tech-net: ipf & ipv6 again

Subject: ipf & ipv6 again
To: None <tech-net@netbsd.org>
From: Tomi Nylund <wizard@oulu.invalid>
List: tech-net
Date: 11/21/2001 01:33:30
Hello all,

about a month ago I posted with questions about setting up
a proxy-arp'ed subnet. Thanks for all the help, especially to
Julian for the choparp patch. I wasn't able to get arpd to
work, but choparp worked just fine.

Now, one problem remains, ipfilter & ipv6.

I tried compiling ipfilter 3.4.21 with -DUSE_INET6 to get it filter
IPv6 packets, but compilation fails with following errors (after running
./BSD/kupgrade and then make netbsd, as per FAQ):


When trying to compile the LKM:

cc -Wall -Wuninitialized -Wstrict-prototypes -Werror -O -g -I../..  
-DUSE_INET6 -DIPFILTER_LKM -DIPFILTER_LOG -Di386 -D__i386__ -DINET
-DKERNEL -D_KERNEL -I/usr/include -I/sys -I/sys/sys -I/sys/arch  -D_LKM
-c ../../ip_fil.c -o ip_fil.o
../../ip_fil.c: In function `iplattach':
../../ip_fil.c:391: `inet6sw' undeclared (first use in this function)
../../ip_fil.c:391: (Each undeclared identifier is reported only once
../../ip_fil.c:391: for each function it appears in.)
../../ip_fil.c: In function `ipldetach':
../../ip_fil.c:536: `inet6sw' undeclared (first use in this function)
*** Error code 1

Stop.
*** Error code 1

Stop.


And when trying to compile the kernel with -DINET6:

cc  -O2 -Werror -Wall -Wmissing-prototypes -Wstrict-prototypes 
-Wpointer-arith -Wno-uninitialized -Wno-main -I. -I../../../../arch
-I../../../.. -nostdinc -DLKM -DMAXUSERS=32 -D_KERNEL -Di386  -c
../../../../netinet/ip_fil.c
../../../../netinet/ip_fil.c: In function `iplattach':
../../../../netinet/ip_fil.c:391: `inet6sw' undeclared (first use in
this function)
../../../../netinet/ip_fil.c:391: (Each undeclared identifier is
reported only once
../../../../netinet/ip_fil.c:391: for each function it appears in.)
../../../../netinet/ip_fil.c: In function `ipldetach':
../../../../netinet/ip_fil.c:536: `inet6sw' undeclared (first use in
this function)
*** Error code 1

Stop.


The function in question seems to be in sys/netinet6/ip6protosw.h,
why it's not included is beyond me (I'm not a C programmer..)

So, the questions are:

1) How to compile ipfilter for NetBSD 1.5.2 with ipv6 support
   included (plain ipv4 works just fine). I asked this last time
   also, but got no answers..

2) Is it possible to execute ipv6 filtering, if the machine is
   a ipv6 router for forwarded packets, or should I just filter
   unwanted ipv6 packets on destination hosts?

3) Where's that "secret switch" (two commented out lines) on
   1.5.2 syssrc I saw mentioned on some e-mail, enabling
   ipv6 filtering? ;) But really, if it's there, tell me.. :)

Any help greatly appreciated!


Tomi