Date: Tue, 10 Jun 2003 23:24:14 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Ian Freislich <ianf@za.uu.net> Cc: freebsd-current@freebsd.org Subject: Re: New Kernel Breaks IPFW Message-ID: <3EE6CB0E.2C40CAF1@mindspring.com> References: <3EE5B9D5.8FE3E6EF@mindspring.com> <4741.1055245990@mci.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian Freislich wrote: > Terry Lambert wrote: > > > > Short term, cd /usr/src/sbin/ipfw; make depend && make all install ought > > > > to fix it. > > > > > > I tried that as well, but the new binary also dumps core, but works > > > well with previous versions of the firewall. Even back as far as > > > my kernel.working from May 7 2003. > > > > Bogus header files; specifically, <netinet/ip_fw.h>. Because you > > can't build world, you are compiling the ipfw program with the old > > system include files instead of the new ones. You may also be > > missing a cvs update on the ipfw sources themselves (specifically, > > ipfw2.c). > > No, it did compile ipfw2.c (r1.24). I also installed all new > includes before I compiled ipfw and re-worlding to no avail. I > figured an old kernel with a working firewall was better than a new > kernel with no firewall. No. The problem is that you compiled ipfw2.c with the header /usr/include/netinet/ip_fw.h, and not /usr/src/netinet/ip_fw.h. The way you get the new header is to install it, and as you noticed, that doesn't work. Alternately, you can specify a CFLAGS=-I/usr/src, and it will get the header that matches your kernel. Since the buildworld is a simple fix (back out the changes to the .mk file before trying to build), you should do that, instead. -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EE6CB0E.2C40CAF1>