ioctl(SIOCIPFL6): Invalid Argument

ioctl(SIOCIPFL6): Invalid Argument

Post by Mike Gleas » Sat, 11 Dec 2004 15:21:44


I have this error while booting
my 5.3-RELEASE box...

ipv6 disabled, and here is
my rc.conf file :

mikegleasonjr# cat /etc/rc.conf

# -- sysinstall generated deltas -- # Tue Dec 7 11:36:35 2004
# Created: Tue Dec 7 11:36:35 2004
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
gateway_enable="YES"
hostname="mikegleasonjr.no-ip.org"
network_interfaces="lo0 rl0 ste0 wi0"
ifconfig_rl0="DHCP"
ifconfig_ste0="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_wi0="inet 10.0.1.1 netmask 255.0.0.0"
dnsmasq_enable="YES"
keyrate="fast"
sshd_enable="YES"
sendmail_enable="NONE"
syslogd_flags="-ss"
sshd_flags="-4"
check_quotas="NO"
ipfilter_enable="YES"
ipmon_enable="YES"
ipmon_flags="-Dsvn"
ipnat_enable="YES"
ntpdate_enable="YES"
ntpdate_flags="tick.utoronto.ca"


If you know how can I get rid of this error,
please let me know !!

Thank you !
 
 
 

ioctl(SIOCIPFL6): Invalid Argument

Post by Andrey Sim » Sat, 11 Dec 2004 19:47:30


This error messages is outputed by the ipf, which is run from
the /etc/rc.d/ipfilter, from ipfilter_start() and ipfilter_reload()
functions.

Easy solution, is to move "ipf -6" commands after if [ -r ... ]
statements in this script, but in this case old IP Filter rules will
not be flushed if you remove ipf6.rules file:

--- ipfilter.orig Fri Dec 10 11:08:20 2004
+++ ipfilter Fri Dec 10 12:43:56 2004
@@ -62,13 +62,13 @@
if [ `sysctl -n net.inet.ipf.fr_running` -eq 0 ]; then
${ipfilter_program:-/sbin/ipf} -E
fi
- ${ipfilter_program:-/sbin/ipf} -Fa
if [ -r "${ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -Fa
${ipfilter_program:-/sbin/ipf} \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
- ${ipfilter_program:-/sbin/ipf} -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -6 -Fa
${ipfilter_program:-/sbin/ipf} -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
fi
@@ -89,13 +89,13 @@
{
echo "Reloading ipfilter rules."

- ${ipfilter_program:-/sbin/ipf} -I -Fa
if [ -r "${ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -I -Fa
${ipfilter_program:-/sbin/ipf} -I \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
- ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
${ipfilter_program:-/sbin/ipf} -I -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
fi

 
 
 

ioctl(SIOCIPFL6): Invalid Argument

Post by Mike Gleas » Sun, 12 Dec 2004 07:06:12

Can I just comment out this whole block if I don't
use ipv6 ?

[...]
${ipfilter_program:-/sbin/ipf} -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
fi
[..]

Thank you for having tracked down my problem !
Mike




>>> I have this error while booting >>> my 5.3-RELEASE box... >>> >>> ipv6 disabled, and here is >>> my rc.conf file : >>> >> >> This error messages is outputed by the ipf, which is run from >> the /etc/rc.d/ipfilter, from ipfilter_start() and ipfilter_reload() >> functions. >> >> Easy solution, is to move "ipf -6" commands after if [ -r ... ] >> statements in this script, but in this case old IP Filter rules will >> not be flushed if you remove ipf6.rules file: >> >> --- ipfilter.orig Fri Dec 10 11:08:20 2004 >> +++ ipfilter Fri Dec 10 12:43:56 2004 >> @@ -62,13 +62,13 @@ >> if [ `sysctl -n net.inet.ipf.fr_running` -eq 0 ]; then >> ${ipfilter_program:-/sbin/ipf} -E >> fi >> - ${ipfilter_program:-/sbin/ipf} -Fa >> if [ -r "${ipfilter_rules}" ]; then >> + ${ipfilter_program:-/sbin/ipf} -Fa >> ${ipfilter_program:-/sbin/ipf} \ >> -f "${ipfilter_rules}" ${ipfilter_flags} >> fi >> - ${ipfilter_program:-/sbin/ipf} -6 -Fa >> if [ -r "${ipv6_ipfilter_rules}" ]; then >> + ${ipfilter_program:-/sbin/ipf} -6 -Fa >> ${ipfilter_program:-/sbin/ipf} -6 \ >> -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} >> fi >> @@ -89,13 +89,13 @@ >> { >> echo "Reloading ipfilter rules." >> >> - ${ipfilter_program:-/sbin/ipf} -I -Fa >> if [ -r "${ipfilter_rules}" ]; then >> + ${ipfilter_program:-/sbin/ipf} -I -Fa >> ${ipfilter_program:-/sbin/ipf} -I \ >> -f "${ipfilter_rules}" ${ipfilter_flags} >> fi >> - ${ipfilter_program:-/sbin/ipf} -I -6 -Fa >> if [ -r "${ipv6_ipfilter_rules}" ]; then >> + ${ipfilter_program:-/sbin/ipf} -I -6 -Fa >> ${ipfilter_program:-/sbin/ipf} -I -6 \ >> -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} >> fi >>
 
 
 

ioctl(SIOCIPFL6): Invalid Argument

Post by Andrey Sim » Sun, 12 Dec 2004 21:09:02


Sure, you can, but in any case I think that /etc/rc.d/ipfilter should
be fixed in the FreeBSD repository, may be in the way I shown.
 
 
 

ioctl(SIOCIPFL6): Invalid Argument

Post by Mike Gleas » Mon, 13 Dec 2004 00:51:06


Thanks it worked well !

Mike
 
 
 

ioctl(SIOCIPFL6): Invalid Argument

Post by Giorgos Ke » Tue, 14 Dec 2004 10:12:16


This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.




Hi Andrey,

Is there any way to detect at run-time if the kernel supports IPv6 and
modify the behavior of rc.d/ipfilter accordingly?
 
 
 

ioctl(SIOCIPFL6): Invalid Argument

Post by Andrey Sim » Wed, 15 Dec 2004 18:13:58


I thought about this. To get information that the kernel understands
IPv6 we have to call some program in rc.d/ipfilter, for example
it can be sysctl with one of net.inet6.* sysctl-variables. If the
return code is not zero, then we don't have INET6 enabled kernel.

But in /etc/rc.d there are several places where if [ -r "${file_name}" ]
statement is used. So, it is possible to move "ipf -6 -Fa" calls inside
if [] statements. There is only one problem, if one removed
${ipv6_ipfilter_rules} file and then calls "rc.d/ipfilter reload",
then IPv6 IP Filter rules will not be flushed in the kernel.

Another solution: create variable kernel_inet6, which is visible
by all rc-scripts and check if the kernel supports IPv6 only in one
place, and scripts will use kernel_inet6 variable if they need to
check IPv6 support in the kernel.