Date: Fri, 12 Jul 2019 00:35:44 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r349926 - stable/12/sys/contrib/ipfilter/netinet Message-ID: <201907120035.x6C0ZijI071847@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Fri Jul 12 00:35:43 2019 New Revision: 349926 URL: https://svnweb.freebsd.org/changeset/base/349926 Log: MFC r348986: Register pfil hooks when VNET != vnet0. r302298, which virtualized ipf, assumed the pfil hook registration performed in ipf_modload() would take are of this. However ipf_modload() is only called when the ipl kld is loaded or when ipfilter is first called when it is statically linked into the kernel at build time. Prior to this, even though r302298 has been in the tree for a while, it has never been used. So, r302298 in reality begins now. PR: 212000 Reported by: ahsanb@ Modified: stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c ============================================================================== --- stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c Thu Jul 11 23:54:50 2019 (r349925) +++ stable/12/sys/contrib/ipfilter/netinet/mlfk_ipl.c Fri Jul 12 00:35:43 2019 (r349926) @@ -225,6 +225,9 @@ vnet_ipf_init(void) "" #endif ); + } else { + (void)ipf_pfil_hook(); + ipf_event_reg(); } } VNET_SYSINIT(vnet_ipf_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907120035.x6C0ZijI071847>