svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw

Bjoern A. Zeeb bz at freebsd.org
Wed Nov 2 13:12:05 UTC 2011 

On Wed, 2 Nov 2011, Sergey Kandaurov wrote:

> On 27 September 2011 17:27, Bjoern A. Zeeb <bz at freebsd.org> wrote:
>> Author: bz
>> Date: Tue Sep 27 13:27:17 2011
>> New Revision: 225793
>> URL: http://svn.freebsd.org/changeset/base/225793
>>
>> Log:
>>  Unbreak no-ip and no-inet6 module builds with ipfw.  For now continue to
>>  build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under the
>>  assumption that the private L2 hook (which hopefully eventually will be a
>>  pfil hook as well) can still be useful.
>>
>>  Allow building the module without inet as well.
>>
>>  Glanced at by:        jhb
>>  MFC after:    3 days
>>
>> Modified:
>>  head/sys/modules/ipfw/Makefile
>>  head/sys/netinet/ipfw/ip_fw_pfil.c
>>
>> Modified: head/sys/modules/ipfw/Makefile
>> ==============================================================================
>> --- head/sys/modules/ipfw/Makefile      Tue Sep 27 13:20:41 2011        (r225792)
>> +++ head/sys/modules/ipfw/Makefile      Tue Sep 27 13:27:17 2011        (r225793)
>> @@ -8,7 +8,7 @@ KMOD=   ipfw
>>  SRCS=  ip_fw2.c ip_fw_pfil.c
>>  SRCS+= ip_fw_dynamic.c ip_fw_log.c
>>  SRCS+= ip_fw_sockopt.c ip_fw_table.c
>> -SRCS+= opt_inet6.h opt_ipfw.h opt_ipsec.h
>> +SRCS+= opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h
>>
>>  CFLAGS+= -DIPFIREWALL
>>  CFLAGS+= -I${.CURDIR}/../../contrib/pf
>> @@ -22,6 +22,10 @@ CFLAGS+= -I${.CURDIR}/../../contrib/pf
>>  #
>>
>>  .if !defined(KERNBUILDDIR)
>> +.if ${MK_INET_SUPPORT} != "no"
>> +opt_inet.h:
>> +       echo "#define INET 1" > ${.TARGET}
>> +.endif
>>  .if ${MK_INET6_SUPPORT} != "no"
>>  opt_inet6.h:
>>        echo "#define INET6 1" > ${.TARGET}
>>
>> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c
>> ==============================================================================
>> --- head/sys/netinet/ipfw/ip_fw_pfil.c  Tue Sep 27 13:20:41 2011        (r225792)
>> +++ head/sys/netinet/ipfw/ip_fw_pfil.c  Tue Sep 27 13:27:17 2011        (r225793)
>> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$");
>>  #if !defined(KLD_MODULE)
>>  #include "opt_ipdn.h"
>>  #include "opt_inet.h"
>> +#include "opt_inet6.h"
>>  #ifndef INET
>>  #error IPFIREWALL requires INET.
>>  #endif /* INET */
>>  #endif /* KLD_MODULE */
>> -#include "opt_inet6.h"
>
> Hello.
>
> This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabled kernel.
>
> Found by /etc/rc.d/ipfw restart:
> [...]
> /etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall
>
> i.e. sysctl net.inet6.ip6.fw.enable doesn't present.
>
> Reversion of this hunk fixed the problem.
> NO_INET[46] lints aren't tested though.


Just to double-check -- this only happens for you if you build and
use the module, not when you link it into the kernel?

As in that case I do have:
lion3#  sysctl net.inet6.ip6.fw.enable 
net.inet6.ip6.fw.enable: 1


What's your src.conf and make.conf files looking like in /etc should
you have them?  Any WITHOUT_INET6 or WITHOUT_INET6_SUPPORT in there?

/bz

-- 
Bjoern A. Zeeb                                 You have to have visions!
          Stop bit received. Insert coin for new address family.

More information about the svn-src-all mailing list