Created attachment 198311 [details]
Full build log (after config step)

SUMMARY

At a glance, miniupnpd appears to have support for all three of FreeBSD's firewall types: pf, ipfilter, and ipfw. But ipfw support does not compile, and the fix to make it compile does not look very simple; ipfw may have undergone an API re-write in the time since ipfw support was included in miniupnpd.

VERSIONS

FreeBSD: 11.2-RELEASE r335510
Ports: Not sure, probably vanilla version from 11.2-RELEASE
net/miniupnpd: 1.9.20160113

STEPS TO REPRODUCE

The code in question will not be configured at compile time unless the host system has enabled ipfw in /etc/rc.conf. (This is done in genconfig.sh in the miniupnpd distribution):

1. Add firewall_enable="YES" to /etc/rc.conf before attempting to build the port.

2. Change directories to the miniupnpd port: cd /usr/ports/net/miniupnpd/

3. Configure the port: make config, accept the default, which is only "IPv6 protocol support"

4. Make


5. The build process should fail when compiling ipfw/ipfwrdr.c:

  cc -O2 -pipe  -I/usr/include -fstack-protector -fno-strict-aliasing -Wall -W Wstrict-prototypes -fno-common -c -o ipfw/ipfwrdr.o ipfw/ipfwrdr.c ipfw/ipfwrdr.c:176:7: error: no member named 'version' in 'struct ip_fw'
          rule.version = IP_FW_CURRENT_API_VERSION;
          ~~~~ ^

FURTHER DETAILS

The code appears to include <netinet/ip_fw.h> for its main kernel interface. The members of the structures currently defined in this file, however, bear little resemblance to the members being used by the code. For instance, the very first compilation error above implies that there is a "version" member in the "ip_fw" structure. There is no such member in the current code. Likewise, the symbol "IP_FW_CURRENT_API_VERSION" doesn't exist at all in any header file under /usr/include.