Subject: ipf & ipv6 again
To: None <tech-net@netbsd.org>
From: Tomi Nylund <wizard@oulu.invalid>
List: tech-net
Date: 11/21/2001 01:33:30
Hello all,
about a month ago I posted with questions about setting up
a proxy-arp'ed subnet. Thanks for all the help, especially to
Julian for the choparp patch. I wasn't able to get arpd to
work, but choparp worked just fine.
Now, one problem remains, ipfilter & ipv6.
I tried compiling ipfilter 3.4.21 with -DUSE_INET6 to get it filter
IPv6 packets, but compilation fails with following errors (after running
./BSD/kupgrade and then make netbsd, as per FAQ):
When trying to compile the LKM:
cc -Wall -Wuninitialized -Wstrict-prototypes -Werror -O -g -I../..
-DUSE_INET6 -DIPFILTER_LKM -DIPFILTER_LOG -Di386 -D__i386__ -DINET
-DKERNEL -D_KERNEL -I/usr/include -I/sys -I/sys/sys -I/sys/arch -D_LKM
-c ../../ip_fil.c -o ip_fil.o
../../ip_fil.c: In function `iplattach':
../../ip_fil.c:391: `inet6sw' undeclared (first use in this function)
../../ip_fil.c:391: (Each undeclared identifier is reported only once
../../ip_fil.c:391: for each function it appears in.)
../../ip_fil.c: In function `ipldetach':
../../ip_fil.c:536: `inet6sw' undeclared (first use in this function)
*** Error code 1
Stop.
*** Error code 1
Stop.
And when trying to compile the kernel with -DINET6:
cc -O2 -Werror -Wall -Wmissing-prototypes -Wstrict-prototypes
-Wpointer-arith -Wno-uninitialized -Wno-main -I. -I../../../../arch
-I../../../.. -nostdinc -DLKM -DMAXUSERS=32 -D_KERNEL -Di386 -c
../../../../netinet/ip_fil.c
../../../../netinet/ip_fil.c: In function `iplattach':
../../../../netinet/ip_fil.c:391: `inet6sw' undeclared (first use in
this function)
../../../../netinet/ip_fil.c:391: (Each undeclared identifier is
reported only once
../../../../netinet/ip_fil.c:391: for each function it appears in.)
../../../../netinet/ip_fil.c: In function `ipldetach':
../../../../netinet/ip_fil.c:536: `inet6sw' undeclared (first use in
this function)
*** Error code 1
Stop.
The function in question seems to be in sys/netinet6/ip6protosw.h,
why it's not included is beyond me (I'm not a C programmer..)
So, the questions are:
1) How to compile ipfilter for NetBSD 1.5.2 with ipv6 support
included (plain ipv4 works just fine). I asked this last time
also, but got no answers..
2) Is it possible to execute ipv6 filtering, if the machine is
a ipv6 router for forwarded packets, or should I just filter
unwanted ipv6 packets on destination hosts?
3) Where's that "secret switch" (two commented out lines) on
1.5.2 syssrc I saw mentioned on some e-mail, enabling
ipv6 filtering? ;) But really, if it's there, tell me.. :)
Any help greatly appreciated!
Tomi