vimage patches and example run.

Julian Elischer julian at elischer.org
Sat May 17 03:15:14 UTC 2008 

Norikatsu Shigemura wrote:
> On Sat, 17 May 2008 08:39:38 +0900
> Norikatsu Shigemura <nork at freebsd.org> wrote:
> On Sat, 17 May 2008 08:15:48 +0900
>> Norikatsu Shigemura <nork at freebsd.org> wrote:
>>> On Fri, 16 May 2008 08:36:54 -0400
>>> Julian Elischer <julian at elischer.org> wrote:
>>>> vimage patches as of 8AM in ottawa:
>>>> http://www.freebsd.org/~julian/vimage.diff
>>> 	Wow! I'll try to do it! :-)
>> 	Oops, I couldn't compile kdump.  Please add following patch
>> 	for vimage.diff.
> 
> 	Hum... There are many bugs in ipfw's code.

thank you ..

what you see is the first real public release adn not completely 
debugged..
Thank you..

I will correct these immediatly :-)

> 	*ip_fw.h
> 	1. struct ip_fw_chain in #ifdef IPFW_INTERNAL - #endif
> 	   So remove it (dupplicate define).
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>  #ifdef IPFW_INTERNAL
>  
> -#define        IPFW_TABLES_MAX         128
> -struct ip_fw_chain {
> -       struct ip_fw    *rules;         /* list of rules */
> -       struct ip_fw    *reap;          /* list of rules to reap */
> -       LIST_HEAD(, cfg_nat) nat;       /* list of nat entries */
> -       struct radix_node_head *tables[IPFW_TABLES_MAX];
> -       struct rwlock   rwmtx;
> -};
>  #define        IPFW_LOCK_INIT(_chain) \
>         rw_init(&(_chain)->rwmtx, "IPFW static rules")
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 
> 	*ip_fw2.c
> 	1. Not enough to replacement.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> -							LOOKUP_NAT(layer3_chain, nat_id, t);
> +							LOOKUP_NAT(V_layer3_chain, nat_id, t);
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 	2. extra remove code is bad.  Don't apply following code.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> @@ -4359,7 +4400,6 @@
>                 else {
>                         printf("IP_FW_NAT_CFG: ipfw_nat not present, please load it.\n");
>                         error = EINVAL;
> -               }
>         }
>         break;
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 	3. bad extra code in new ipfw_init.  So replase new one.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> -		default_rule.cmd[0].opcode == O_ACCEPT ? "accept" : "deny");
> +#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT
> +		"accept"
> +#else
> +		"deny"
> +#endif
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 	Please replace my attached patches for your vimage.diff.
> 
> P.S.  Oops! netgraph has ...  orz
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:173:1: error: "NG_ID_HASH_SIZE" redefined
> In file included from /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:71:
> @/netgraph/vnetgraph.h:44:1: error: this is the location of the previous definition
>   :
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>

More information about the freebsd-current mailing list