From owner-freebsd-current@FreeBSD.ORG  Tue Jun 10 23:25:41 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 240C337B401
	for <freebsd-current@freebsd.org>;
	Tue, 10 Jun 2003 23:25:41 -0700 (PDT)
Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net
	[207.217.120.188])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F6B243FAF
	for <freebsd-current@freebsd.org>;
	Tue, 10 Jun 2003 23:25:40 -0700 (PDT)
	(envelope-from tlambert2@mindspring.com)
Received: from user-38lc0s4.dialup.mindspring.com ([209.86.3.132]
	helo=mindspring.com)
	by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)	id 19Pz32-0002zt-00; Tue, 10 Jun 2003 23:25:29 -0700
Message-ID: <3EE6CB0E.2C40CAF1@mindspring.com>
Date: Tue, 10 Jun 2003 23:24:14 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Ian Freislich <ianf@za.uu.net>
References: <3EE5B9D5.8FE3E6EF@mindspring.com> <4741.1055245990@mci.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a447291927689ef7fe70021449b7d7ab7493caf27dac41a8fd350badd9bab72f9c350badd9bab72f9c
cc: freebsd-current@freebsd.org
Subject: Re: New Kernel Breaks IPFW
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2003 06:25:41 -0000

Ian Freislich wrote:
> Terry Lambert wrote:
> > > > Short term, cd /usr/src/sbin/ipfw; make depend && make all install ought
> > > > to fix it.
> > >
> > > I tried that as well, but the new binary also dumps core, but works
> > > well with previous versions of the firewall.  Even back as far as
> > > my kernel.working from May 7 2003.
> >
> > Bogus header files; specifically, <netinet/ip_fw.h>.  Because you
> > can't build world, you are compiling the ipfw program with the old
> > system include files instead of the new ones.  You may also be
> > missing a cvs update on the ipfw sources themselves (specifically,
> > ipfw2.c).
> 
> No, it did compile ipfw2.c (r1.24).  I also installed all new
> includes before I compiled ipfw and re-worlding to no avail.  I
> figured an old kernel with a working firewall was better than a new
> kernel with no firewall.

No.  The problem is that you compiled ipfw2.c with the header
/usr/include/netinet/ip_fw.h, and not /usr/src/netinet/ip_fw.h.

The way you get the new header is to install it, and as you
noticed, that doesn't work.

Alternately, you can specify a CFLAGS=-I/usr/src, and it will
get the header that matches your kernel.

Since the buildworld is a simple fix (back out the changes to
the .mk file before trying to build), you should do that, instead.

-- Terry