Norikatsu Shigemura wrote: > On Sat, 17 May 2008 08:39:38 +0900 > Norikatsu Shigemura <nork_at_freebsd.org> wrote: > On Sat, 17 May 2008 08:15:48 +0900 >> Norikatsu Shigemura <nork_at_freebsd.org> wrote: >>> On Fri, 16 May 2008 08:36:54 -0400 >>> Julian Elischer <julian_at_elischer.org> wrote: >>>> vimage patches as of 8AM in ottawa: >>>> http://www.freebsd.org/~julian/vimage.diff >>> Wow! I'll try to do it! :-) >> Oops, I couldn't compile kdump. Please add following patch >> for vimage.diff. > > Hum... There are many bugs in ipfw's code. thank you .. what you see is the first real public release adn not completely debugged.. Thank you.. I will correct these immediatly :-) > *ip_fw.h > 1. struct ip_fw_chain in #ifdef IPFW_INTERNAL - #endif > So remove it (dupplicate define). > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > #ifdef IPFW_INTERNAL > > -#define IPFW_TABLES_MAX 128 > -struct ip_fw_chain { > - struct ip_fw *rules; /* list of rules */ > - struct ip_fw *reap; /* list of rules to reap */ > - LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ > - struct radix_node_head *tables[IPFW_TABLES_MAX]; > - struct rwlock rwmtx; > -}; > #define IPFW_LOCK_INIT(_chain) \ > rw_init(&(_chain)->rwmtx, "IPFW static rules") > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > > *ip_fw2.c > 1. Not enough to replacement. > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - LOOKUP_NAT(layer3_chain, nat_id, t); > + LOOKUP_NAT(V_layer3_chain, nat_id, t); > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > 2. extra remove code is bad. Don't apply following code. > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > _at__at_ -4359,7 +4400,6 _at__at_ > else { > printf("IP_FW_NAT_CFG: ipfw_nat not present, please load it.\n"); > error = EINVAL; > - } > } > break; > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > 3. bad extra code in new ipfw_init. So replase new one. > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny"); > +#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT > + "accept" > +#else > + "deny" > +#endif > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Please replace my attached patches for your vimage.diff. > > P.S. Oops! netgraph has ... orz > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:173:1: error: "NG_ID_HASH_SIZE" redefined > In file included from /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:71: > _at_/netgraph/vnetgraph.h:44:1: error: this is the location of the previous definition > : > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >Received on Sat May 17 2008 - 01:15:14 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:30 UTC