Bug 190964

If make custom kernel without option INET6 ipnat don't working:
----------
# /etc/rc.d/ipnat restart
70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
Installing NAT rules.
----------

Test and reproducibly on FreeBSD10 AMD64

Comment 2 Cy Schubert 2014-06-13 03:35:28 UTC

Can you show what you did to build FreeBSD without IPV6 support?

Also,please include uname -a.

Thanks.

~cy

Comment 3 Cy Schubert 2014-06-13 03:36:51 UTC

Also, did you build ipfilter into the kernel or are you using a kld?

~cy

> Also,please include uname -a.

# uname -a
FreeBSD mydomain.loc 10.0-RELEASE-p3 FreeBSD 10.0-RELEASE-p3 #1: Mon May 26 18:18:34 CEST 2014     dym@mydomain.loc:/usr/obj/usr/src/sys/GW  amd64

> Also,please include uname -a.

# uname -a
FreeBSD mydomain.loc 10.0-RELEASE-p3 FreeBSD 10.0-RELEASE-p3 #1: Mon May 26 18:18:34 CEST 2014     dym@mydomain.loc:/usr/obj/usr/src/sys/GW  amd64

> did you build ipfilter into the kernel or are you using a kld?
This variant kernel config ipnat OK:
<skip>
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
options 	INET6			# IPv6 communications protocols
options 	TCP_OFFLOAD		# TCP offload
<skip>
###############my_options##############################
options		IPFILTER
options		IPFILTER_LOG
options		IPFILTER_DEFAULT_BLOCK
options		IPSTEALTH
options		TCPDEBUG

This variant kernel config ipnat not working:
<skip>
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
#options 	INET6			# IPv6 communications protocols
options 	TCP_OFFLOAD		# TCP offload
<skip>
###############my_options##############################
options		IPFILTER
options		IPFILTER_LOG
options		IPFILTER_DEFAULT_BLOCK
options		IPSTEALTH
options		TCPDEBUG

Even if a GENERIC comment options INET6 ipnat not work.

Comment 6 Cy Schubert 2014-06-13 19:29:13 UTC

(In reply to DYM from comment #5)
> > Also,please include uname -a.
> 
> # uname -a
> FreeBSD mydomain.loc 10.0-RELEASE-p3 FreeBSD 10.0-RELEASE-p3 #1: Mon May 26
> 18:18:34 CEST 2014     dym@mydomain.loc:/usr/obj/usr/src/sys/GW  amd64
> 
> > did you build ipfilter into the kernel or are you using a kld?
> This variant kernel config ipnat OK:
> <skip>
> options 	PREEMPTION		# Enable kernel thread preemption
> options 	INET			# InterNETworking
> options 	INET6			# IPv6 communications protocols
> options 	TCP_OFFLOAD		# TCP offload
> <skip>
> ###############my_options##############################
> options		IPFILTER
> options		IPFILTER_LOG
> options		IPFILTER_DEFAULT_BLOCK
> options		IPSTEALTH
> options		TCPDEBUG
> 
> This variant kernel config ipnat not working:
> <skip>
> options 	PREEMPTION		# Enable kernel thread preemption
> options 	INET			# InterNETworking
> #options 	INET6			# IPv6 communications protocols
> options 	TCP_OFFLOAD		# TCP offload
> <skip>
> ###############my_options##############################
> options		IPFILTER
> options		IPFILTER_LOG
> options		IPFILTER_DEFAULT_BLOCK
> options		IPSTEALTH
> options		TCPDEBUG
> 
> Even if a GENERIC comment options INET6 ipnat not work.

Try something like the following. If you don't include a file which specifies INET6 then commenting out the option is good enough. Also remember to include makeoptions to not build INET6 in kernel modules.

include		BREAK

ident		NOINET6
 
makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
 
makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT="
nooptions	INET6

Comment 7 Cy Schubert 2014-06-27 13:51:38 UTC

Make sure makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT=" is also specified in your kernel config.

> Try something like the following. If you don't include a file which
> specifies INET6 then commenting out the option is good enough. Also remember
> to include makeoptions to not build INET6 in kernel modules.
> 
> include		BREAK
> ...

Not make kernel:
================================
# make buildkernel KERNCONF=NOINET6

--------------------------------------------------------------
>>> Kernel build for NOINET6 started on Fri Jun 27 17:11:49 CEST 2014
--------------------------------------------------------------
===> NOINET6
mkdir -p /usr/obj/usr/src/sys

--------------------------------------------------------------
>>> stage 1: configuring the kernel
--------------------------------------------------------------
cd /usr/src/sys/amd64/conf;  PATH=/usr/obj/usr/src/tmp/legacy/usr/sbin:/usr/obj/usr/src/tmp/legacy/usr/bin:/usr/obj/usr/src/tmp/legacy/usr/games:/usr/obj/usr/src/tmp/legacy/bin:/usr/obj/usr/src/tmp/usr/sbin:/usr/obj/usr/src/tmp/usr/bin:/usr/obj/usr/src/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin  config  -d /usr/obj/usr/src/sys/NOINET6  /usr/src/sys/amd64/conf/NOINET6
config: /usr/src/sys/amd64/conf/NOINET6:6: cannot open included file
*** Error code 1

Stop.
make[1]: stopped in /usr/src
*** Error code 1

Stop.
make: stopped in /usr/src
================================

(In reply to Cy Schubert from comment #6)
>
> Try something like the following. If you don't include a file which
> specifies INET6 then commenting out the option is good enough. Also remember
> to include makeoptions to not build INET6 in kernel modules.
> 
> include		BREAK
> 
> ident		NOINET6
>  
> makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
>  
> makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT="
> nooptions	INET6

Operation only GENERIC-base kernel.

Make kernel with options:
===============================
<skip>
ident		NOINET6
#include		BREAK
makeoptions	DEBUG=-g
makeoptions	WITH_CTF=1
makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT="
nooptions	INET6
options 	SCHED_ULE		# ULE scheduler
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
#options 	INET6			# IPv6 communications protocols
options 	TCP_OFFLOAD		# TCP offload
<skip>
===============================

Result:
===============================
# ipnat -CF -f /etc/ipnat.rules
70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
===============================


I make kernel with options:
===============================
<skip>
ident		NOINET6
makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT="
options 	SCHED_ULE		# ULE scheduler
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
#options 	INET6			# IPv6 communications protocols
options 	TCP_OFFLOAD		# TCP offload
<skip>
===============================

Result:
===============================
# ipnat -CF -f /etc/ipnat.rules
70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
===============================

FreeBSD mydomain.loc 10.0-RELEASE-p6 FreeBSD 10.0-RELEASE-p6 #1: Fri Jun 27 19:43:22 CEST 2014     dym@mydomain.loc:/usr/obj/usr/src/sys/NOINET6  amd64

Comment 10 Cy Schubert 2014-06-27 19:34:45 UTC

Replace BREAK with GENERIC.

You failed to add makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT=" to your kernel config file, thus you built the kernel without IPv6 but built ipfilter with IPv6. Either add the makeoptions above or statically link ipfilter into your kernel.

Comment 11 Cy Schubert 2014-06-27 19:42:03 UTC

The user must include an option in the kernel config file to pass the option to ipfilter module build to

Comment 12 Cy Schubert 2014-06-27 19:49:16 UTC

(In reply to Cy Schubert from comment #11)
> The user must include an option in the kernel config file to pass the option
> to ipfilter module build to

Ignore comment 11. Hit submit before completing.

Comment 13 Cy Schubert 2014-06-27 20:11:07 UTC

Also, add WITHOUT_INET6_SUPPORT to your buildworld.

Use this kernel config:

include		GENERIC

ident		NOINET6
 
makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
 
makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT="
nooptions	INET6

Then,

make KERNCONF=NOINET6 -DWITHOUT_INET6_SUPPORT buildworld buildkernel

><skip> 
> Use this kernel config:
> 
> include		GENERIC
>
> <skip>

What does it do? I gather from GENERIC configuration with the addition of options that you have written to me and three lines:

maxusers	0
options		IPFILTER
options		IPFILTER_LOG

Comment 15 Cy Schubert 2014-06-28 17:54:37 UTC

The config file removes IPV6 support.

I'm currently testing a patch. (There have been build issues with today's -CURRENT. Once those are resolved I will test my patch.)

(In reply to Cy Schubert from comment #13)

I brought the full text files make.conf and kernel config to avoid misunderstandings.

Contents make.conf:
================================
NOPROFILE="YES"
NO_PROFILE="YES"
NOHTML="YES"
NO_HTML="YES"
NOINET6="YES"
NO_INET6="YES"
WITHOUT_INET6="YES"
NOBLUETOOTH="YES"
NO_BLUETOOTH="YES"
WITHOUT_BLUETOOTH="YES"
NOWIRELESS="YES"
NO_WIRELESS="YES"
WITHOUT_WIRELESS="YES"
WITHOUT_IPX="YES"
NOGAMES="YES"
NO_GAMES="YES"
WITHOUT_X11="YES"
================================

Contents NOINET6 kernel config:
================================
#
# GENERIC -- Generic kernel configuration file for FreeBSD/amd64
#
# For more information on this file, please read the config(5) manual page,
# and/or the handbook section on Kernel Configuration Files:
#
#    http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ../../conf/NOTES and NOTES files.
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
# $FreeBSD: releng/10.0/sys/amd64/conf/GENERIC 256329 2013-10-11 19:43:37Z gjb $

cpu		HAMMER
ident		NOINET6
maxusers	0

#include		GENERIC
makeoptions	DEBUG=-g
makeoptions	WITH_CTF=1
makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT="
nooptions	INET6

options 	SCHED_ULE		# ULE scheduler
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
#options 	INET6			# IPv6 communications protocols
options 	TCP_OFFLOAD		# TCP offload
options 	SCTP			# Stream Control Transmission Protocol
options 	FFS			# Berkeley Fast Filesystem
options 	SOFTUPDATES		# Enable FFS soft updates support
options 	UFS_ACL			# Support for access control lists
options 	UFS_DIRHASH		# Improve performance on big directories
options 	UFS_GJOURNAL		# Enable gjournal-based UFS journaling
options 	QUOTA			# Enable disk quotas for UFS
options 	MD_ROOT			# MD is a potential root device
options 	NFSCL			# New Network Filesystem Client
options 	NFSD			# New Network Filesystem Server
options 	NFSLOCKD		# Network Lock Manager
options 	NFS_ROOT		# NFS usable as /, requires NFSCL
options 	MSDOSFS			# MSDOS Filesystem
options 	CD9660			# ISO 9660 Filesystem
options 	PROCFS			# Process filesystem (requires PSEUDOFS)
options 	PSEUDOFS		# Pseudo-filesystem framework
options 	GEOM_PART_GPT		# GUID Partition Tables.
options 	GEOM_RAID		# Soft RAID functionality.
options 	GEOM_LABEL		# Provides labelization
options 	COMPAT_FREEBSD32	# Compatible with i386 binaries
options 	COMPAT_FREEBSD4		# Compatible with FreeBSD4
options 	COMPAT_FREEBSD5		# Compatible with FreeBSD5
options 	COMPAT_FREEBSD6		# Compatible with FreeBSD6
options 	COMPAT_FREEBSD7		# Compatible with FreeBSD7
options 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
options 	KTRACE			# ktrace(1) support
options 	STACK			# stack(9) support
options 	SYSVSHM			# SYSV-style shared memory
options 	SYSVMSG			# SYSV-style message queues
options 	SYSVSEM			# SYSV-style semaphores
options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
options 	AUDIT			# Security event auditing
options 	CAPABILITY_MODE		# Capsicum capability mode
options 	CAPABILITIES		# Capsicum capabilities
options 	PROCDESC		# Support for process descriptors
options 	MAC			# TrustedBSD MAC Framework
options 	KDTRACE_FRAME		# Ensure frames are compiled in
options 	KDTRACE_HOOKS		# Kernel DTrace hooks
options 	DDB_CTF			# Kernel ELF linker loads CTF data
options 	INCLUDE_CONFIG_FILE     # Include this file in kernel

# Debugging support.  Always need this:
options 	KDB			# Enable kernel debugger support.
options 	KDB_TRACE		# Print a stack trace for a panic.

# Make an SMP-capable kernel by default
options 	SMP			# Symmetric MultiProcessor Kernel

# CPU frequency control
device		cpufreq

# Bus support.
device		acpi
device		pci

# Floppy drives
device		fdc

# ATA controllers
device		ahci		# AHCI-compatible SATA controllers
device		ata		# Legacy ATA/SATA controllers
options 	ATA_STATIC_ID	# Static device numbering
device		mvs		# Marvell 88SX50XX/88SX60XX/88SX70XX/SoC SATA
device		siis		# SiliconImage SiI3124/SiI3132/SiI3531 SATA

# SCSI Controllers
device		ahc		# AHA2940 and onboard AIC7xxx devices
options 	AHC_REG_PRETTY_PRINT	# Print register bitfields in debug
					# output.  Adds ~128k to driver.
device		ahd		# AHA39320/29320 and onboard AIC79xx devices
options 	AHD_REG_PRETTY_PRINT	# Print register bitfields in debug
					# output.  Adds ~215k to driver.
device		esp# AMD Am53C974 (Tekram DC-390(T))
device		hptiop		# Highpoint RocketRaid 3xxx series
device		isp		# Qlogic family
#device		ispfw		# Firmware for QLogic HBAs- normally a module
device		mpt		# LSI-Logic MPT-Fusion
device		mps		# LSI-Logic MPT-Fusion 2
#device		ncr		# NCR/Symbios Logic
device		sym		# NCR/Symbios Logic (newer chipsets + those of `ncr')
device		trm		# Tekram DC395U/UW/F DC315U adapters

device		adv		# Advansys SCSI adapters
device		adw		# Advansys wide SCSI adapters
device		aic		# Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
device		bt		# Buslogic/Mylex MultiMaster SCSI adapters
device		isci		# Intel C600 SAS controller

# ATA/SCSI peripherals
device		scbus		# SCSI bus (required for ATA/SCSI)
device		ch		# SCSI media changers
device		da		# Direct Access (disks)
device		sa		# Sequential Access (tape etc)
device		cd		# CD
device		pass		# Passthrough device (direct ATA/SCSI access)
device		ses		# Enclosure Services (SES and SAF-TE)
#device		ctl		# CAM Target Layer

# RAID controllers interfaced to the SCSI subsystem
device		amr		# AMI MegaRAID
device		arcmsr		# Areca SATA II RAID
#XXX it is not 64-bit clean, -scottl
#device		asr		# DPT SmartRAID V, VI and Adaptec SCSI RAID
device		ciss		# Compaq Smart RAID 5*
device		dpt		# DPT Smartcache III, IV - See NOTES for options
device		hptmv		# Highpoint RocketRAID 182x
device		hptnr		# Highpoint DC7280, R750
device		hptrr		# Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx
device		hpt27xx		# Highpoint RocketRAID 27xx
device		iir		# Intel Integrated RAID
device		ips		# IBM (Adaptec) ServeRAID
device		mly		# Mylex AcceleRAID/eXtremeRAID
device		twa		# 3ware 9000 series PATA/SATA RAID
device		tws		# LSI 3ware 9750 SATA+SAS 6Gb/s RAID controller

# RAID controllers
device		aac		# Adaptec FSA RAID
device		aacp		# SCSI passthrough for aac (requires CAM)
device		aacraid		# Adaptec by PMC RAID
device		ida		# Compaq Smart RAID
device		mfi		# LSI MegaRAID SAS
device		mlx		# Mylex DAC960 family
#XXX pointer/int warnings
#device		pst		# Promise Supertrak SX6000
device		twe		# 3ware ATA RAID

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc		# AT keyboard controller
device		atkbd		# AT keyboard
device		psm		# PS/2 mouse

device		kbdmux		# keyboard multiplexer

device		vga		# VGA video card driver
options 	VESA		# Add support for VESA BIOS Extensions (VBE)

device		splash		# Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device		sc
options 	SC_PIXEL_MODE	# add support for the raster text mode

device		agp		# support several AGP chipsets

# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
device		cbb		# cardbus (yenta) bridge
device		pccard		# PC Card (16-bit) bus
device		cardbus		# CardBus (32-bit) bus

# Serial (COM) ports
device		uart		# Generic UART driver

# Parallel port
device		ppc
device		ppbus		# Parallel port bus (required)
device		lpt		# Printer
device		ppi		# Parallel port interface device
#device		vpo		# Requires scbus and da

device		puc		# Multi I/O cards and multi-channel UARTs

# PCI Ethernet NICs.
device		bxe		# Broadcom NetXtreme II BCM5771X/BCM578XX 10GbE
device		de		# DEC/Intel DC21x4x (``Tulip'')
device		em		# Intel PRO/1000 Gigabit Ethernet Family
device		igb		# Intel PRO/1000 PCIE Server Gigabit Family
device		ixgbe		# Intel PRO/10GbE PCIE Ethernet Family
device		le		# AMD Am7900 LANCE and Am79C9xx PCnet
device		ti		# Alteon Networks Tigon I/II gigabit Ethernet
device		txp		# 3Com 3cR990 (``Typhoon'')
device		vx		# 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device		miibus		# MII bus support
device		ae		# Attansic/Atheros L2 FastEthernet
device		age		# Attansic/Atheros L1 Gigabit Ethernet
device		alc		# Atheros AR8131/AR8132 Ethernet
device		ale		# Atheros AR8121/AR8113/AR8114 Ethernet
device		bce		# Broadcom BCM5706/BCM5708 Gigabit Ethernet
device		bfe		# Broadcom BCM440x 10/100 Ethernet
device		bge		# Broadcom BCM570xx Gigabit Ethernet
device		cas		# Sun Cassini/Cassini+ and NS DP83065 Saturn
device		dc		# DEC/Intel 21143 and various workalikes
device		et		# Agere ET1310 10/100/Gigabit Ethernet
device		fxp		# Intel EtherExpress PRO/100B (82557, 82558)
device		gem		# Sun GEM/Sun ERI/Apple GMAC
device		hme		# Sun HME (Happy Meal Ethernet)
device		jme		# JMicron JMC250 Gigabit/JMC260 Fast Ethernet
device		lge		# Level 1 LXT1001 gigabit Ethernet
device		msk		# Marvell/SysKonnect Yukon II Gigabit Ethernet
device		nfe		# nVidia nForce MCP on-board Ethernet
device		nge		# NatSemi DP83820 gigabit Ethernet
#device		nve		# nVidia nForce MCP on-board Ethernet Networking
device		pcn		# AMD Am79C97x PCI 10/100 (precedence over 'le')
device		re		# RealTek 8139C+/8169/8169S/8110S
device		rl		# RealTek 8129/8139
device		sf		# Adaptec AIC-6915 (``Starfire'')
device		sge		# Silicon Integrated Systems SiS190/191
device		sis		# Silicon Integrated Systems SiS 900/SiS 7016
device		sk		# SysKonnect SK-984x & SK-982x gigabit Ethernet
device		ste		# Sundance ST201 (D-Link DFE-550TX)
device		stge		# Sundance/Tamarack TC9021 gigabit Ethernet
device		tl		# Texas Instruments ThunderLAN
device		tx		# SMC EtherPower II (83c170 ``EPIC'')
device		vge		# VIA VT612x gigabit Ethernet
device		vr		# VIA Rhine, Rhine II
device		wb		# Winbond W89C840F
device		xl		# 3Com 3c90x (``Boomerang'', ``Cyclone'')

# ISA Ethernet NICs.  pccard NICs included.
device		cs		# Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
device		ed		# NE[12]000, SMC Ultra, 3c503, DS8390 cards
device		ex		# Intel EtherExpress Pro/10 and Pro/10+
device		ep		# Etherlink III based cards
device		fe		# Fujitsu MB8696x based cards
device		sn		# SMC's 9000 series of Ethernet chips
device		xe		# Xircom pccard Ethernet

# Wireless NIC cards
device		wlan		# 802.11 support
options 	IEEE80211_DEBUG	# enable debug msgs
options 	IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's
options 	IEEE80211_SUPPORT_MESH	# enable 802.11s draft support
device		wlan_wep	# 802.11 WEP support
device		wlan_ccmp	# 802.11 CCMP support
device		wlan_tkip	# 802.11 TKIP support
device		wlan_amrr	# AMRR transmit rate control algorithm
device		an		# Aironet 4500/4800 802.11 wireless NICs.
device		ath		# Atheros NICs
device		ath_pci		# Atheros pci/cardbus glue
device		ath_hal		# pci/cardbus chip support
options 	AH_SUPPORT_AR5416	# enable AR5416 tx/rx descriptors
options 	AH_AR5416_INTERRUPT_MITIGATION	# AR5416 interrupt mitigation
options 	ATH_ENABLE_11N	# Enable 802.11n support for AR5416 and later
device		ath_rate_sample	# SampleRate tx rate control for ath
#device		bwi		# Broadcom BCM430x/BCM431x wireless NICs.
#device		bwn		# Broadcom BCM43xx wireless NICs.
device		ipw		# Intel 2100 wireless NICs.
device		iwi		# Intel 2200BG/2225BG/2915ABG wireless NICs.
device		iwn		# Intel 4965/1000/5000/6000 wireless NICs.
device		malo		# Marvell Libertas wireless NICs.
device		mwl		# Marvell 88W8363 802.11n wireless NICs.
device		ral		# Ralink Technology RT2500 wireless NICs.
device		wi		# WaveLAN/Intersil/Symbol 802.11 wireless NICs.
device		wpi		# Intel 3945ABG wireless NICs.

# Pseudo devices.
device		loop		# Network loopback
device		random		# Entropy device
device		padlock_rng	# VIA Padlock RNG
device		rdrand_rng	# Intel Bull Mountain RNG
device		ether		# Ethernet support
device		vlan		# 802.1Q VLAN support
device		tun		# Packet tunnel.
device		md		# Memory "disks"
device		gif		# IPv6 and IPv4 tunneling
device		faith		# IPv6-to-IPv4 relaying (translation)
device		firmware	# firmware assist module

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device		bpf		# Berkeley packet filter

# USB support
options 	USB_DEBUG	# enable debug msgs
device		uhci		# UHCI PCI->USB interface
device		ohci		# OHCI PCI->USB interface
device		ehci		# EHCI PCI->USB interface (USB 2.0)
device		xhci		# XHCI PCI->USB interface (USB 3.0)
device		usb		# USB Bus (required)
device		ukbd		# Keyboard
device		umass		# Disks/Mass storage - Requires scbus and da

# Sound support
device		sound		# Generic sound driver (required)
device		snd_cmi		# CMedia CMI8338/CMI8738
device		snd_csa		# Crystal Semiconductor CS461x/428x
device		snd_emu10kx	# Creative SoundBlaster Live! and Audigy
device		snd_es137x	# Ensoniq AudioPCI ES137x
device		snd_hda		# Intel High Definition Audio
device		snd_ich		# Intel, NVidia and other ICH AC'97 Audio
device		snd_via8233	# VIA VT8233x Audio

# MMC/SD
device		mmc		# MMC/SD bus
device		mmcsd		# MMC/SD memory card
device		sdhci		# Generic PCI SD Host Controller

# VirtIO support
device		virtio		# Generic VirtIO bus (required)
device		virtio_pci	# VirtIO PCI device
device		vtnet		# VirtIO Ethernet device
device		virtio_blk	# VirtIO Block device
device		virtio_scsi	# VirtIO SCSI device
device		virtio_balloon	# VirtIO Memory Balloon device

# HyperV drivers
device		hyperv		# HyperV drivers 

# Xen HVM Guest Optimizations
# NOTE: XENHVM depends on xenpci.  They must be added or removed together.
options 	XENHVM		# Xen HVM kernel infrastructure
device		xenpci		# Xen HVM Hypervisor services driver

# VMware support
device		vmx		# VMware VMXNET3 Ethernet

#ipf&ipnat options
options		IPFILTER
options		IPFILTER_LOG
================================

Result:
===============================
# ipnat -CF -f /etc/ipnat.rules
70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
===============================

(In reply to Cy Schubert from comment #15)
> The config file removes IPV6 support.
> 
> I'm currently testing a patch. (There have been build issues with today's
> -CURRENT. Once those are resolved I will test my patch.)


I'm not using CURRENT, using RELEASE. This is a significant difference?

Comment 18 Cy Schubert 2014-06-28 21:54:44 UTC

Created attachment 144231 [details]
Test patch

Test patch for ipnat.

Comment 19 Cy Schubert 2014-06-28 21:57:44 UTC

I've uploaded a copy of the patch. I haven't tested it yet, will try tonight in a VM. If you're willing, apply the patch and see if it solves your issue.

I'll test this on i386 and amd64, with and without IPV6 enabled, to make sure nothing breaks. A make universe will also need to be done before I commit it.

(In reply to Cy Schubert from comment #19)
> I've uploaded a copy of the patch. I haven't tested it yet, will try tonight
> in a VM. If you're willing, apply the patch and see if it solves your issue.
> 
> I'll test this on i386 and amd64, with and without IPV6 enabled, to make
> sure nothing breaks. A make universe will also need to be done before I
> commit it.

Kernel with patch already making:
============================
#make KERNCONF=GENOINET6 -DWITHOUT_INET6_SUPPORT buildkernel
--------------------------------------------------------------
>>> Kernel build for GENOINET6 completed on Sun Jun 29 11:10:11 CEST 2014
--------------------------------------------------------------
============================

But makeworld notb yet:
============================
#make KERNCONF=GENOINET6 -DWITHOUT_INET6_SUPPORT buildworld
<skip>
cc  -O2 -pipe  -I. -DIPFILTER_BPF -DHAS_SYS_MD5_H -I/usr/src/sbin/ipf/ipf/../../../contrib/ipfilter -I/usr/src/sbin/ipf/ipf/../../../contrib/ipfilter/tools -I/usr/src/sbin/ipf/ipf/../../../sys -I/usr/src/sbin/ipf/ipf/../../../sys/contrib/ipfilter -DSTATETOP -D__UIO_EXPOSE -DRESCUE -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-array-bounds -Wno-format -c /usr/src/sbin/ipf/ipf/../../../contrib/ipfilter/lib/printhost.c
/usr/src/sbin/ipf/ipf/../../../contrib/ipfilter/lib/printhost.c:26:9: error: unused variable 'ptr' [-Werror,-Wunused-variable]
                void *ptr = addr;
                      ^
1 error generated.
*** Error code 1

