svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw

Wed Nov 2 12:13:16 UTC 2011

On 27 September 2011 17:27, Bjoern A. Zeeb <bz at freebsd.org> wrote:
> Author: bz
> Date: Tue Sep 27 13:27:17 2011
> New Revision: 225793
> URL: http://svn.freebsd.org/changeset/base/225793
>
> Log:
>  Unbreak no-ip and no-inet6 module builds with ipfw.  For now continue to
>  build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under the
>  assumption that the private L2 hook (which hopefully eventually will be a
>  pfil hook as well) can still be useful.
>
>  Allow building the module without inet as well.
>
>  Glanced at by:        jhb
>  MFC after:    3 days
>
> Modified:
>  head/sys/modules/ipfw/Makefile
>  head/sys/netinet/ipfw/ip_fw_pfil.c
>
> Modified: head/sys/modules/ipfw/Makefile
> ==============================================================================
> --- head/sys/modules/ipfw/Makefile      Tue Sep 27 13:20:41 2011        (r225792)
> +++ head/sys/modules/ipfw/Makefile      Tue Sep 27 13:27:17 2011        (r225793)
> @@ -8,7 +8,7 @@ KMOD=   ipfw
>  SRCS=  ip_fw2.c ip_fw_pfil.c
>  SRCS+= ip_fw_dynamic.c ip_fw_log.c
>  SRCS+= ip_fw_sockopt.c ip_fw_table.c
> -SRCS+= opt_inet6.h opt_ipfw.h opt_ipsec.h
> +SRCS+= opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h
>
>  CFLAGS+= -DIPFIREWALL
>  CFLAGS+= -I${.CURDIR}/../../contrib/pf
> @@ -22,6 +22,10 @@ CFLAGS+= -I${.CURDIR}/../../contrib/pf
>  #
>
>  .if !defined(KERNBUILDDIR)
> +.if ${MK_INET_SUPPORT} != "no"
> +opt_inet.h:
> +       echo "#define INET 1" > ${.TARGET}
> +.endif
>  .if ${MK_INET6_SUPPORT} != "no"
>  opt_inet6.h:
>        echo "#define INET6 1" > ${.TARGET}
>
> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c
> ==============================================================================
> --- head/sys/netinet/ipfw/ip_fw_pfil.c  Tue Sep 27 13:20:41 2011        (r225792)
> +++ head/sys/netinet/ipfw/ip_fw_pfil.c  Tue Sep 27 13:27:17 2011        (r225793)
> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$");
>  #if !defined(KLD_MODULE)
>  #include "opt_ipdn.h"
>  #include "opt_inet.h"
> +#include "opt_inet6.h"
>  #ifndef INET
>  #error IPFIREWALL requires INET.
>  #endif /* INET */
>  #endif /* KLD_MODULE */
> -#include "opt_inet6.h"

Hello.

This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabled kernel.

Found by /etc/rc.d/ipfw restart:
[...]
/etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall

i.e. sysctl net.inet6.ip6.fw.enable doesn't present.

Reversion of this hunk fixed the problem.
NO_INET[46] lints aren't tested though.

-- 
wbr,
pluknet