IPDIVERT option not getting compiled?
Yar Tikhiy
yar at comp.chem.msu.su
Tue Nov 16 15:16:52 GMT 2004
On Tue, Nov 16, 2004 at 03:08:54PM +0200, Yury Tarasievich wrote:
>
> I'm adding IPDIVERT option ("options IPDIVERT") to config file and
> config kernel and compile kernel (alternatively -- buildkernel
> KERNCONF...) and install kernel and all's fine except that after reboot
> ipfw.ko tells that "divert is disabled" and it is, indeed, disabled, as
> natd starts but there are no divert sockets. It happens both with
> 4.10-RELEASE and with 4-STABLE.
>
> But never you mind. This time I had the luxury of being able to just
> format the partition and install system from scratch, so I did (there
> wasn't anything big installed yet). Mighty it would help me with
> populated system.
You seem to be confused by the well-known kernel vs. module
configuration issue. Alas, kernel options you specify in your
kernel config file affect the kernel binary only, not modules
built along with the kernel. If you want IPDIVERT, which is
an option to IPFIREWALL, you have to build your kernel with
both IPFIREWALL and IPDIVERT:
options IPFIREWALL
options IPDIVERT
or just
options IPFIREWALL,IPDIVERT
Here IPFIREWALL tells to compile the ipfw firewall into your kernel
binary while IPDIVERT indicates that ipfw must be compiled with the
divert code enabled.
With some options, you can do the trick of building a module
separately as follows:
cd /sys/modules/foo && make obj && make -D<OPTION> && make install
However, it seems impossible for IPDIVERT since this option affects
not only ipfw source files, but the main IP stack, too.
--
Yar
More information about the freebsd-hackers
mailing list