Stop.
make[6]: stopped in /usr/src/sbin/ipf/ipf
*** Error code 1

Stop.
make[5]: stopped in /usr/obj/usr/src/rescue/rescue
*** Error code 1

Stop.
make[4]: stopped in /usr/src/rescue/rescue
*** Error code 1

Stop.
make[3]: stopped in /usr/src/rescue
*** Error code 1

Stop.
make[2]: stopped in /usr/src
*** Error code 1

Stop.
make[1]: stopped in /usr/src
*** Error code 1

Stop.
make: stopped in /usr/src

============================

(In reply to Cy Schubert from comment #19)
Add to comment #20

Kernel with patch result:
===============================
# ipnat -CF -f /etc/ipnat.rules
70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
Installing NAT rules.
70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
===============================

Comment 22 Cy Schubert 2014-06-29 14:51:40 UTC

(In reply to DYM from comment #21)
> (In reply to Cy Schubert from comment #19)
> Add to comment #20
> 
> Kernel with patch result:
> ===============================
> # ipnat -CF -f /etc/ipnat.rules
> 70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
> Installing NAT rules.
> 70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
> ===============================

Just tested it on an i386 VM. No problems here. Uploading screenshot.

Comment 23 Cy Schubert 2014-06-29 14:55:07 UTC

Created attachment 144248 [details]
Screenshot of resolved issue.

Screenshot of resolved issue.

Comment 24 Cy Schubert 2014-06-29 14:56:05 UTC

I will test under -CURRENT on amd64 on real hardware now.

Created attachment 144348 [details]
make config

Created attachment 144349 [details]
kernel config

Different from GENERIC:
1) remove first 19 comment lines and 1 empty line
2) change ident to NOINET6
3) add 7-12 lines

Comment 27 Cy Schubert 2014-07-02 20:00:55 UTC

(In reply to DYM from comment #25)
> Created attachment 144348 [details]
> make config

I sense there is some confusion. This is not a problem with your kernel but with the ipnat binary. The patch does not change the kernel but does fix the ipnat binary. Compile or buildworld after applying the patch using one of the following.

cd /usr/src && make KERNCONF=NOINET6 buildworld buildkeernel installworld installkernel

Or, if you wish to perform a more targeted build,

cd /usr/src/sbin/ipf && make obj && make buildincludes && make && make install


If you wish to rebuild your kernel (not necessary to implement the patch) use the following in your kernel config file:

MKMODULESENV+="WITHOUT_INET6_SUPPORT="
nooptions	INET6

(In reply to Cy Schubert from comment #24)
> I will test under -CURRENT on amd64 on real hardware now.

I create test machine:
CPU: AMD FX(tm)-8350 Eight-Core Processor            (4013.55-MHz K8-class CPU)
real memory  = 4294967296 (4096 MB)

Set fresh install:
FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014
    root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610

Create two files (I upload to avoid misunderstandings) that directly affect the assembly:
/etc/make.conf
/usr/src/sys/amd64/conf/NOINET6

Install from ports subversion, update ports and sources, install screen, mc-light, portupgrade (all from ports).

After apply patch build kernel and world in two step.

Kernel build string:
# make KERNCONF=GENOINET6 -DWITHOUT_INET6_SUPPORT buildkernel
Building kernel successful.

World build string:
# make KERNCONF=GENOINET6 -DWITHOUT_INET6_SUPPORT buildworld
=====================================================
<skip>
cc  -O2 -pipe  -I. -DIPFILTER_BPF -DHAS_SYS_MD5_H -I/usr/src/sbin/ipf/ipf/../../../contrib/ipfilter -I/usr/src/sbin/ipf/ipf/../../../contrib/ipfilter/tools -I/usr/src/sbin/ipf/ipf/../../../sys -I/usr/src/sbin/ipf/ipf/../../../sys/contrib/ipfilter -DSTATETOP -D__UIO_EXPOSE -DRESCUE -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-array-bounds -Wno-format -c /usr/src/sbin/ipf/ipf/../../../contrib/ipfilter/lib/printhost.c
/usr/src/sbin/ipf/ipf/../../../contrib/ipfilter/lib/printhost.c:26:9: error: unused variable 'ptr' [-Werror,-Wunused-variable]
                void *ptr = addr;
                      ^
1 error generated.
*** Error code 1

Stop.
make[6]: stopped in /usr/src/sbin/ipf/ipf
*** Error code 1

Stop.
make[5]: stopped in /usr/obj/usr/src/rescue/rescue
*** Error code 1

Stop.
make[4]: stopped in /usr/src/rescue/rescue
*** Error code 1

Stop.
make[3]: stopped in /usr/src/rescue
*** Error code 1

Stop.
make[2]: stopped in /usr/src
*** Error code 1

Stop.
make[1]: stopped in /usr/src
*** Error code 1

Stop.
make: stopped in /usr/src
=================================================

Created attachment 144370 [details]
make ipf with patch

(In reply to Cy Schubert from comment #27)
> <skip>
> 
> Or, if you wish to perform a more targeted build,
> 
> cd /usr/src/sbin/ipf && make obj && make buildincludes && make && make
> install
> <skip>

See result in attach file.

