problem with ipfilter and todays -stable

Andre Albsmeier andre.albsmeier at siemens.com
Wed Aug 18 06:39:54 PDT 2004


On Fri, 13-Aug-2004 at 19:19:02 +0000, Michael Handler wrote:
> On 2004-08-13, Bernhard Valenti <bernhard.valenti at gmx.net> wrote:
> > i just updated from 4.8 to 4.10-stable(from today). i noticed that i 
> > can't ping the machine. [...]
> 
> I just did the same upgrade last night, and am experiencing similar
> troubles. ("block in quick log on dc0" isn't actually blocking
> anything.) Someone on freebsd-net just noticed this as well:
> 
> http://lists.freebsd.org/pipermail/freebsd-net/2004-August/004675.html
> 
> Darren Reed MFCed IPFilter 3.4.35 in early July, and I don't think
> that ipfilter was updated completely in both of the relevant places
> (src/contrib/ipfilter and src/sys/contrib/ipfilter). If you diff

Yes, he forgot to MFC ipl.h into src/contrib/ipfilter, see PR# 70492.

> the files that exist in both locations, there are some troubling
> differences, especially the missing member of the qif structure in
> ip_compat.h, etc.

Well, it seems that src/contrib/ipfilter/ip_compat.h simply isn't
used by the userland parts of ipfilter (only by the kernel stuff
in src/sys/contrib/ipfilter where the file is up to date).

However, since there have always been confusing discrepancies (at
least for me) between the files in src/sys/contrib/ipfilter and
src/contrib/ipfilter, I have replaced src/contrib/ipfilter by the
offical ip_filter-3.4.35 package and made
src/sys/contrib/ipfilter/netinet a symlink to this location just
to be sure to use consistent versions of all files. (I have done
this several times before when I wanted to test a not yet commited
version of ipfilter).

However, this does not fix my problem which can be found at

http://marc.theaimsgroup.com/?l=ipfilter&m=109259371522385

When looking at HISTORY, we find a lot of changes w.r.t. checksum
corrections in ICMP packages so I assume there are still some bugs
in there.

> 
> I'm seeing the same problem that the freebsd-net poster did:
> 
> root at lair:~# ipf -V
> ipf: IP Filter: v3.4.31 (336)
> Kernel: IP Filter: v3.4.35

Same here (before replacing src/contrib/ipfilter as described
above) due to the missing MFC of ipl.h.

	-Andre


More information about the freebsd-stable mailing list