Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Nov 2011 21:26:46 +0300
From:      Sergey Kandaurov <pluknet@freebsd.org>
To:        "Bjoern A. Zeeb" <bz@freebsd.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r225793 - in head/sys: modules/ipfw netinet/ipfw
Message-ID:  <CAE-mSOLenTvFLeUimjz_VuL=tSV7rtA_M5cEARWpBhbVLPzhww@mail.gmail.com>
In-Reply-To: <alpine.BSF.2.00.1111021516110.68690@ai.fobar.qr>
References:  <201109271327.p8RDRHs8024689@svn.freebsd.org> <CAE-mSOLZsHXFyu_oSO8EY78j8ijbqNaGmFDzqtoGx5SqOq0y1Q@mail.gmail.com> <alpine.BSF.2.00.1111021250100.68690@ai.fobar.qr> <CAE-mSOLUfsAee3UL7P70YkjFuXbh9uHM5mmQqvF=4T5utR_G_A@mail.gmail.com> <alpine.BSF.2.00.1111021516110.68690@ai.fobar.qr>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2 November 2011 19:17, Bjoern A. Zeeb <bz@freebsd.org> wrote:
> On Wed, 2 Nov 2011, Sergey Kandaurov wrote:
>
>> On 2 November 2011 16:53, Bjoern A. Zeeb <bz@freebsd.org> wrote:
>>>
>>> On Wed, 2 Nov 2011, Sergey Kandaurov wrote:
>>>
>>>> On 27 September 2011 17:27, Bjoern A. Zeeb <bz@freebsd.org> wrote:
>>>>>
>>>>> Author: bz
>>>>> Date: Tue Sep 27 13:27:17 2011
>>>>> New Revision: 225793
>>>>> URL: http://svn.freebsd.org/changeset/base/225793
>>>>>
>>>>> Log:
>>>>> =A0Unbreak no-ip and no-inet6 module builds with ipfw. =A0For now con=
tinue
>>>>> to
>>>>> =A0build the ip_fw_pfil.c hooks and ipfw even in case of no-ip under =
the
>>>>> =A0assumption that the private L2 hook (which hopefully eventually wi=
ll
>>>>> be
>>>>> a
>>>>> =A0pfil hook as well) can still be useful.
>>>>>
>>>>> =A0Allow building the module without inet as well.
>>>>>
>>>>> =A0Glanced at by: =A0 =A0 =A0 =A0jhb
>>>>> =A0MFC after: =A0 =A03 days
>>>>>
>>>>> Modified:
>>>>> =A0head/sys/modules/ipfw/Makefile
>>>>> =A0head/sys/netinet/ipfw/ip_fw_pfil.c
>>>>>
>>>>> Modified: head/sys/modules/ipfw/Makefile
>>>>>
>>>>>
>>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
>>>>> --- head/sys/modules/ipfw/Makefile =A0 =A0 =A0Tue Sep 27 13:20:41 201=
1
>>>>> =A0(r225792)
>>>>> +++ head/sys/modules/ipfw/Makefile =A0 =A0 =A0Tue Sep 27 13:27:17 201=
1
>>>>> =A0(r225793)
>>>>> @@ -8,7 +8,7 @@ KMOD=3D =A0 ipfw
>>>>> =A0SRCS=3D =A0ip_fw2.c ip_fw_pfil.c
>>>>> =A0SRCS+=3D ip_fw_dynamic.c ip_fw_log.c
>>>>> =A0SRCS+=3D ip_fw_sockopt.c ip_fw_table.c
>>>>> -SRCS+=3D opt_inet6.h opt_ipfw.h opt_ipsec.h
>>>>> +SRCS+=3D opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h
>>>>>
>>>>> =A0CFLAGS+=3D -DIPFIREWALL
>>>>> =A0CFLAGS+=3D -I${.CURDIR}/../../contrib/pf
>>>>> @@ -22,6 +22,10 @@ CFLAGS+=3D -I${.CURDIR}/../../contrib/pf
>>>>> =A0#
>>>>>
>>>>> =A0.if !defined(KERNBUILDDIR)
>>>>> +.if ${MK_INET_SUPPORT} !=3D "no"
>>>>> +opt_inet.h:
>>>>> + =A0 =A0 =A0 echo "#define INET 1" > ${.TARGET}
>>>>> +.endif
>>>>> =A0.if ${MK_INET6_SUPPORT} !=3D "no"
>>>>> =A0opt_inet6.h:
>>>>> =A0 =A0 =A0 =A0echo "#define INET6 1" > ${.TARGET}
>>>>>
>>>>> Modified: head/sys/netinet/ipfw/ip_fw_pfil.c
>>>>>
>>>>>
>>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
>>>>> --- head/sys/netinet/ipfw/ip_fw_pfil.c =A0Tue Sep 27 13:20:41 2011
>>>>> =A0(r225792)
>>>>> +++ head/sys/netinet/ipfw/ip_fw_pfil.c =A0Tue Sep 27 13:27:17 2011
>>>>> =A0(r225793)
>>>>> @@ -31,11 +31,11 @@ __FBSDID("$FreeBSD$");
>>>>> =A0#if !defined(KLD_MODULE)
>>>>> =A0#include "opt_ipdn.h"
>>>>> =A0#include "opt_inet.h"
>>>>> +#include "opt_inet6.h"
>>>>> =A0#ifndef INET
>>>>> =A0#error IPFIREWALL requires INET.
>>>>> =A0#endif /* INET */
>>>>> =A0#endif /* KLD_MODULE */
>>>>> -#include "opt_inet6.h"
>>>>
>>>> Hello.
>>>>
>>>> This chunk seems to stop building inet6 part of ipfw.ko w/ INET6 enabl=
ed
>>>> kernel.
>>>>
>>>> Found by /etc/rc.d/ipfw restart:
>>>> [...]
>>>> /etc/rc.d/ipfw: WARNING: failed to enable IPv6 firewall
>>>>
>>>> i.e. sysctl net.inet6.ip6.fw.enable doesn't present.
>>>>
>>>> Reversion of this hunk fixed the problem.
>>>> NO_INET[46] lints aren't tested though.
>>>
>>>
>>> Just to double-check -- this only happens for you if you build and
>>> use the module, not when you link it into the kernel?
>>>
>>> As in that case I do have:
>>> lion3# =A0sysctl net.inet6.ip6.fw.enable net.inet6.ip6.fw.enable: 1
>>
>> ipfw is built and installed as a module as part of make kernel target.
>
> Can you try to see if this fixes the problem?
> http://people.freebsd.org/~bz/20111102-01-ipfw-kld.diff
>
> Please not that in the module case we'd most likely also built out
> some INET parts, not just INET6 once -- silently.
>

