Re: vimage patches and example run.

From: Norikatsu Shigemura <nork_at_FreeBSD.org>
Date: Sat, 17 May 2008 11:32:01 +0900
On Sat, 17 May 2008 08:39:38 +0900
Norikatsu Shigemura <nork_at_freebsd.org> wrote:
On Sat, 17 May 2008 08:15:48 +0900
> Norikatsu Shigemura <nork_at_freebsd.org> wrote:
> > On Fri, 16 May 2008 08:36:54 -0400
> > Julian Elischer <julian_at_elischer.org> wrote:
> > > vimage patches as of 8AM in ottawa:
> > > http://www.freebsd.org/~julian/vimage.diff
> > 	Wow! I'll try to do it! :-)
> 	Oops, I couldn't compile kdump.  Please add following patch
> 	for vimage.diff.

	Hum... There are many bugs in ipfw's code.
	*ip_fw.h
	1. struct ip_fw_chain in #ifdef IPFW_INTERNAL - #endif
	   So remove it (dupplicate define).

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #ifdef IPFW_INTERNAL
 
-#define        IPFW_TABLES_MAX         128
-struct ip_fw_chain {
-       struct ip_fw    *rules;         /* list of rules */
-       struct ip_fw    *reap;          /* list of rules to reap */
-       LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
-       struct radix_node_head *tables[IPFW_TABLES_MAX];
-       struct rwlock   rwmtx;
-};
 #define        IPFW_LOCK_INIT(_chain) \
        rw_init(&(_chain)->rwmtx, "IPFW static rules")
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


	*ip_fw2.c
	1. Not enough to replacement.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-							LOOKUP_NAT(layer3_chain, nat_id, t);
+							LOOKUP_NAT(V_layer3_chain, nat_id, t);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	2. extra remove code is bad.  Don't apply following code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
_at__at_ -4359,7 +4400,6 _at__at_
                else {
                        printf("IP_FW_NAT_CFG: ipfw_nat not present, please load it.\n");
                        error = EINVAL;
-               }
        }
        break;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	3. bad extra code in new ipfw_init.  So replase new one.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-		default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny");
+#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT
+		"accept"
+#else
+		"deny"
+#endif
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	Please replace my attached patches for your vimage.diff.

P.S.  Oops! netgraph has ...  orz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:173:1: error: "NG_ID_HASH_SIZE" redefined
In file included from /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:71:
_at_/netgraph/vnetgraph.h:44:1: error: this is the location of the previous definition
  :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Received on Sat May 17 2008 - 00:32:08 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:30 UTC