, 2 Nov 2011 16:35:34 +0300 From: Sergey Kandaurov <pluknet@freebsd.org> To: "Bjoern A. Zeeb" <bz@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw Message-ID: <CAE-mSOLUfsAee3UL7P70YkjFuXbh9uHM5mmQqvF=4T5utR_G_A@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.1111021250100.68690@ai.fobar.qr> References: <201109271327.p8RDRHs8024689@svn.freebsd.org> <CAE-mSOLZsHXFyu_oSO8EY78j8ijbqNaGmFDzqtoGx5SqOq0y1Q@mail.gmail.com> <alpine.BSF.2.00.1111021250100.68690@ai.fobar.qr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 November 2011 16:53, Bjoern A. Zeeb <bz@freebsd.org> wrote: > On Wed, 2 Nov 2011, Sergey Kandaurov wrote: > >> On 27 September 2011 17:27, Bjoern A. Zeeb <bz@freebsd.org> wrote: >>> >>> Author: bz >>> Date: Tue Sep 27 13:27:17 2011 >>> New Revision: 225793 >>> URL: http://svn.freebsd.org/changeset/base/225793 >>> >>> Log: >>> =A0Unbreak no-ip and no-inet6 module builds with ipfw. =A0For now conti= nue to >>> =A0build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under th= e >>> =A0assumption that the private L2 hook (which hopefully eventually will= be >>> a >>> =A0pfil hook as well) can still be useful. >>> >>> =A0Allow building the module without inet as well. >>> >>> =A0Glanced at by: =A0 =A0 =A0 =A0jhb >>> =A0MFC after: =A0 =A03 days >>> >>> Modified: >>> =A0head/sys/modules/ipfw/Makefile >>> =A0head/sys/netinet/ipfw/ip_fw_pfil.c >>> >>> Modified: head/sys/modules/ipfw/Makefile >>> >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- head/sys/modules/ipfw/Makefile =A0 =A0 =A0Tue Sep 27 13:20:41 2011 >>> =A0(r225792) >>> +++ head/sys/modules/ipfw/Makefile =A0 =A0 =A0Tue Sep 27 13:27:17 2011 >>> =A0(r225793) >>> @@ -8,7 +8,7 @@ KMOD=3D =A0 ipfw >>> =A0SRCS=3D =A0ip_fw2.c ip_fw_pfil.c >>> =A0SRCS+=3D ip_fw_dynamic.c ip_fw_log.c >>> =A0SRCS+=3D ip_fw_sockopt.c ip_fw_table.c >>> -SRCS+=3D opt_inet6.h opt_ipfw.h opt_ipsec.h >>> +SRCS+=3D opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h >>> >>> =A0CFLAGS+=3D -DIPFIREWALL >>> =A0CFLAGS+=3D -I${.CURDIR}/../../contrib/pf >>> @@ -22,6 +22,10 @@ CFLAGS+=3D -I${.CURDIR}/../../contrib/pf >>> =A0# >>> >>> =A0.if !defined(KERNBUILDDIR) >>> +.if ${MK_INET_SUPPORT} !=3D "no" >>> +opt_inet.h: >>> + =A0 =A0 =A0 echo "#define INET 1" > ${.TARGET} >>> +.endif >>> =A0.if ${MK_INET6_SUPPORT} !=3D "no" >>> =A0opt_inet6.h: >>> =A0 =A0 =A0 =A0echo "#define INET6 1" > ${.TARGET} >>> >>> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c >>> >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- head/sys/netinet/ipfw/ip_fw_pfil.c =A0Tue Sep 27 13:20:41 2011 >>> =A0(r225792) >>> +++ head/sys/netinet/ipfw/ip_fw_pfil.c =A0Tue Sep 27 13:27:17 2011 >>> =A0(r225793) >>> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$"); >>> =A0#if !defined(KLD_MODULE) >>> =A0#include "opt_ipdn.h" >>> =A0#include "opt_inet.h" >>> +#include "opt_inet6.h" >>> =A0#ifndef INET >>> =A0#error IPFIREWALL requires INET. >>> =A0#endif /* INET */ >>> =A0#endif /* KLD_MODULE */ >>> -#include "opt_inet6.h" >> >> Hello. >> >> This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabled >> kernel. >> >> Found by /etc/rc.d/ipfw restart: >> [...] >> /etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall >> >> i.e. sysctl net.inet6.ip6.fw.enable doesn't present. >> >> Reversion of this hunk fixed the problem. >> NO_INET[46] lints aren't tested though. > > > Just to double-check -- this only happens for you if you build and > use the module, not when you link it into the kernel? > > As in that case I do have: > lion3# =A0sysctl net.inet6.ip6.fw.enable net.inet6.ip6.fw.enable: 1 ipfw is built and installed as a module as part of make kernel target. There is no ipfw related options in KERNCONF itself. ipfw.ko loads during rc(8) phase. > What's your src.conf and make.conf files looking like in /etc should > you have them? =A0Any WITHOUT_INET6 or WITHOUT_INET6_SUPPORT in there? Nothing suspicious. # cat /etc/src.conf WITHOUT_CLANG=3D yes # cat /etc/make.conf MODULES_OVERRIDE=3D coretemp libalias nfsclient nfslockd nfslock \ nfs_common krpc nfssvc ipfw linux linprocfs \ mac_biba netgraph cyclic opensolaris dtrace \ dtrace/dtraceall cpufreq nullfs KERNCONF=3DTST WRKDIRPREFIX=3D/usr/works # added by use.perl 2010-11-29 19:07:35 PERL_VERSION=3D5.10.1 WITHOUT_X11=3Dyes (TST config has extra debugging changes, oldnfs and commented out devices.) --=20 wbr, pluknet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-mSOLUfsAee3UL7P70YkjFuXbh9uHM5mmQqvF=4T5utR_G_A>