New Kernel Breaks IPFW

Andre Guibert de Bruet andy at siliconlandmark.com
Tue Jun 10 05:34:10 PDT 2003


Ian,

The new ipfw binary will work with an up-to-date kernel. What you need to
do is boot this new kernel and only then try out the new ipfw binary.

Regards,

> Andre Guibert de Bruet | Enterprise Software Consultant >
> Silicon Landmark, LLC. | http://siliconlandmark.com/    >

On Tue, 10 Jun 2003, Ian Freislich wrote:

> Terry Lambert wrote:
> > Apparently, someone hosed the compiler flags.  Looking at your
> > cribbed link:
> >
> > > Someone posted a link to the failure that I get, so I'll crib:
> > > http://www.0xfce3.net/error.txt
> >
> > We see:
> >
> > cc -O -pipe   -std=iso9899:1999  -I/usr/obj/usr/src/i386/legacy/usr/include
> > -static -L/usr/obj/usr/src/i386/legacy/usr/lib -o xinstall xinstall.o -legacy
> >
> > Works.
> >
> > cc -O -pipe -I. -I/usr/src/usr.sbin/config -W -Wall -ansi -pedantic
> > -Wbad-function-cast -Wcast-align  -Wcast-qual -Wchar-subscripts -Winline
> > -Wmissing-prototypes -Wnested-externs -Wpointer-arith  -Wredundant-decls
> > -Wshadow -Wstrict-prototypes -Wwrite-strings   -std=iso9899:1999
> > -I/usr/obj/usr/src/i386/legacy/usr/include -c config.c
>
> Hmmm, BDEFLAGS.  config.c appears to compile without them.
>
> > > > Short term, cd /usr/src/sbin/ipfw; make depend && make all install ought
> > > > to fix it.
> > >
> > > I tried that as well, but the new binary also dumps core, but works
> > > well with previous versions of the firewall.  Even back as far as
> > > my kernel.working from May 7 2003.
> >
> > Bogus header files; specifically, <netinet/ip_fw.h>.  Because you
> > can't build world, you are compiling the ipfw program with the old
> > system include files instead of the new ones.  You may also be
> > missing a cvs update on the ipfw sources themselves (specifically,
> > ipfw2.c).
>
> No, it did compile ipfw2.c (r1.24).  I also installed all new
> includes before I compiled ipfw and re-worlding to no avail.  I
> figured an old kernel with a working firewall was better than a new
> kernel with no firewall.
>
> Ian
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>


More information about the freebsd-current mailing list