Date: Wed, 12 Jun 2019 11:06:55 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r348986 - head/sys/contrib/ipfilter/netinet Message-ID: <201906121106.x5CB6t68066090@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Wed Jun 12 11:06:54 2019 New Revision: 348986 URL: https://svnweb.freebsd.org/changeset/base/348986 Log: Register pfil hooks when VNET != vnet0. r302298, which virtualized ipf, assumed the pfil hook registration performed in ipf_modload() would take care of this. However ipf_modload() is only called when the ipl kld is loaded or when ipfilter is first called when it is statically linked into the kernel at build time. Prior to this, even though r302298 has been in the tree for a while, it has never been used. So, r302298 in reality begins now. PR: 212000 Reported by: ahsanb@ MFC after: 1 month Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c ============================================================================== --- head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 12 11:06:51 2019 (r348985) +++ head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 12 11:06:54 2019 (r348986) @@ -225,6 +225,9 @@ vnet_ipf_init(void) "" #endif ); + } else { + (void)ipf_pfil_hook(); + ipf_event_reg(); } } VNET_SYSINIT(vnet_ipf_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906121106.x5CB6t68066090>