tech-net: Re: ipf & ipv6 again

Subject: Re: ipf & ipv6 again
To: None <tech-net@netbsd.org>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-net
Date: 11/21/2001 12:54:56
--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Nov 21, 2001 at 01:33:30AM +0200, Tomi Nylund wrote:
> Hello all,
> 
> about a month ago I posted with questions about setting up
> a proxy-arp'ed subnet. Thanks for all the help, especially to
> Julian for the choparp patch. I wasn't able to get arpd to
> work, but choparp worked just fine.
> 
> Now, one problem remains, ipfilter & ipv6.
> 
> I tried compiling ipfilter 3.4.21 with -DUSE_INET6 to get it filter
> IPv6 packets, but compilation fails with following errors (after running
> ./BSD/kupgrade and then make netbsd, as per FAQ):
> 
> 
> When trying to compile the LKM:
> 
> cc -Wall -Wuninitialized -Wstrict-prototypes -Werror -O -g -I../..  
> -DUSE_INET6 -DIPFILTER_LKM -DIPFILTER_LOG -Di386 -D__i386__ -DINET
> -DKERNEL -D_KERNEL -I/usr/include -I/sys -I/sys/sys -I/sys/arch  -D_LKM
> -c ../../ip_fil.c -o ip_fil.o
> ../../ip_fil.c: In function `iplattach':
> ../../ip_fil.c:391: `inet6sw' undeclared (first use in this function)
> ../../ip_fil.c:391: (Each undeclared identifier is reported only once
> ../../ip_fil.c:391: for each function it appears in.)
> ../../ip_fil.c: In function `ipldetach':
> ../../ip_fil.c:536: `inet6sw' undeclared (first use in this function)
> *** Error code 1
> 
> Stop.
> *** Error code 1
> 
> Stop.
> 
> 
> And when trying to compile the kernel with -DINET6:
> 
> cc  -O2 -Werror -Wall -Wmissing-prototypes -Wstrict-prototypes 
> -Wpointer-arith -Wno-uninitialized -Wno-main -I. -I../../../../arch
> -I../../../.. -nostdinc -DLKM -DMAXUSERS=32 -D_KERNEL -Di386  -c
> ../../../../netinet/ip_fil.c
> ../../../../netinet/ip_fil.c: In function `iplattach':
> ../../../../netinet/ip_fil.c:391: `inet6sw' undeclared (first use in
> this function)
> ../../../../netinet/ip_fil.c:391: (Each undeclared identifier is
> reported only once
> ../../../../netinet/ip_fil.c:391: for each function it appears in.)
> ../../../../netinet/ip_fil.c: In function `ipldetach':
> ../../../../netinet/ip_fil.c:536: `inet6sw' undeclared (first use in
> this function)
> *** Error code 1
> 
> Stop.

You need a patch for ipf6 on 1.5.2. Here is what darrenr posted some time
ago. Note that I didn't test it :)

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--

--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=diff

Index: ip6_forward.c
===================================================================
RCS file: /cvsroot/syssrc/sys/netinet6/ip6_forward.c,v
retrieving revision 1.12.2.4
retrieving revision 1.12.2.5
diff -c -r1.12.2.4 -r1.12.2.5
*** ip6_forward.c	2000/09/29 06:29:54	1.12.2.4
--- ip6_forward.c	2001/10/15 13:19:15	1.12.2.5
***************
*** 1,4 ****
! /*	$NetBSD: ip6_forward.c,v 1.12.2.4 2000/09/29 06:29:54 itojun Exp $	*/
  /*	$KAME: ip6_forward.c,v 1.56 2000/09/22 04:01:37 itojun Exp $	*/
  
  /*
--- 1,4 ----
! /*	$NetBSD: ip6_forward.c,v 1.12.2.5 2001/10/15 13:19:15 darrenr Exp $	*/
  /*	$KAME: ip6_forward.c,v 1.56 2000/09/22 04:01:37 itojun Exp $	*/
  
  /*
***************
*** 46,51 ****
--- 46,54 ----
  
  #include <net/if.h>
  #include <net/route.h>
+ #ifdef PFIL_HOOKS
+ #include <net/pfil.h>
+ #endif
  
  #include <netinet/in.h>
  #include <netinet/in_var.h>
***************
*** 92,97 ****
--- 95,105 ----
  	int error, type = 0, code = 0;
  	struct mbuf *mcopy = NULL;
  	struct ifnet *origifp;	/* maybe unnecessary */
+ #ifdef PFIL_HOOKS
+ 	struct packet_filter_hook *pfh;
+ 	struct mbuf *m1;
+ 	int rv;
+ #endif /* PFIL_HOOKS */
  #ifdef IPSEC
  	struct secpolicy *sp = NULL;
  #endif
***************
*** 490,495 ****
--- 498,524 ----
  			ip6->ip6_dst.s6_addr16[1] = 0;
  	}
  
+ #ifdef PFIL_HOOKS
+ 	/*
+ 	 * Run through list of hooks for output packets.
+ 	 */
+ 	m1 = m;
+ 	pfh = pfil_hook_get(PFIL_OUT, &inetsw[ip_protox[IPPROTO_IPV6]].pr_pfh);
+ 	for (; pfh; pfh = pfh->pfil_link.tqe_next)
+ 		if (pfh->pfil_func) {
+ 			rv = pfh->pfil_func(ip6, sizeof(*ip6),
+ 					    rt->rt_ifp, 1, &m1);
+ 			m = m1;
+ 			if (m == NULL)
+ 				goto freecopy;
+ 			if (rv) {
+ 				error = EHOSTUNREACH;
+ 				goto senderr;
+ 			}
+ 			ip6 = mtod(m, struct ip6_hdr *);
+ 		}
+ #endif /* PFIL_HOOKS */
+ 
  #ifdef OLDIP6OUTPUT
  	error = (*rt->rt_ifp->if_output)(rt->rt_ifp, m,
  					 (struct sockaddr *)dst,
***************
*** 510,515 ****
--- 539,548 ----
  				goto freecopy;
  		}
  	}
+ 
+ #ifdef PFIL_HOOKS
+  senderr:
+ #endif
  	if (mcopy == NULL)
  		return;
  


--BOKacYhQ+x31HxR3--