IPDIVERT option not getting compiled?

Yury Tarasievich grog at grsu.by
Wed Nov 10 06:48:57 PST 2004


Hello,

Just recently I've run into this:

when compiling kernel in 4.10-RELEASE and in 4-STABLE, "options 
IPDIVERT" does not produce enabled divert in firewall code. Previously 
(meaning other machines and previous 4.* variants) the configuration 
compiled/worked okay.

I've used the attached config for kernel (with commented out SMP and 
APIC_IO).

I've compiled both with and without make.conf including IPFW2=TRUE.

,Yury
-------------- next part --------------
machine		i386
###cpu		I386_CPU
###cpu		I486_CPU
cpu		I586_CPU
cpu		I686_CPU
ident		SMP-8
options		INCLUDE_CONFIG_FILE
maxusers	0

#makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols

options 	MATH_EMULATE		#Support for x87 emulation
options 	INET			#InterNETworking
###options 	INET6			#IPv6 communications protocols
options 	FFS			#Berkeley Fast Filesystem
options 	FFS_ROOT		#FFS usable as root device [keep this!]
options 	SOFTUPDATES		#Enable FFS soft updates support
options 	UFS_DIRHASH		#Improve performance on big directories
options 	MFS			#Memory Filesystem
options 	MD_ROOT			#MD is a potential root device
options 	NFS			#Network Filesystem
options 	NFS_ROOT		#NFS usable as root device, NFS required
options 	MSDOSFS			#MSDOS Filesystem
options 	CD9660			#ISO 9660 Filesystem
options 	CD9660_ROOT		#CD-ROM usable as root, CD9660 required
options 	PROCFS			#Process filesystem
options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI
options 	UCONSOLE		#Allow users to grab the console
options 	USERCONFIG		#boot -c editor
options 	VISUAL_USERCONFIG	#visual boot -c editor
options 	KTRACE			#ktrace(1) support
options 	SYSVSHM			#SYSV-style shared memory
options 	SYSVMSG			#SYSV-style message queues
options 	SYSVSEM			#SYSV-style semaphores
options 	P1003_1B		#Posix P1003_1B real-time extensions
options 	_KPOSIX_PRIORITY_SCHEDULING
options 	ICMP_BANDLIM		#Rate limit bad replies
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
###options 	AHC_REG_PRETTY_PRINT	# Print register bitfields in debug
					# output.  Adds ~128k to driver.
###options 	AHD_REG_PRETTY_PRINT	# Print register bitfields in debug 
					# output.  Adds ~215k to driver.

# To make an SMP kernel, the next two are needed
options 	SMP			# Symmetric MultiProcessor Kernel
options 	APIC_IO			# Symmetric (APIC) I/O

# To support HyperThreading, HTT is needed in addition to SMP and APIC_IO
##4.9#options 	HTT			# HyperThreading Technology

device		isa
device		eisa
device		pci

# Floppy drives
device		fdc0	at isa? port IO_FD1 irq 6 drq 2
device		fd0	at fdc0 drive 0
device		fd1	at fdc0 drive 1
#
# If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
# don't use the above line for fdc0 but the following one:
#device		fdc0

# ATA and ATAPI devices
device		ata0	at isa? port IO_WD1 irq 14
device		ata1	at isa? port IO_WD2 irq 15
device		ata
device		atadisk			# ATA disk drives
device		atapicd			# ATAPI CDROM drives
device		atapifd			# ATAPI floppy drives
device		atapist			# ATAPI tape drives
options 	ATA_STATIC_ID		#Static device numbering

# SCSI Controllers
device		ahb		# EISA AHA1742 family
device		ahc		# AHA2940 and onboard AIC7xxx devices
device		ahd		# AHA39320/29320 and onboard AIC79xx devices
device		amd		# AMD 53C974 (Tekram DC-390(T))
device		isp		# Qlogic family
device		mpt		# LSI-Logic MPT/Fusion
device		ncr		# NCR/Symbios Logic
device		sym		# NCR/Symbios Logic (newer chipsets)
options 	SYM_SETUP_LP_PROBE_MAP=0x40
				# Allow ncr to attach legacy NCR devices when 
				# both sym and ncr are configured

device		adv0	at isa?
device		adw
device		bt0	at isa?
device		aha0	at isa?
device		aic0	at isa?

device		ncv		# NCR 53C500
device		nsp		# Workbit Ninja SCSI-3
device		stg		# TMC 18C30/18C50

# SCSI peripherals
device		scbus		# SCSI bus (required)
device		da		# Direct Access (disks)
device		sa		# Sequential Access (tape etc)
device		cd		# CD
device		pass		# Passthrough device (direct SCSI access)

# RAID controllers interfaced to the SCSI subsystem
device		asr		# DPT SmartRAID V, VI and Adaptec SCSI RAID
device		dpt		# DPT Smartcache - See LINT for options!
device		iir		# Intel Integrated RAID
device		mly		# Mylex AcceleRAID/eXtremeRAID
device		ciss		# Compaq SmartRAID 5* series

# RAID controllers
device		aac		# Adaptec FSA RAID, Dell PERC2/PERC3
#device		aacp		# SCSI passthrough for aac (requires CAM)
device		ida		# Compaq Smart RAID
device		amr		# AMI MegaRAID
device		mlx		# Mylex DAC960 family
device		twe		# 3ware Escalade

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc0	at isa? port IO_KBD
device		atkbd0	at atkbdc? irq 1 flags 0x1
device		psm0	at atkbdc? irq 12

device		vga0	at isa?

