kern/57730: ipl.ko should be compiled with IPv6 functionality

[FUKAUMI Naoki]

>Number:         57730
>Category:       kern
>Synopsis:       ipl.ko should be compiled with IPv6 functionality
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 07 23:00:30 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     FUKAUMI Naoki
>Release:        FreeBSD 4.9-PRERELEASE i386
>Organization:
SOUM Corporation
>Environment:
>Description:
	ipl.ko doesn't have IPv6 functionality because USE_INET6 is not
	defined in src/sys/modules/ipfilter/Makefile.

	GENERIC kernel has INET6 options, and GENERIC kernel does not
	include ipfilter module statically.

	/etc/rc.network load ipl.ko if ipfilter_enable=YES, and exec
	'ipf -6 -f ipf6.rules' if ipv6_ipfilter_rules available.

	It causes error.

>How-To-Repeat:
	# kldload ipl
	# ipf -6 -f /etc/ipf6.rules
	1:ioctl(add/insert rule): No such process
	(snip)

	This is 4.9-PRERELEASE machine. But I think 5.1-CURRENT has
	same problem.

>Fix:
	Patch for 4.9-PRERELEASE:

Index: Makefile
===================================================================
RCS file: /home/ncvs/src/sys/modules/ipfilter/Makefile,v
retrieving revision 1.2.2.2
diff -u -r1.2.2.2 Makefile
--- Makefile	7 Jun 2001 05:11:44 -0000	1.2.2.2
+++ Makefile	8 Oct 2003 05:27:43 -0000
@@ -5,9 +5,11 @@
 SRCS=	mlfk_ipl.c ip_nat.c ip_frag.c ip_state.c ip_proxy.c ip_auth.c \
 	ip_log.c ip_fil.c fil.c
 NOMAN=
+CFLAGS+= -DUSE_INET6
 CFLAGS+= -DIPFILTER_LKM -DIPFILTER_LOG
 CFLAGS+=  -I${.CURDIR}/../../contrib/ipfilter
 #
+# If you don't want IPv6 functionality remove -DUSE_INET6
 # If you don't want log functionality remove -DIPFILTER_LOG
 #
 
>Release-Note:
>Audit-Trail:
>Unformatted: