From owner-svn-src-head@FreeBSD.ORG Wed Oct 14 16:25:54 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C2501065692 for ; Wed, 14 Oct 2009 16:25:54 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outC.internet-mail-service.net (outc.internet-mail-service.net [216.240.47.226]) by mx1.freebsd.org (Postfix) with ESMTP id 0D6E48FC20 for ; Wed, 14 Oct 2009 16:25:53 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 1AFBCC482; Wed, 14 Oct 2009 09:25:57 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id EEFCF2D601D; Wed, 14 Oct 2009 09:25:52 -0700 (PDT) Message-ID: <4AD5FB93.7000006@elischer.org> Date: Wed, 14 Oct 2009 09:25:55 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <200910110559.n9B5xhNg002528@svn.freebsd.org> <20091014115713.N5956@maildrop.int.zabbadoz.net> In-Reply-To: <20091014115713.N5956@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Julian Elischer Subject: Re: svn commit: r197952 - in head/sys: net netgraph netinet netinet/ipfw netinet6 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2009 16:25:54 -0000 Bjoern A. Zeeb wrote: > On Sun, 11 Oct 2009, Julian Elischer wrote: > >> Author: julian >> Date: Sun Oct 11 05:59:43 2009 >> New Revision: 197952 >> URL: http://svn.freebsd.org/changeset/base/197952 >> >> Log: >> Virtualize the pfil hooks so that different jails may chose different >> packet filters. ALso allows ipfw to be enabled on on ejail and disabled >> on another. In 8.0 it's a global setting. >> >> Sitting aroung in tree waiting to commit for: 2 months > > Unfortunately this broke VIMAGE with IPSEC builds, which I just fixed. > > I am not yet convinced this was the right approach but probably the > most straight forward one. yes I saw. however i'm puzzled as to why I didn't see the breakage. I tested many different builds when I did this and grepped for the pfil hooks throughout the code. maybe I missed VIMAGE_LINT? (is ipsec in LINT?) > > > /bz > >> MFC after: 2 months >> >> Modified: >> head/sys/net/if_bridge.c >> head/sys/net/if_ethersubr.c >> head/sys/net/pfil.c >> head/sys/netgraph/ng_bridge.c >> head/sys/netinet/ip_fastfwd.c >> head/sys/netinet/ip_input.c >> head/sys/netinet/ip_output.c >> head/sys/netinet/ip_var.h >> head/sys/netinet/ipfw/ip_fw2.c >> head/sys/netinet/ipfw/ip_fw_pfil.c >> head/sys/netinet/raw_ip.c >> head/sys/netinet6/ip6_forward.c >> head/sys/netinet6/ip6_input.c >> head/sys/netinet6/ip6_output.c >> head/sys/netinet6/ip6_var.h >