Hmm.. It is compiled differently when is built standalone and
as part of make buildkernel.

If built from sys/modules/ipfw:

# make
Warning: Object directory not changed from original /usr/src/sys/modules/ip=
fw
cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL
-DKLD_MODULE -nostdinc  -I/usr/src/sys/modules/ipfw/../../contrib/pf
-I. -I@ -I@/contrib/altq -finline-limit=3D8000 --param
inline-unit-growth=3D100 --param large-function-growth=3D1000 -fno-common
-fno-omit-frame-pointer  -mno-sse -mcmodel=3Dkernel -mno-red-zone
-mno-mmx -msoft-float  -fno-asynchronous-unwind-tables -ffreestanding
-fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions  -Wmissing-include-dirs
-fdiagnostics-show-option -c
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw2.c
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw2.c:34:26: error:
opt_ipdivert.h: No such file or directory
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw2.c:35:22: error:
opt_ipdn.h: No such file or directory
*** Error code 1

# ls sys/modules/ipfw/opt*
sys/modules/ipfw/opt_inet.h     sys/modules/ipfw/opt_ipfw.h
sys/modules/ipfw/opt_inet6.h    sys/modules/ipfw/opt_ipsec.h

Maybe add the missing opt* into module's Makefile?

Index: sys/modules/ipfw/Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- sys/modules/ipfw/Makefile   (revision 226966)
+++ sys/modules/ipfw/Makefile   (working copy)
@@ -8,7 +8,8 @@
 SRCS=3D  ip_fw2.c ip_fw_pfil.c
 SRCS+=3D ip_fw_dynamic.c ip_fw_log.c
 SRCS+=3D ip_fw_sockopt.c ip_fw_table.c
-SRCS+=3D opt_inet.h opt_inet6.h opt_ipfw.h opt_ipsec.h
+SRCS+=3D opt_inet.h opt_inet6.h opt_ipdivert.h opt_ipdn.h opt_ipfw.h opt_i=
psec.h
+SRCS+=3D opt_compat.h    # for a local change

 CFLAGS+=3D -DIPFIREWALL
 CFLAGS+=3D -I${.CURDIR}/../../contrib/pf



And successfully as part of make buildkernel (w/o the above change to Makef=
ile):

[...]
=3D=3D=3D> ipfw (all)
cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL
-DKLD_MODULE -nostdinc  -I/usr/src/sys/modules/ipfw/../../contrib/pf
-DHAVE_KERNEL_OPTION_HEADERS -include
/usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq
-finline-limit=3D8000 --param inline-unit-growth=3D100 --param
large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer
-I/usr/obj/usr/src/sys/TST  -mno-sse -mcmodel=3Dkernel -mno-red-zone
-mno-mmx -msoft-float  -fno-asynchronous-unwind-tables -ffreestanding
-fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions  -Wmissing-include-dirs
-fdiagnostics-show-option -c
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw2.c
cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL
-DKLD_MODULE -nostdinc  -I/usr/src/sys/modules/ipfw/../../contrib/pf
-DHAVE_KERNEL_OPTION_HEADERS -include
/usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq
-finline-limit=3D8000 --param inline-unit-growth=3D100 --param
large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer
-I/usr/obj/usr/src/sys/TST  -mno-sse -mcmodel=3Dkernel -mno-red-zone
-mno-mmx -msoft-float  -fno-asynchronous-unwind-tables -ffreestanding
-fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions  -Wmissing-include-dirs
-fdiagnostics-show-option -c
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_pfil.c
cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL
-DKLD_MODULE -nostdinc  -I/usr/src/sys/modules/ipfw/../../contrib/pf
-DHAVE_KERNEL_OPTION_HEADERS -include
/usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq
-finline-limit=3D8000 --param inline-unit-growth=3D100 --param
large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer
-I/usr/obj/usr/src/sys/TST  -mno-sse -mcmodel=3Dkernel -mno-red-zone
-mno-mmx -msoft-float  -fno-asynchronous-unwind-tables -ffreestanding
-fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions  -Wmissing-include-dirs
-fdiagnostics-show-option -c
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_dynamic.c
cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL
-DKLD_MODULE -nostdinc  -I/usr/src/sys/modules/ipfw/../../contrib/pf
-DHAVE_KERNEL_OPTION_HEADERS -include
/usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq
-finline-limit=3D8000 --param inline-unit-growth=3D100 --param
large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer
-I/usr/obj/usr/src/sys/TST  -mno-sse -mcmodel=3Dkernel -mno-red-zone
-mno-mmx -msoft-float  -fno-asynchronous-unwind-tables -ffreestanding
-fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions  -Wmissing-include-dirs
-fdiagnostics-show-option -c
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_log.c
ctfconvert -L VERSION -g ip_fw_pfil.o
ctfconvert -L VERSION -g ip_fw_log.o
cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL
-DKLD_MODULE -nostdinc  -I/usr/src/sys/modules/ipfw/../../contrib/pf
-DHAVE_KERNEL_OPTION_HEADERS -include
/usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq
-finline-limit=3D8000 --param inline-unit-growth=3D100 --param
large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer
-I/usr/obj/usr/src/sys/TST  -mno-sse -mcmodel=3Dkernel -mno-red-zone
-mno-mmx -msoft-float  -fno-asynchronous-unwind-tables -ffreestanding
-fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions  -Wmissing-include-dirs
-fdiagnostics-show-option -c
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_sockopt.c
cc -O2 -pipe -DIPFIREWALL -fno-strict-aliasing -Werror -D_KERNEL
-DKLD_MODULE -nostdinc  -I/usr/src/sys/modules/ipfw/../../contrib/pf
-DHAVE_KERNEL_OPTION_HEADERS -include
/usr/obj/usr/src/sys/TST/opt_global.h -I. -I@ -I@/contrib/altq
-finline-limit=3D8000 --param inline-unit-growth=3D100 --param
large-function-growth=3D1000 -fno-common -g -fno-omit-frame-pointer
-I/usr/obj/usr/src/sys/TST  -mno-sse -mcmodel=3Dkernel -mno-red-zone
-mno-mmx -msoft-float  -fno-asynchronous-unwind-tables -ffreestanding
-fstack-protector -std=3Diso9899:1999 -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions  -Wmissing-include-dirs
-fdiagnostics-show-option -c
/usr/src/sys/modules/ipfw/../../netinet/ipfw/ip_fw_table.c
ctfconvert -L VERSION -g ip_fw_dynamic.o
ctfconvert -L VERSION -g ip_fw_table.o
ctfconvert -L VERSION -g ip_fw_sockopt.o
ctfconvert -L VERSION -g ip_fw2.o
ld  -d -warn-common -r -d -o ipfw.ko.debug ip_fw2.o ip_fw_pfil.o
ip_fw_dynamic.o ip_fw_log.o ip_fw_sockopt.o ip_fw_table.o
:> export_syms
awk -f /usr/src/sys/conf/kmod_syms.awk ipfw.ko.debug  export_syms |
xargs -J% objcopy % ipfw.ko.debug
objcopy --only-keep-debug ipfw.ko.debug ipfw.ko.symbols
objcopy --strip-debug --add-gnu-debuglink=3Dipfw.ko.symbols ipfw.ko.debug i=
pfw.ko
[...]

--=20
wbr,
pluknet

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-mSOLenTvFLeUimjz_VuL=tSV7rtA_M5cEARWpBhbVLPzhww>