The ipfilter 3.4.16 binaries in FreeBSD 4.2-stable are not built with IPv6 support and ipfstat does not support the -t (STATETOP) option. It would be nice if those could be enabled before 4.3-release such that FreeBSD 4.3 users have a fully functional version of IP Filter again. -current already has IPv6 and STATETOP enabled for some time. Fix: Apply the following patch to FreeBSD 4.2-stable. It synchronizes all -stable Makefiles with those in -current. This patch supersedes the statetop patch in bin/20074.--3udg4oH0t0W70UTqdeQF0PEv8FENtrF3zG0qZx5t5skh4cr5 Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" Index: sbin/ipf/Makefile =================================================================== RCS file: /home/freebsd/CVS/src/sbin/ipf/Makefile,v retrieving revision 1.4.2.1 diff -u -r1.4.2.1 Makefile --- sbin/ipf/Makefile 2000/07/20 04:57:19 1.4.2.1 +++ sbin/ipf/Makefile 2000/11/12 10:57:02 @@ -7,7 +7,7 @@ MAN5= ipf.5 MAN8= ipf.8 SRCS= ipf.c parse.c opt.c facpri.c common.c -CFLAGS+=-DIPL_NAME=\"/dev/ipl\" -I- -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../contrib/ipfilter +CFLAGS+=-DUSE_INET6 -DIPL_NAME=\"/dev/ipl\" -I- -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../contrib/ipfilter MAINTAINER= guido@freebsd.org Index: sbin/ipfstat/Makefile =================================================================== RCS file: /home/freebsd/CVS/src/sbin/ipfstat/Makefile,v retrieving revision 1.4.2.1 diff -u -r1.4.2.1 Makefile --- sbin/ipfstat/Makefile 2000/07/20 05:15:19 1.4.2.1 +++ sbin/ipfstat/Makefile 2000/11/12 10:59:17 @@ -5,7 +5,10 @@ PROG= ipfstat MAN8= ipfstat.8 SRCS= fils.c parse.c opt.c kmem.c facpri.c common.c -CFLAGS+=-DIPL_NAME=\"/dev/ipl\" -I- -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../sys -I${.CURDIR}/../../contrib/ipfilter +CFLAGS+=-DUSE_INET6 -DIPL_NAME=\"/dev/ipl\" -DSTATETOP -I- -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../sys -I${.CURDIR}/../../contrib/ipfilter + +DPADD= ${NCURSES} +LDADD= -lncurses MAINTAINER= guido@freebsd.org Index: sbin/ipmon/Makefile =================================================================== RCS file: /home/freebsd/CVS/src/sbin/ipmon/Makefile,v retrieving revision 1.6 diff -u -r1.6 Makefile --- sbin/ipmon/Makefile 2000/02/09 21:01:35 1.6 +++ sbin/ipmon/Makefile 2000/11/12 12:14:00 @@ -7,7 +7,7 @@ MAN8= ipmon.8 SRCS= ipmon.c -CFLAGS+=-DIPL_NAME=\"/dev/ipl\" -I- -I${.CURDIR}/../../sys -I${.CURDIR}/../../contrib/ipfilter +CFLAGS+=-DUSE_INET6 -DIPL_NAME=\"/dev/ipl\" -I- -I${.CURDIR}/../../sys -I${.CURDIR}/../../contrib/ipfilter MAINTAINER= guido@freebsd.org Index: sbin/ipnat/Makefile =================================================================== RCS file: /home/freebsd/CVS/src/sbin/ipnat/Makefile,v retrieving revision 1.4.2.1 diff -u -r1.4.2.1 Makefile --- sbin/ipnat/Makefile 2000/07/20 05:46:06 1.4.2.1 +++ sbin/ipnat/Makefile 2000/11/12 11:48:15 @@ -6,8 +6,9 @@ MAN1= ipnat.1 MAN4= ipnat.4 MAN5= ipnat.5 +MLINKS= ipnat.5 ipnat.conf.5 SRCS= ipnat.c kmem.c natparse.c common.c -CFLAGS+=-DIPL_NAME=\"/dev/ipl\" -I- -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../sys -I${.CURDIR}/../../contrib/ipfilter +CFLAGS+=-DUSE_INET6 -DIPL_NAME=\"/dev/ipl\" -I- -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../sys -I${.CURDIR}/../../contrib/ipfilter MAINTAINER= guido@freebsd.org Index: usr.sbin/ipftest/Makefile =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/ipftest/Makefile,v retrieving revision 1.4.2.1 diff -u -r1.4.2.1 Makefile --- usr.sbin/ipftest/Makefile 2000/07/20 06:40:45 1.4.2.1 +++ usr.sbin/ipftest/Makefile 2000/11/12 11:01:52 @@ -10,7 +10,7 @@ ipft_tx.c misc.c ip_frag.c ip_state.c ip_nat.c ip_proxy.c \ ip_auth.c ipft_hx.c ip_fil.c natparse.c facpri.c common.c -CFLAGS+=-DIPL_NAME=\"/dev/ipl\" -I- -I${.OBJDIR} -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../sys -I${.CURDIR}/../../contrib/ipfilter +CFLAGS+=-DUSE_INET6 -DIPL_NAME=\"/dev/ipl\" -I- -I${.OBJDIR} -I${.CURDIR}/../../sys/netinet -I${.CURDIR}/../../sys -I${.CURDIR}/../../contrib/ipfilter CLEANFILES+= opt_ipfilter.h Index: usr.sbin/ipresend/Makefile =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/ipresend/Makefile,v retrieving revision 1.4 diff -u -r1.4 Makefile --- usr.sbin/ipresend/Makefile 1999/12/06 20:50:01 1.4 +++ usr.sbin/ipresend/Makefile 2000/11/12 11:03:46 @@ -8,6 +8,7 @@ SRCS= ipresend.c ip.c resend.c opt.c ipft_ef.c ipft_hx.c ipft_sn.c ipft_td.c ipft_tx.c sbpf.c 44arp.c ipft_pc.c CFLAGS+=-DDOSOCKET -DIPL_NAME=\"/dev/ipl\" \ + -DUSE_INET6 \ -I- -I${.CURDIR}/../../sys/netinet \ -I${.CURDIR}/../../contrib/ipfilter/ipsend \ -I${.CURDIR}/../../contrib/ipfilter Index: usr.sbin/ipsend/Makefile =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/ipsend/Makefile,v retrieving revision 1.8 diff -u -r1.8 Makefile --- usr.sbin/ipsend/Makefile 1999/12/06 20:50:02 1.8 +++ usr.sbin/ipsend/Makefile 2000/11/12 11:04:23 @@ -11,6 +11,7 @@ y.tab.h CFLAGS+=-DDOSOCKET -DIPL_NAME=\"/dev/ipl\" \ + -DUSE_INET6 \ -I- -I. -I${.CURDIR}/../../sys/netinet \ -I${.CURDIR}/../../contrib/ipfilter/ipsend \ -I${.CURDIR}/../../contrib/ipfilter/iplang \ Index: usr.sbin/iptest/Makefile =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/iptest/Makefile,v retrieving revision 1.4 diff -u -r1.4 Makefile --- usr.sbin/iptest/Makefile 1999/12/06 20:50:03 1.4 +++ usr.sbin/iptest/Makefile 2000/11/12 11:05:11 @@ -8,6 +8,7 @@ SRCS= iptest.c iptests.c ip.c sbpf.c 44arp.c sock.c CFLAGS+=-DDOSOCKET -DIPL_NAME=\"/dev/ipl\" \ + -DUSE_INET6 \ -I- -I${.CURDIR}/../../sys/netinet \ -I${.CURDIR}/../../contrib/ipfilter/ipsend \ -I${.CURDIR}/../../contrib/ipfilter How-To-Repeat: 'cvs diff -r stable -r current Makefile' for the ipfilter binaries.
On Mon, Feb 26, 2001 at 09:26:35PM +0100, Arjan de Vet wrote: > >Number: 25403 > >Synopsis: ipfilter: enable ipv6 and STATETOP in 4.2-stable > The ipfilter 3.4.16 binaries in FreeBSD 4.2-stable are not built with > IPv6 support and ipfstat does not support the -t (STATETOP) option. It > would be nice if those could be enabled before 4.3-release such that > FreeBSD 4.3 users have a fully functional version of IP Filter again. Huh, I thought I already MFC'd USE_INET6 ... oops, guess not. Oh yeah, I think Darren wanted me to wait for some fixes in -STABLE for ipfilter. I believe that -STABLE is now caught up with -CURRENT in this regard, so ... Darren, would you mind if I MFC'd these revisions? 1.6 +2 -2 src/sbin/ipf/Makefile 1.7 +2 -2 src/sbin/ipfstat/Makefile 1.7 +2 -2 src/sbin/ipmon/Makefile 1.7 +2 -2 src/sbin/ipnat/Makefile 1.6 +2 -2 src/usr.sbin/ipftest/Makefile 1.5 +2 -1 src/usr.sbin/ipresend/Makefile 1.9 +2 -1 src/usr.sbin/ipsend/Makefile 1.5 +2 -1 src/usr.sbin/iptest/Makefile I guess I'll have a look at STATETOP also, but I'm not familiar with it and don't know if it might have any negative impact. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org
Jacques A. Vidrine wrote: >I guess I'll have a look at STATETOP also, but I'm not familiar >with it and don't know if it might have any negative impact. It has been in -current for some time and as far as I know it does not have any negative impact in -current. You also need to explicitly specify an extra option to ipfstat (which now produces the error 'ipfstat : state top facility not compiled in'). Furthermore it provides very cool new functionality so you can watch the state table in real time (as you can watch processes in real time with top(1)). Arjan -- Arjan de Vet, Eindhoven, The Netherlands <Arjan.deVet@adv.iae.nl> URL: http://www.iae.nl/users/devet/ for PGP key: finger devet@iae.nl
Responsible Changed From-To: freebsd-bugs->darrenr Over to IPFilter maintainer. I don't know if this change already went in, but Darren should know.
State Changed From-To: open->closed Applied in current as well as of a minut ago (state top was already present)