From owner-svn-src-all@FreeBSD.ORG  Wed Nov  2 21:54:48 2011
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E3DA81065672;
	Wed,  2 Nov 2011 21:54:48 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90])
	by mx1.freebsd.org (Postfix) with ESMTP id 3E2C48FC19;
	Wed,  2 Nov 2011 21:54:48 +0000 (UTC)
Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.sbone.de (Postfix) with ESMTPS id E6B1725D3899;
	Wed,  2 Nov 2011 21:54:16 +0000 (UTC)
Received: from content-filter.sbone.de (content-filter.sbone.de
	[IPv6:fde9:577b:c1a9:31::2013:2742])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPS id 10588BD40F9;
	Wed,  2 Nov 2011 21:54:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sbone.de
Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587])
	by content-filter.sbone.de (content-filter.sbone.de
	[fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024)
	with ESMTP id GhfIevDHDd1p; Wed,  2 Nov 2011 21:54:14 +0000 (UTC)
Received: from nv.sbone.de (nv.sbone.de [IPv6:fde9:577b:c1a9:31::2013:138])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPSA id 4B177BD40EC;
	Wed,  2 Nov 2011 21:54:14 +0000 (UTC)
Date: Wed, 2 Nov 2011 21:54:13 +0000 (UTC)
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: Sergey Kandaurov <pluknet@freebsd.org>
In-Reply-To: <alpine.BSF.2.00.1111021516110.68690@ai.fobar.qr>
Message-ID: <alpine.BSF.2.00.1111022153170.68690@ai.fobar.qr>
References: <201109271327.p8RDRHs8024689@svn.freebsd.org>
	<CAE-mSOLZsHXFyu_oSO8EY78j8ijbqNaGmFDzqtoGx5SqOq0y1Q@mail.gmail.com>
	<alpine.BSF.2.00.1111021250100.68690@ai.fobar.qr>
	<CAE-mSOLUfsAee3UL7P70YkjFuXbh9uHM5mmQqvF=4T5utR_G_A@mail.gmail.com>
	<alpine.BSF.2.00.1111021516110.68690@ai.fobar.qr>
X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-863113531-1320270854=:68690"
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org
Subject: Re: svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 21:54:49 -0000

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--0-863113531-1320270854=:68690
Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8BIT

On Wed, 2 Nov 2011, Bjoern A. Zeeb wrote:

> On Wed, 2 Nov 2011, Sergey Kandaurov wrote:
>
>> On 2 November 2011 16:53, Bjoern A. Zeeb <bz@freebsd.org> wrote:
>>> On Wed, 2 Nov 2011, Sergey Kandaurov wrote:
>>> 
>>>> On 27 September 2011 17:27, Bjoern A. Zeeb <bz@freebsd.org> wrote:
>>>>> 
>>>>> Author: bz
>>>>> Date: Tue Sep 27 13:27:17 2011
>>>>> New Revision: 225793
>>>>> URL: http://svn.freebsd.org/changeset/base/225793
>>>>> 
>>>>> Log:
>>>>>  Unbreak no-ip and no-inet6 module builds with ipfw.  For now continue 
>>>>> to
>>>>>  build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under the
>>>>>  assumption that the private L2 hook (which hopefully eventually will be
>>>>> a
>>>>>  pfil hook as well) can still be useful.
>>>>> 
>>>>>  Allow building the module without inet as well.
>>>>> 
>>>>>  Glanced at by:        jhb
>>>>>  MFC after:    3 days
>>>>> 
>>>>> Modified:
>>>>>  head/sys/modules/ipfw/Makefile
>>>>>  head/sys/netinet/ipfw/ip_fw_pfil.c
>>>>> 
>>>>> Modified: head/sys/modules/ipfw/Makefile
>>>>> 
>>>>> ==============================================================================
>>>>> --- head/sys/modules/ipfw/Makefile      Tue Sep 27 13:20:41 2011
>>>>>  (r225792)
>>>>> +++ head/sys/modules/ipfw/Makefile      Tue Sep 27 13:27:17 2011
>>>>>  (r225793)
>>>>> @@ -8,7 +8,7 @@ KMOD=   ipfw
>>>>>  SRCS=  ip_fw2.c ip_fw_pfil.c
>>>>>  SRCS+= ip_fw_dynamic.c ip_fw_log.c
>>>>>  SRCS+= ip_fw_sockopt.c ip_fw_table.c
>>>>> -SRCS+= opt_inet6.h opt_ipfw.h opt_ipsec.h
>>>>> +SRCS+= opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h
>>>>> 
>>>>>  CFLAGS+= -DIPFIREWALL
>>>>>  CFLAGS+= -I${.CURDIR}/../../contrib/pf
>>>>> @@ -22,6 +22,10 @@ CFLAGS+= -I${.CURDIR}/../../contrib/pf
>>>>>  #
>>>>> 
>>>>>  .if !defined(KERNBUILDDIR)
>>>>> +.if ${MK_INET_SUPPORT} != "no"
>>>>> +opt_inet.h:
>>>>> +       echo "#define INET 1" > ${.TARGET}
>>>>> +.endif
>>>>>  .if ${MK_INET6_SUPPORT} != "no"
>>>>>  opt_inet6.h:
>>>>>        echo "#define INET6 1" > ${.TARGET}
>>>>> 
>>>>> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c
>>>>> 
>>>>> ==============================================================================
>>>>> --- head/sys/netinet/ipfw/ip_fw_pfil.c  Tue Sep 27 13:20:41 2011
>>>>>  (r225792)
>>>>> +++ head/sys/netinet/ipfw/ip_fw_pfil.c  Tue Sep 27 13:27:17 2011
>>>>>  (r225793)
>>>>> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$");
>>>>>  #if !defined(KLD_MODULE)
>>>>>  #include "opt_ipdn.h"
>>>>>  #include "opt_inet.h"
>>>>> +#include "opt_inet6.h"
>>>>>  #ifndef INET
>>>>>  #error IPFIREWALL requires INET.
>>>>>  #endif /* INET */
>>>>>  #endif /* KLD_MODULE */
>>>>> -#include "opt_inet6.h"
>>>> 
>>>> Hello.
>>>> 
>>>> This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabled
>>>> kernel.
>>>> 
>>>> Found by /etc/rc.d/ipfw restart:
>>>> [...]
>>>> /etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall
>>>> 
>>>> i.e. sysctl net.inet6.ip6.fw.enable doesn't present.
>>>> 
>>>> Reversion of this hunk fixed the problem.
>>>> NO_INET[46] lints aren't tested though.
>>> 
>>> 
>>> Just to double-check -- this only happens for you if you build and
>>> use the module, not when you link it into the kernel?
>>> 
>>> As in that case I do have:
>>> lion3#  sysctl net.inet6.ip6.fw.enable net.inet6.ip6.fw.enable: 1
>> 
>> ipfw is built and installed as a module as part of make kernel target.
>
> Can you try to see if this fixes the problem?
> http://people.freebsd.org/~bz/20111102-01-ipfw-kld.diff
>
> Please not that in the module case we'd most likely also built out
> some INET parts, not just INET6 once -- silently.

here's an updated patch that cleans up some more:

http://people.freebsd.org/~bz/20111102-03-ipfw-kld.diff

Any other testers and reviewers welcome as well.

-- 
Bjoern A. Zeeb                                 You have to have visions!
          Stop bit received. Insert coin for new address family.
--0-863113531-1320270854=:68690--