So the new IP-Filter code does not work for me at all.

Can anyone tell me

 - that it works for him (on what arch?)
 - why it does not need the patch below?
 - and optionally (most welcome) why the patch below is not sufficient
   to make it realy work?

To me it looks like on NetBSD it defines COPYIN() and COPYOUT() as just bcopy
(aka memcpy), thus failing to copy ioctl arguments (pointed to by the primary
ioctl argument) in/out of kernel space. It uses BCOPYIN() and BCOPYOUT() for
the primary ioctl argument, which is already copied into/outof kernel by
the ioctl framework.


Martin

Index: ip_compat.h
===================================================================
RCS file: /cvsroot/src/sys/netinet/ip_compat.h,v
retrieving revision 1.35
diff -u -r1.35 ip_compat.h
--- ip_compat.h	28 Mar 2004 09:00:56 -0000	1.35
+++ ip_compat.h	29 Mar 2004 22:27:52 -0000
@@ -748,6 +748,11 @@
 typedef	u_int32_t	u_32_t;
 # define	U_32_T	1
 
+#  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
+#  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
+#  define	BCOPYIN(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
+#  define	BCOPYOUT(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
+
 
 # define OS_RECOGNISED 1
 #endif /* __NetBSD__ */