Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 14 Oct 2003 22:47:26 +0900
From:      Takanori Watanabe <takawata@init-main.com>
To:        rizzo@icir.org
Cc:        takawata@sana.init-main.com
Subject:   #ifdef IPDIVERT in sys/netinet/ip_fw2.c?
Message-ID:  <200310141347.h9EDlQUN000769@sana.init-main.com>
next in thread | raw e-mail | index | archive | help 
Do we need #ifdef IPDIVERT in sys/ne
I don't think it is needed, because ip_fw2 
always accepts DIVERT packet and the option is 
only used for print out if IPDIVERT option is
enabled or not.

I tried to run natd in kernel with IPDIVERT 
enabled and IPFW not enabled, with ipfw kernel module.
And it workes.

% dmesg 
...
ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to de
ny, logging disabled
acpi_cpu: throttling enabled, 2 steps (100% to 50.0%), currently 100.0%
...
% kldstat 
Id Refs Address    Size     Name
 1   41 0xc0400000 2de980   kernel
 2    2 0xc06df000 1d634    linux.ko
 3    1 0xc06fd000 9310     ipfw.ko
 4    1 0xc0707000 b3ec     if_fxp.ko
 5    3 0xc0713000 1c174    miibus.ko
 6    1 0xc0730000 8080     if_rl.ko
 7    1 0xc0739000 7988     ng_pppoe.ko
 8    2 0xc0741000 49f0     ng_ether.ko
 9    8 0xc0746000 14b2c    netgraph.ko
10    1 0xc075b000 59b8     snd_cmi.ko
11    2 0xc0761000 1e678    snd_pcm.ko
12    9 0xc0780000 13088    agp.ko
13    1 0xc0794000 1f3c     bktr_mem.ko
14    1 0xc0796000 31c4     joy.ko
15    1 0xc079a000 7e1c     fdc.ko
16    1 0xc07a2000 1af2c4   nvidia.ko
17    1 0xc0952000 4ce2c    acpi.ko
18    1 0xc63ab000 5000     ip6fw.ko
19    1 0xc63d6000 1b000    nfsserver.ko
20    1 0xc6422000 3000     daemon_saver.ko
21    1 0xc643d000 4000     ng_socket.ko
22    1 0xc6441000 4000     ng_iface.ko
23    1 0xc6447000 8000     ng_ppp.ko
24    1 0xc646d000 4000     ng_bpf.ko
25    1 0xc6471000 5000     ng_vjc.ko
% ps auxwww|grep natd
root       211  0.0  0.0   804  348  ??  Is   10:04PM   0:00.06 /sbin/natd -dynamic -n ng0

'#ifdef' should be avoided as possible, because 

Do you need the message to indicate IPDIVERT is enabled?
If it is not needed so much, just change the message to
dike the #ifdef.

--- /sys/netinet/ip_fw2.c       Fri Sep 26 19:14:22 2003
+++ ip_fw2.c    Tue Oct 14 22:45:41 2003
@@ -2928,13 +2928,8 @@
        }
 
        ip_fw_default_rule = layer3_chain.rules;
-       printf("ipfw2 initialized, divert %s, "
+       printf("ipfw2 initialized,  "
                "rule-based forwarding enabled, default to %s, logging ",
-#ifdef IPDIVERT
-               "enabled",
-#else
-               "disabled",
-#endif
                default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny");
 

If you still need it, this should be converted to a reference
to  global variable.
How do you think about it?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310141347.h9EDlQUN000769>