Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Oct 2009 09:25:55 -0700
From:      Julian Elischer <julian@elischer.org>
To:        "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Julian Elischer <julian@FreeBSD.org>
Subject:   Re: svn commit: r197952 - in head/sys: net netgraph netinet netinet/ipfw netinet6
Message-ID:  <4AD5FB93.7000006@elischer.org>
In-Reply-To: <20091014115713.N5956@maildrop.int.zabbadoz.net>
References:  <200910110559.n9B5xhNg002528@svn.freebsd.org> <20091014115713.N5956@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Bjoern A. Zeeb wrote:
> On Sun, 11 Oct 2009, Julian Elischer wrote:
> 
>> Author: julian
>> Date: Sun Oct 11 05:59:43 2009
>> New Revision: 197952
>> URL: http://svn.freebsd.org/changeset/base/197952
>>
>> Log:
>>  Virtualize the pfil hooks so that different jails may chose different
>>  packet filters. ALso allows ipfw to be enabled on on ejail and disabled
>>  on another. In 8.0 it's a global setting.
>>
>>  Sitting aroung in tree waiting to commit for: 2 months
> 
> Unfortunately this broke VIMAGE with IPSEC builds, which I just fixed.
> 
> I am not yet convinced this was the right approach but probably the
> most straight forward one.

yes I saw.
however i'm puzzled as to why I didn't see the breakage.
I tested many different builds when I did this and grepped for the 
pfil hooks throughout the code.

  maybe I missed VIMAGE_LINT? (is ipsec in LINT?)

> 
> 
> /bz
> 
>>  MFC after:    2 months
>>
>> Modified:
>>  head/sys/net/if_bridge.c
>>  head/sys/net/if_ethersubr.c
>>  head/sys/net/pfil.c
>>  head/sys/netgraph/ng_bridge.c
>>  head/sys/netinet/ip_fastfwd.c
>>  head/sys/netinet/ip_input.c
>>  head/sys/netinet/ip_output.c
>>  head/sys/netinet/ip_var.h
>>  head/sys/netinet/ipfw/ip_fw2.c
>>  head/sys/netinet/ipfw/ip_fw_pfil.c
>>  head/sys/netinet/raw_ip.c
>>  head/sys/netinet6/ip6_forward.c
>>  head/sys/netinet6/ip6_input.c
>>  head/sys/netinet6/ip6_output.c
>>  head/sys/netinet6/ip6_var.h
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AD5FB93.7000006>