vimage patches and example run.
Norikatsu Shigemura
nork at FreeBSD.org
Sat May 17 02:32:08 UTC 2008
On Sat, 17 May 2008 08:39:38 +0900
Norikatsu Shigemura <nork at freebsd.org> wrote:
On Sat, 17 May 2008 08:15:48 +0900
> Norikatsu Shigemura <nork at freebsd.org> wrote:
> > On Fri, 16 May 2008 08:36:54 -0400
> > Julian Elischer <julian at elischer.org> wrote:
> > > vimage patches as of 8AM in ottawa:
> > > http://www.freebsd.org/~julian/vimage.diff
> > Wow! I'll try to do it! :-)
> Oops, I couldn't compile kdump. Please add following patch
> for vimage.diff.
Hum... There are many bugs in ipfw's code.
*ip_fw.h
1. struct ip_fw_chain in #ifdef IPFW_INTERNAL - #endif
So remove it (dupplicate define).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#ifdef IPFW_INTERNAL
-#define IPFW_TABLES_MAX 128
-struct ip_fw_chain {
- struct ip_fw *rules; /* list of rules */
- struct ip_fw *reap; /* list of rules to reap */
- LIST_HEAD(, cfg_nat) nat; /* list of nat entries */
- struct radix_node_head *tables[IPFW_TABLES_MAX];
- struct rwlock rwmtx;
-};
#define IPFW_LOCK_INIT(_chain) \
rw_init(&(_chain)->rwmtx, "IPFW static rules")
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*ip_fw2.c
1. Not enough to replacement.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- LOOKUP_NAT(layer3_chain, nat_id, t);
+ LOOKUP_NAT(V_layer3_chain, nat_id, t);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2. extra remove code is bad. Don't apply following code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -4359,7 +4400,6 @@
else {
printf("IP_FW_NAT_CFG: ipfw_nat not present, please load it.\n");
error = EINVAL;
- }
}
break;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
3. bad extra code in new ipfw_init. So replase new one.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny");
+#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT
+ "accept"
+#else
+ "deny"
+#endif
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please replace my attached patches for your vimage.diff.
P.S. Oops! netgraph has ... orz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:173:1: error: "NG_ID_HASH_SIZE" redefined
In file included from /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:71:
@/netgraph/vnetgraph.h:44:1: error: this is the location of the previous definition
:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More information about the freebsd-current
mailing list