Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Nov 2004 18:16:44 +0300
From:      Yar Tikhiy <yar@comp.chem.msu.su>
To:        Yury Tarasievich <grog@grsu.by>
Cc:        Gary Jennejohn <garyj@jennejohn.org>
Subject:   Re: IPDIVERT option not getting compiled?
Message-ID:  <20041116151643.GA74432@comp.chem.msu.su>
In-Reply-To: <4199FBE6.60200@grsu.by>
References:  <200411151836.iAFIa6b2007989@peedub.jennejohn.org> <4199FBE6.60200@grsu.by>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Nov 16, 2004 at 03:08:54PM +0200, Yury Tarasievich wrote:
> 
> I'm adding IPDIVERT option ("options IPDIVERT") to config file and 
> config kernel and compile kernel (alternatively -- buildkernel 
> KERNCONF...) and install kernel and all's fine except that after reboot 
> ipfw.ko tells that "divert is disabled" and it is, indeed, disabled, as 
> natd starts but there are no divert sockets. It happens both with 
> 4.10-RELEASE and with 4-STABLE.
> 
> But never you mind. This time I had the luxury of being able to just 
> format the partition and install system from scratch, so I did (there 
> wasn't anything big installed yet). Mighty it would help me with 
> populated system.

You seem to be confused by the well-known kernel vs. module
configuration issue.  Alas, kernel options you specify in your
kernel config file affect the kernel binary only, not modules
built along with the kernel.  If you want IPDIVERT, which is
an option to IPFIREWALL, you have to build your kernel with
both IPFIREWALL and IPDIVERT:

options	IPFIREWALL
options	IPDIVERT

or just

options	IPFIREWALL,IPDIVERT

Here IPFIREWALL tells to compile the ipfw firewall into your kernel
binary while IPDIVERT indicates that ipfw must be compiled with the
divert code enabled.

With some options, you can do the trick of building a module
separately as follows:

cd /sys/modules/foo && make obj && make -D<OPTION> && make install

However, it seems impossible for IPDIVERT since this option affects
not only ipfw source files, but the main IP stack, too.

-- 
Yar

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041116151643.GA74432>