Created attachment 144372 [details]
make ipf without patch

Result see in attach.

But ipnat not working:
# ipnat -CF -f /etc/ipnat.rules
70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj

P.S  # uname -a
FreeBSD test.loc 10.0-RELEASE-p6 FreeBSD 10.0-RELEASE-p6 #0: Wed Jul  2 22:36:52 EEST 2014     dym@test.loc:/usr/obj/usr/src/sys/NOINET6  amd64

Comment 31 Cy Schubert 2014-07-03 19:45:17 UTC

Created attachment 144378 [details]
contrib/ipfilter/lib/printhost.c patch

This should fix the compile error.

Comment 32 Cy Schubert 2014-07-03 19:50:45 UTC

(In reply to DYM from comment #30)
> Created attachment 144372 [details]
> make ipf without patch

Why do this?

> 
> Result see in attach.
> 
> But ipnat not working:
> # ipnat -CF -f /etc/ipnat.rules
> 70:ioctl(SIOCGNATS) object size mismatch for copying out ipfobj
> 
> P.S  # uname -a
> FreeBSD test.loc 10.0-RELEASE-p6 FreeBSD 10.0-RELEASE-p6 #0: Wed Jul  2
> 22:36:52 EEST 2014     dym@test.loc:/usr/obj/usr/src/sys/NOINET6  amd64

Apply the patch! It removes code in ip_compat.h that enables IPv6 in userland regardless of defines.

(In reply to Cy Schubert from comment #32)
> 
> Why do this?
> 
Give maximum information. Perhaps excessively, sorry.

(In reply to Cy Schubert from comment #31)
> Created attachment 144378 [details]
> contrib/ipfilter/lib/printhost.c patch
> 
> This should fix the compile error.


Then that's not all. Similar changes need to be made to a file
contrib/ipfilter/lib/printhostmask.c


But in this case, the compilation fails:
<skip>
/usr/src/sbin/ipf/libipf/../../../contrib/ipfilter/lib/save_v1trap.c:181:25: error: incompatible pointer types passing 'struct sockaddr_in *'
      to parameter of type 'const struct sockaddr *' [-Werror,-Wincompatible-pointer-types]
                        if (connect(ctx->fd, &ctx->sin,
                                             ^~~~~~~~~
/usr/src/sbin/ipf/libipf/../../../sys/sys/socket.h:598:41: note: passing argument to parameter here
int     connect(int, const struct sockaddr *, socklen_t);
                                            ^
1 error generated.
*** Error code 1

Stop.
make[1]: stopped in /usr/src/sbin/ipf/libipf
*** Error code 1

Stop.
make: stopped in /usr/src/sbin/ipf

P.S. IMHO, the reason somewhere else. Too many changes need to make patches. Should be easier.

Created attachment 144384 [details]
src/contrib/ipfilter/lib/printhostmask.c patch

Comment 36 Cy Schubert 2014-07-04 00:38:00 UTC

Created attachment 144385 [details]
IP Filter userland diff

Comment 37 Cy Schubert 2014-07-04 00:39:06 UTC

Comment on attachment 144385 [details]
IP Filter userland diff

This should allow the userland to compile if NO_WERROR=1 is not in make.conf.

Comment 38 Cy Schubert 2014-07-04 00:40:40 UTC

(In reply to Cy Schubert from comment #37)
> Comment on attachment 144385 [details]
> IP Filter userland diff
> 
> This should allow the userland to compile if NO_WERROR=1 is not in make.conf.

(In reply to DYM from comment #35)
> Created attachment 144384 [details]
> src/contrib/ipfilter/lib/printhostmask.c patch

I use NO_WERROR=1 in make.conf because more than just ipfilter has issues. Having said that, I just uploaded a patch for userland. There are four files that need patching.

(In reply to Cy Schubert from comment #38)
> <skip>
> I use NO_WERROR=1 in make.conf because more than just ipfilter has issues.
> Having said that, I just uploaded a patch for userland. There are four files
> that need patching.

What src/sys/contrib/ipfilter/netinet/ip_compat.h patch also needed?

Comment 40 Cy Schubert 2014-07-04 13:09:03 UTC

(In reply to DYM from comment #39)
> (In reply to Cy Schubert from comment #38)
> > <skip>
> > I use NO_WERROR=1 in make.conf because more than just ipfilter has issues.
> > Having said that, I just uploaded a patch for userland. There are four files
> > that need patching.
> 
> What src/sys/contrib/ipfilter/netinet/ip_compat.h patch also needed?

Of course you still need that patch. It actually fixes ipnat for you. The other patches just make it build when NO_WERROR=1 is not specified in make.conf.

Comment 41 Cy Schubert 2014-07-10 01:20:02 UTC

The patch works for me. If I don't hear from you I will commit it and close this PR.

Got to check. Yes, it real works.

