From owner-svn-src-all@FreeBSD.ORG Sat Nov 27 03:20:00 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 00F31106566B; Sat, 27 Nov 2010 03:20:00 +0000 (UTC) (envelope-from lstewart@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C7CCF8FC0C; Sat, 27 Nov 2010 03:19:59 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oAR3JxD4009283; Sat, 27 Nov 2010 03:19:59 GMT (envelope-from lstewart@svn.freebsd.org) Received: (from lstewart@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id oAR3JxH3009281; Sat, 27 Nov 2010 03:19:59 GMT (envelope-from lstewart@svn.freebsd.org) Message-Id: <201011270319.oAR3JxH3009281@svn.freebsd.org> From: Lawrence Stewart Date: Sat, 27 Nov 2010 03:19:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r215927 - stable/8/sys/netinet X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Nov 2010 03:20:00 -0000 Author: lstewart Date: Sat Nov 27 03:19:59 2010 New Revision: 215927 URL: http://svn.freebsd.org/changeset/base/215927 Log: MFC r215552: When enabling or disabling SIFTR with a VIMAGE kernel, ensure we add or remove the SIFTR pfil(9) hook functions to or from all network stacks. This patch allows packets inbound or outbound from a vnet to be "seen" by SIFTR. Reported and tested by: David Hayes Modified: stable/8/sys/netinet/siftr.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/netinet/siftr.c ============================================================================== --- stable/8/sys/netinet/siftr.c Sat Nov 27 03:12:39 2010 (r215926) +++ stable/8/sys/netinet/siftr.c Sat Nov 27 03:19:59 2010 (r215927) @@ -1109,26 +1109,38 @@ ret6: static int siftr_pfil(int action) { - struct pfil_head *pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET); + struct pfil_head *pfh_inet; #ifdef SIFTR_IPV6 - struct pfil_head *pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); + struct pfil_head *pfh_inet6; #endif + VNET_ITERATOR_DECL(vnet_iter); - if (action == HOOK) { - pfil_add_hook(siftr_chkpkt, NULL, - PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET); #ifdef SIFTR_IPV6 - pfil_add_hook(siftr_chkpkt6, NULL, - PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6); + pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); #endif - } else if (action == UNHOOK) { - pfil_remove_hook(siftr_chkpkt, NULL, - PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet); + + if (action == HOOK) { + pfil_add_hook(siftr_chkpkt, NULL, + PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet); +#ifdef SIFTR_IPV6 + pfil_add_hook(siftr_chkpkt6, NULL, + PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6); +#endif + } else if (action == UNHOOK) { + pfil_remove_hook(siftr_chkpkt, NULL, + PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet); #ifdef SIFTR_IPV6 - pfil_remove_hook(siftr_chkpkt6, NULL, - PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6); + pfil_remove_hook(siftr_chkpkt6, NULL, + PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6); #endif + } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); return (0); }