# splash screen/screen saver
pseudo-device	splash

# syscons is the default console driver, resembling an SCO console
device		sc0	at isa? flags 0x100

# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device		vt0	at isa?
#options 	XSERVER			# support for X server on a vt console
#options 	FAT_CURSOR		# start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
#options 	PCVT_SCANSET=2		# IBM keyboards are non-std

device		agp		# support several AGP chipsets

# Floating point support - do not disable.
device		npx0	at nexus? port IO_NPX irq 13

# Power management support (see LINT for more options)
device		apm0	at nexus? disable flags 0x20 # Advanced Power Management

# PCCARD (PCMCIA) support
device		card
device		pcic0	at isa? irq 0 port 0x3e0 iomem 0xd0000
device		pcic1	at isa? irq 0 port 0x3e2 iomem 0xd4000 disable

# Serial (COM) ports
device		sio0	at isa? port IO_COM1 flags 0x10 irq 4
device		sio1	at isa? port IO_COM2 irq 3
device		sio2	at isa? disable port IO_COM3 irq 5
device		sio3	at isa? disable port IO_COM4 irq 9

# Parallel port
device		ppc0	at isa? irq 7
device		ppbus		# Parallel port bus (required)
device		lpt		# Printer
device		plip		# TCP/IP over parallel
device		ppi		# Parallel port interface device
#device		vpo		# Requires scbus and da


# PCI Ethernet NICs.
device		de		# DEC/Intel DC21x4x (``Tulip'')
device		em		# Intel PRO/1000 adapter Gigabit Ethernet Card (``Wiseman'')
device		txp		# 3Com 3cR990 (``Typhoon'')
device		vx		# 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device		miibus		# MII bus support
device		dc		# DEC/Intel 21143 and various workalikes
device		fxp		# Intel EtherExpress PRO/100B (82557, 82558)
device		pcn		# AMD Am79C97x PCI 10/100 NICs
device		rl		# RealTek 8129/8139
device		sf		# Adaptec AIC-6915 (``Starfire'')
device		sis		# Silicon Integrated Systems SiS 900/SiS 7016
device		ste		# Sundance ST201 (D-Link DFE-550TX)
device		tl		# Texas Instruments ThunderLAN
device		tx		# SMC EtherPower II (83c170 ``EPIC'')
device		vr		# VIA Rhine, Rhine II
device		wb		# Winbond W89C840F
device		xl		# 3Com 3c90x (``Boomerang'', ``Cyclone'')
device		bge		# Broadcom BCM570x (``Tigon III'')

# ISA Ethernet NICs.
# 'device ed' requires 'device miibus'
###device		ed0	at isa? disable port 0x280 irq 10 iomem 0xd8000
###device		ex
###device		ep
###device		fe0	at isa? disable port 0x300
# Xircom Ethernet
###device		xe
# PRISM I IEEE 802.11b wireless NIC.
###device		awi
# WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
# exists only as a PCMCIA device, so there is no ISA attachment needed
# and resources will always be dynamically assigned by the pccard code.
###device		wi
# Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below will
# work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
# mode (the factory default). If you set the switches on your ISA
# card for a manually chosen I/O address and IRQ, you must specify
# those parameters here.
###device		an
# The probe order of these is presently determined by i386/isa/isa_compat.c.
###device		ie0	at isa? disable port 0x300 irq 10 iomem 0xd0000
####device		le0	at isa? disable port 0x300 irq 5 iomem 0xd0000
###device		lnc0	at isa? disable port 0x280 irq 10 drq 0
###device		cs0	at isa? disable port 0x300
###device		sn0	at isa? disable port 0x300 irq 10

# Pseudo devices - the number indicates how many units to allocate.
pseudo-device	loop		# Network loopback
pseudo-device	ether		# Ethernet support
pseudo-device	sl	1	# Kernel SLIP
pseudo-device	ppp	1	# Kernel PPP
pseudo-device	tun		# Packet tunnel.
pseudo-device	pty		# Pseudo-ttys (telnet etc)
pseudo-device	md		# Memory "disks"
pseudo-device	gif		# IPv6 and IPv4 tunneling
###pseudo-device	faith	1	# IPv6-to-IPv4 relaying (translation)

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device	bpf		#Berkeley packet filter

# USB support
device		uhci		# UHCI PCI->USB interface
device		ohci		# OHCI PCI->USB interface
device		usb		# USB Bus (required)
device		ugen		# Generic
device		uhid		# "Human Interface Devices"
device		ukbd		# Keyboard
device		ulpt		# Printer
device		umass		# Disks/Mass storage - Requires scbus and da
device		ums		# Mouse
device		uscanner	# Scanners
###device		urio		# Diamond Rio MP3 Player
# USB Ethernet, requires mii
###device		aue		# ADMtek USB ethernet
###device		cue		# CATC USB ethernet
###device		kue		# Kawasaki LSI USB ethernet
#-------------------------------------------------------------------------
options 	SMP
options 	APIC_IO
options		USER_LDT
device		atapicam

options		HZ=1000

pseudo-device	ef
options		IPX

options		MROUTING
options 	DUMMYNET
options 	BRIDGE
options		IPFW2
options		IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE_LIMIT=1000
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT


More information about the freebsd-hackers mailing list