From owner-svn-src-head@freebsd.org Wed Jun 12 11:06:55 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CFBC615B1A07; Wed, 12 Jun 2019 11:06:55 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 74CDB70EA1; Wed, 12 Jun 2019 11:06:55 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4E0F2182B6; Wed, 12 Jun 2019 11:06:55 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x5CB6ti7066091; Wed, 12 Jun 2019 11:06:55 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x5CB6t68066090; Wed, 12 Jun 2019 11:06:55 GMT (envelope-from cy@FreeBSD.org) Message-Id: <201906121106.x5CB6t68066090@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Wed, 12 Jun 2019 11:06:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r348986 - head/sys/contrib/ipfilter/netinet X-SVN-Group: head X-SVN-Commit-Author: cy X-SVN-Commit-Paths: head/sys/contrib/ipfilter/netinet X-SVN-Commit-Revision: 348986 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 74CDB70EA1 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_SHORT(-0.96)[-0.964,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jun 2019 11:06:56 -0000 Author: cy Date: Wed Jun 12 11:06:54 2019 New Revision: 348986 URL: https://svnweb.freebsd.org/changeset/base/348986 Log: Register pfil hooks when VNET != vnet0. r302298, which virtualized ipf, assumed the pfil hook registration performed in ipf_modload() would take care of this. However ipf_modload() is only called when the ipl kld is loaded or when ipfilter is first called when it is statically linked into the kernel at build time. Prior to this, even though r302298 has been in the tree for a while, it has never been used. So, r302298 in reality begins now. PR: 212000 Reported by: ahsanb@ MFC after: 1 month Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c ============================================================================== --- head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 12 11:06:51 2019 (r348985) +++ head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 12 11:06:54 2019 (r348986) @@ -225,6 +225,9 @@ vnet_ipf_init(void) "" #endif ); + } else { + (void)ipf_pfil_hook(); + ipf_event_reg(); } } VNET_SYSINIT(vnet_ipf_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD,