From owner-freebsd-stable@FreeBSD.ORG Tue Apr 3 02:39:14 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7BD5616A403; Tue, 3 Apr 2007 02:39:14 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.freebsd.org (Postfix) with ESMTP id 2F0D713C45B; Tue, 3 Apr 2007 02:39:14 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost2.sentex.ca (8.13.8/8.13.8) with ESMTP id l332dCnA054563; Mon, 2 Apr 2007 22:39:13 -0400 (EDT) (envelope-from mike@sentex.net) Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.8/8.13.3) with ESMTP id l332dC89044128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Apr 2007 22:39:12 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <200704030239.l332dC89044128@lava.sentex.ca> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 02 Apr 2007 22:37:19 -0400 To: JoaoBR , freebsd-stable@freebsd.org From: Mike Tancsa In-Reply-To: <200704011107.22750.joao@matik.com.br> References: <200704011107.22750.joao@matik.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: julian@freebsd.org Subject: Re: ipfw add pipe broken in RELENG_6 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 02:39:14 -0000 At 10:07 AM 4/1/2007, JoaoBR wrote: >it seems I can not add pipes with releng6 sources from the last days > >ipfw add pipe 1 ip from any to any >ipfw: getsockopt(IP_FW_ADD): Invalid argument I think this is whats needed in /usr/src/sbin/ipfw. Looking at the diffs between HEAD and RELENG_6 (apart from the kernel nat stuff), below seems to be whats different. [smicro1U]# diff -u ipfw2.c.orig ipfw2.c --- ipfw2.c.orig Mon Apr 2 22:28:33 2007 +++ ipfw2.c Mon Apr 2 22:30:45 2007 @@ -3973,11 +3973,9 @@ break; case TOK_QUEUE: - action->len = F_INSN_SIZE(ipfw_insn_pipe); action->opcode = O_QUEUE; goto chkarg; case TOK_PIPE: - action->len = F_INSN_SIZE(ipfw_insn_pipe); action->opcode = O_PIPE; goto chkarg; case TOK_SKIPTO: @@ -4043,11 +4041,13 @@ "illegal forwarding port ``%s''", s); p->sa.sin_port = (u_short)i; } - lookup_host(*av, &(p->sa.sin_addr)); - } + if (_substrcmp(*av, "tablearg") == 0) + p->sa.sin_addr.s_addr = INADDR_ANY; + else + lookup_host(*av, &(p->sa.sin_addr)); ac--; av++; break; - + } case TOK_COMMENT: /* pretend it is a 'count' rule followed by the comment */ action->opcode = O_COUNT; [smicro1U]# The command seems to be getting tripped up in /usr/src/sys/netinet/ip_fw2.c case O_QUEUE: if (cmdlen != F_INSN_SIZE(ipfw_insn)) goto bad_size; goto check_action; where size=2 and cmdlen=1 on opcode=50 ---Mike