From owner-freebsd-net@freebsd.org  Sat Oct  1 06:43:57 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE24DC050DD
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Sat,  1 Oct 2016 06:43:57 +0000 (UTC)
 (envelope-from avernar@gmail.com)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com
 [IPv6:2a00:1450:400c:c09::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 52F59398
 for <freebsd-net@freebsd.org>; Sat,  1 Oct 2016 06:43:57 +0000 (UTC)
 (envelope-from avernar@gmail.com)
Received: by mail-wm0-x22d.google.com with SMTP id p138so60388168wmb.1
 for <freebsd-net@freebsd.org>; Fri, 30 Sep 2016 23:43:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:from:date:message-id:subject:to;
 bh=zHuLjyIBm8wBC+n31ndSrdvgCMenlXMXRVw4yWB7GXQ=;
 b=a+vC5PqfD+tFKeUnBJ4cES0rdETBM0c0oaHW0fWUkD1HherpYhP/nNlCFO5OmB/YpB
 Wlk+8bUYgwQKO9VTG7Lwm/h9mljxg5tBmhE6FsWNDn6J56glmUE79RhyP2YVaUVCgbJ7
 TxTjZjmBc7zFed0h23IAilDjSzLff1kl/VsomiXgV4Yqr0bRAcgZCmRCn4BUMBb2hbRi
 8KvvzqcuMCbnSDA8cvIGeGJMZamvXGtEYHY1xd+ltRScLnlnMAJRruRWoqfVmRCKzcYX
 EVF5SaGyQ20wnlkHiOzBKjh/D0lLuVkQVgheoAiwZIhTSwKudDmL9y6D54L/4wyX8I4j
 Tp9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=zHuLjyIBm8wBC+n31ndSrdvgCMenlXMXRVw4yWB7GXQ=;
 b=Vi0rNFYLgvxpmLIGZpTGr77ooSX54mZSC5jwMIxb6b/Z+Drksc6b4f88ms6rYzbhYh
 lNJo/pXCWUAxQj+cHVnQDElSkD/I6PKoY1W8GI1FJ96VgRrGq4aFps/N1HF21jsbFiwQ
 sWJZJ34kZzO2xluvzZt6dfGghRjww+ZnoMAoZ9L9mHque/qqRQeXN6vNSkUMrqAzVWdV
 ZUL3Tv1gMZI309/TjE6KA7ie10GebrwhVM+04Oe5ookuTuNazBxtl2byM4AWaEUhEmH+
 czIX04RWC6Zpy4nO+8bHHZjvgtyAIJe1+Wrm0NyIYseio9on2LkBBJNwA2mDP0MtwGgs
 oMgA==
X-Gm-Message-State: AA6/9RnaFjgzOSwkYZiFwxlmxvf0o5L/1IrWKJEY1/c21SxU9Vu4YumQksh5BJ6ygUHu1ceBh6vF5acrtnBI0g==
X-Received: by 10.194.115.135 with SMTP id jo7mr6102254wjb.225.1475304235091; 
 Fri, 30 Sep 2016 23:43:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.142.14 with HTTP; Fri, 30 Sep 2016 23:43:54 -0700 (PDT)
From: Avernar <avernar@gmail.com>
Date: Sat, 1 Oct 2016 02:43:54 -0400
Message-ID: <CAAb3RxN2Dpifm75TXr7+nSC=JS9d-8w4it9j_ZWMFDN8Cz-oZA@mail.gmail.com>
Subject: ng_ipfw and vnet
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2016 06:43:57 -0000

I needed to have the netgraph ipfw node appear in a vnet jail but it
is only created once on module load and only for the base system.  I
put together this modification to get it to also appear in vnet jails.
Since I'm very new to this code base I'd like to know if I made any
mistakes.  So any help and advice would be appreciated.

Index: ng_ipfw.c
===================================================================
--- ng_ipfw.c    (revision 306382)
+++ ng_ipfw.c    (working copy)
@@ -74,7 +74,8 @@
                 int);

 /* We have only one node */
-static node_p    fw_node;
+static VNET_DEFINE(node_p, fw_node);
+#define    V_fw_node            VNET(fw_node)

 /* Netgraph node type descriptor */
 static struct ng_type ng_ipfw_typestruct = {
@@ -112,18 +113,6 @@
             break;
         }

-        /* Setup node without any private data */
-        if ((error = ng_make_node_common(&ng_ipfw_typestruct, &fw_node))
-            != 0) {
-            log(LOG_ERR, "%s: can't create ng_ipfw node", __func__);
-                    break;
-        }
-
-        /* Try to name node */
-        if (ng_name_node(fw_node, "ipfw") != 0)
-            log(LOG_WARNING, "%s: failed to name node \"ipfw\"",
-                __func__);
-
         /* Register hook */
         ng_ipfw_input_p = ng_ipfw_input;
         break;
@@ -131,8 +120,8 @@
     case MOD_UNLOAD:
          /*
           * This won't happen if a node exists.
-          * ng_ipfw_input_p is already cleared.
           */
+        ng_ipfw_input_p = NULL;
         break;

     default:
@@ -293,8 +282,8 @@
     /*
      * Node must be loaded and corresponding hook must be present.
      */
-    if (fw_node == NULL ||
-       (hook = ng_ipfw_findhook1(fw_node, fwa->rule.info)) == NULL)
+    if (V_fw_node == NULL ||
+       (hook = ng_ipfw_findhook1(V_fw_node, fwa->rule.info)) == NULL)
         return (ESRCH);        /* no hook associated with this rule */

     /*
@@ -339,13 +328,8 @@
 ng_ipfw_shutdown(node_p node)
 {

-    /*
-     * After our single node has been removed,
-     * the only thing that can be done is
-     * 'kldunload ng_ipfw.ko'
-     */
-    ng_ipfw_input_p = NULL;
     NG_NODE_UNREF(node);
+    V_fw_node = NULL;
     return (0);
 }

@@ -359,3 +343,33 @@

     return (0);
 }
+
+static void
+vnet_ng_ipfw_init(const void *unused)
+{
+
+    if (ng_ipfw_input_p != ng_ipfw_input)
+        return;
+
+    /* Setup node without any private data */
+    if (ng_make_node_common(&ng_ipfw_typestruct, &V_fw_node) != 0) {
+        log(LOG_ERR, "%s: can't create ng_ipfw node", __func__);
+        return;
+    }
+
+    /* Try to name node */
+    if (ng_name_node(V_fw_node, "ipfw") != 0)
+        log(LOG_WARNING, "%s: failed to name node \"ipfw\"", __func__);
+}
+VNET_SYSINIT(vnet_ng_ipfw_init, SI_SUB_PSEUDO, SI_ORDER_ANY,
+    vnet_ng_ipfw_init, NULL);
+
+static void
+vnet_ng_ipfw_uninit(const void *unused)
+{
+
+    if ((V_fw_node != NULL) && NG_NODE_IS_VALID(V_fw_node))
+        ng_rmnode_self(V_fw_node);
+}
+VNET_SYSUNINIT(vnet_ng_ipfw_uninit, SI_SUB_INIT_IF, SI_ORDER_ANY,
+    vnet_ng_ipfw_uninit, NULL);