i assume you have upgraded the .h files in
/usr/include/net and /usr/include/netinet and recompiled
the userland ipfw, right ?
your report is kind of strange because none of the recent
changes (unless you mean the tcp security fixes) involves
additional specifiers in ipfw rules.
Sure the ipfw struct and the pipe descriptor have changed size,
but then the problem would occur for all rules not just the "via"
ones.
can you give use some more detail ?
cheers
luigi
> Let me apologize in advance for this shoddyish bug report.
>
> In a recent -stable (since the new ipfw fixes) if you build
> a kernel with options:
>
> IPFIREWALL
> IPFIREWALL_VERBOSE
> IPFIREWALL_DEFAULT_TO_ACCEPT
> IPDIVERT
> BRIDGE
> DUMMYNET
>
> You wind up with a kernel that doesn't grok the ipfw 'via' keyword.
>
> Basically any rule that has a 'via' in it makes the userland ipfw
> tool get a 'invalid setsockopt'. Anyone booting a kernel on a
> system that relies on 'via' keywords is in for a big suprise as
> all those rules won't load.
>
> --
> -Alfred Perlstein - [[EMAIL PROTECTED]|[EMAIL PROTECTED]]
> "I have the heart of a child; I keep it in a jar on my desk."
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