Add patch:
===================================================================
--- src/sys/contrib/ipfilter/netinet/ip_compat.h
+++ src/sys/contrib/ipfilter/netinet/ip_compat.h
@@ -33,10 +33,6 @@
 #endif
 
 #define	SOLARIS	(defined(sun) && (defined(__svr4__) || defined(__SVR4)))
-#if defined(__FreeBSD_version) && (__FreeBSD_version >= 400000) && \
-    !defined(_KERNEL) && !defined(USE_INET6) && !defined(NOINET6)
-# define	USE_INET6
-#endif
 
 
 #if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
===================================================================
--- contrib/ipfilter/lib/printhost.c
+++ contrib/ipfilter/lib/printhost.c
@@ -23,9 +23,9 @@
 	if ((family == -1) || !*addr)
 		PRINTF("any");
 	else {
+#ifdef  USE_INET6
 		void *ptr = addr;
 
-#ifdef  USE_INET6
 		PRINTF("%s", inet_ntop(family, ptr, ipbuf, sizeof(ipbuf)));
 #else
 		ipa.s_addr = *addr;
===================================================================
--- contrib/ipfilter/lib/printhostmask.c
+++ contrib/ipfilter/lib/printhostmask.c
@@ -25,9 +25,9 @@
 	if ((family == -1) || ((!addr || !*addr) && (!mask || !*mask)))
 		PRINTF("any");
 	else {
+#ifdef  USE_INET6
 		void *ptr = addr;
 
-#ifdef  USE_INET6
 		PRINTF("%s", inet_ntop(family, ptr, ipbuf, sizeof(ipbuf)));
 #else
 		ipa.s_addr = *addr;
===================================================================
--- contrib/ipfilter/lib/save_v1trap.c
+++ contrib/ipfilter/lib/save_v1trap.c
@@ -178,7 +178,7 @@
 		if (ctx->fd >= 0) {
 			ctx->sin.sin_family = AF_INET;
 			ctx->sin.sin_port = htons(162);
-			if (connect(ctx->fd, &ctx->sin,
+			if (connect(ctx->fd, (struct sockaddr *)&ctx->sin,
 				    sizeof(ctx->sin)) != 0) {
 					snmpv1_destroy(ctx);
 					return NULL;
===================================================================
--- contrib/ipfilter/lib/save_v2trap.c
+++ contrib/ipfilter/lib/save_v2trap.c
@@ -181,7 +181,7 @@
 		if (ctx->fd >= 0) {
 			ctx->sin.sin_family = AF_INET;
 			ctx->sin.sin_port = htons(162);
-			if (connect(ctx->fd, &ctx->sin,
+			if (connect(ctx->fd, (struct sockaddr *)&ctx->sin,
 				    sizeof(ctx->sin)) != 0) {
 					snmpv2_destroy(ctx);
 					return NULL;
===================================================================

Add to kernel config:

#addition NOINET6
makeoptions	MKMODULESENV+="WITHOUT_INET6_SUPPORT="
nooptions	INET6
#addition ipf&ipnat options
options		IPFILTER
options		IPFILTER_LOG
options		IPFILTER_DEFAULT_BLOCK

Make kernel and world:
cd /usr/src && make KERNCONF=<kernelname> kernel world

Or make only kernel and ipf/ipnat:
cd /usr/src && make KERNCONF=<kernelname> kernel
cd /usr/src/sbin/ipf && make obj && make buildincludes && make && make install

Comment 43 Cy Schubert 2014-07-11 05:46:38 UTC

Thank you. I've committed the first batch (compile time errors) to head and will MFC on Saturday. The ipnat patch will be committed to head shortly.

Comment 44 commit-hook 2014-07-11 16:27:10 UTC

A commit references this bug:

Author: cy
Date: Fri Jul 11 16:26:51 UTC 2014
New revision: 268532
URL: http://svnweb.freebsd.org/changeset/base/268532

Log:
  Remove redundant USE_INET6 test that enables INET6 in the ipfilter userland
  regardless of the setting in make.conf.

  PR:		190964
  Approved by:	glebius (mentor)
  MFC after:	1 week

Changes:
  head/sys/contrib/ipfilter/netinet/ip_compat.h

Comment 45 commit-hook 2014-07-21 06:45:32 UTC

A commit references this bug:

Author: cy
Date: Mon Jul 21 06:45:19 UTC 2014
New revision: 268937
URL: http://svnweb.freebsd.org/changeset/base/268937

Log:
  MFC r268532 and r268585. When world and kernel are built without INET6
  support, the userland was still built with INET6 turned on.

  PR:		190964
  Approved by:	glebius (mentor, implicit)

Changes:
_U  stable/10/
  stable/10/contrib/ipfilter/lib/printipfexpr.c
  stable/10/sys/contrib/ipfilter/netinet/ip_compat.h

Comment 46 Cy Schubert 2014-07-21 06:52:00 UTC

Fix committed. Closed.

On FreeBSD 12.0 the problem returned.

# uname -a
FreeBSD freebsd.test 12.0-RELEASE-p10 FreeBSD 12.0-RELEASE-p10 r351846 TEST amd64

Kernel source revision 351847

Comment 49 Cy Schubert 2019-09-05 12:42:30 UTC

What do you mean by doesn't work? Does it panic? Does it not build?

Comment 50 Cy Schubert 2019-09-05 12:45:03 UTC

Also, if this is a brand new problem a new PR is needed. Reusing old PRs for new problems is improper.

Cy> Reusing old PRs for new problems is improper.
Sorry, Yes, I'm wrong.

I will create a new PR.
Just new to indistinguishability is similar to the old.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188481

Comment 53 Cy Schubert 2019-09-05 23:32:45 UTC

This was fixed. Open a new PR if there is a new bug. Otherwise do not recycle or reuse old PRs.