Bug 21786

Summary: ipfw divert broken after upgraded from 4.1 to 4.1.1
Product: Base System Reporter: ecffang <ecffang>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1.1-RELEASE   
Hardware: Any   
OS: Any   

Description ecffang 2000-10-06 19:10:00 UTC 
I cvsup 4.1 to 4.11 using make buildworld, buildkernel/installkernel and installworld.  Kernel config file is only GENERIC plus IPDIVERT and IPFIREWALL.
'ipfw list' doesn't show the divert line even rc.conf specified it.  Boot up messages showed:
ipfw: setsockopt(IP_FW_ADD): Invalid argument

By mimicking rc.firewall and do:
ipfw add 50 divert natd all from any to any via xl0

It shows the same thing above.

Thought it's the old config files somewhere conflict with the new ones, 
so I backed up everything, wiped the disk and installed fresh copy from the 4.1.1-RELEASE cdrom.  
Same results.  Seems like IPFIREWALL and IPDIVERT combo don't work anymore.

After the clean cdrom installation, the src can't be compiled correctly even with the original GENERIC while the original 4.1 supped 4.11 src could be compiled correctly:

make buildkernel KERNEL=GENERIC
data" {.data section} - "KERNBASE" {*UND* section} at file address 1535.
/tmp/ccl41249.s:2462: Error: Subtraction of two symbols in different sections "IdlePTD" {.data section} - "KERNBASE" {*UND* section} at file address 1554.
/tmp/ccl41249.s:2465: Error: Subtraction of two symbols in different sections "IdlePTD" {.data section} - "KERNBASE" {*UND* section} at file address 1577.
/tmp/ccl41249.s:2468: Error: Subtraction of two symbols in different sections "IdlePTD" {.data section} - "KERNBASE" {*UND* section} at file address 1596.
*** Error code 1

Stop in /usr/obj/usr/src/sys/GENERIC.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Note: 4.1 works fine with natd and ipfw divert. xl0 is my outside interface with ifconfig_xl0="DHCP" (cable modem).  I'll cvsup the latest stable and see what happens.

How-To-Repeat: 1. Install 4.1.1-release iso cdrom with full src.
2. Configured rc.conf with natd "yes", firewall "YES" "open", gateway_enable="YES" and of course configured both network interfaces.
3. Reboot
4. divert line in rc.firewall doesn't work
5. cd /usr/src/sys/i386/conf; cp GENERIC TEST; add "options IPFIREWALL" and "options IPDIVERT" to TEST.
6. cd /usr/src; make buildkernel KERNEL=TEST  --- failed
Comment 1 billf 2000-10-06 19:53:58 UTC 
On Fri, Oct 06, 2000 at 11:04:03AM -0700, ecffang@yahoo.com wrote:
> >Environment:
> FreeBSD <hostname> 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #0: Tue Sep 26 00:46 :59 GMT 2000     jkh@narf.osd.bsdi.com:/usr/src/sys/compile/GENERIC  i386
> >Description:
> I cvsup 4.1 to 4.11 using make buildworld, buildkernel/installkernel and installworld.  Kernel config file is only GENERIC plus IPDIVERT and IPFIREWALL.

> 'ipfw list' doesn't show the divert line even rc.conf specified it.  Boot up messages showed:
> ipfw: setsockopt(IP_FW_ADD): Invalid argument

Are you really sure your kernel(or module)/userland  are in sync?

[...]

-- 
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
                billf@chimesnet.com / billf@FreeBSD.org
Comment 2 ru freebsd_committer freebsd_triage 2000-10-11 14:18:30 UTC 
State Changed
From-To: open->closed

Can not reproduce, originator is not responsive.