Site Navigation

Date:      Tue, 03 Apr 2007 17:17:24 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Max Laier <max@love2party.net>
Cc:        ipfw@freebsd.org, Julian Elischer <julian@freebsd.org>
Subject:   Re: cvs commit: src/sys/netinet ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c
Message-ID:  <4612EE94.1080507@elischer.org>
In-Reply-To: <200704031324.29428.max@love2party.net>
References:  <200704030816.l338G6xg020902@repoman.freebsd.org> <200704031324.29428.max@love2party.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
this time, with the patch :-)


Max Laier wrote:
> On Tuesday 03 April 2007 10:16, Julian Elischer wrote:
>> julian      2007-04-03 08:16:05 UTC
>>
>>   FreeBSD src repository
>>
>>   Modified files:        (Branch: RELENG_6)
>>     sys/netinet          ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c
>>   Log:
>>   Revert one of the MFCs from Friday as it produces an
>>   unacceptable ABI change. I will re-MFC this when I have tested a
>> version that brings back the desirable changes but leaves the ABI the
>> same.
> 
> Thanks for reverting ... but why did you rush in all these MFCs?  

pressure from work.. 

anyhow one again, this time a bit slower..


As part of a move to getting RELENG_6 and HEAD closer,
here is a small partial re-MFC of ip_fw_pfil.c version 1.21
This is mostly diff-reduction, but is a self contained 'cleanup'
that canbe extracted from the functional change in the major change
in the original diff. it obscures the actual change going on 
so I would like to commit it separatly.

this isthe 'cleanup' part of: 

    ip_fw2.c 1.129
    ip_fw.h 1.105
    ip_fw_pfil.c 1.21
    ip_input.c 1.319

    " Allow ipv6 filtering to be seperately enabled. plus cleanup"



[-- Attachment #2 --]
Index: ip_fw_pfil.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw_pfil.c,v
retrieving revision 1.19.2.3
diff -u -r1.19.2.3 ip_fw_pfil.c
--- ip_fw_pfil.c	3 Apr 2007 08:16:04 -0000	1.19.2.3
+++ ip_fw_pfil.c	4 Apr 2007 00:08:03 -0000
@@ -417,28 +417,13 @@
 ipfw_hook(void)
 {
 	struct pfil_head *pfh_inet;
-#ifdef INET6
-	struct pfil_head *pfh_inet6;
-#endif
-
-	if (ipfw_pfil_hooked)
-		return EEXIST;
 
 	pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
 	if (pfh_inet == NULL)
 		return ENOENT;
-#ifdef INET6
-	pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
-	if (pfh_inet6 == NULL)
-		return ENOENT;
-#endif
 
 	pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
 	pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet);
-#ifdef INET6
-	pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet6);
-	pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet6);
-#endif
 
 	return 0;
 }
@@ -447,31 +432,48 @@
 ipfw_unhook(void)
 {
 	struct pfil_head *pfh_inet;
-#ifdef INET6
-	struct pfil_head *pfh_inet6;
-#endif
-
-	if (!ipfw_pfil_hooked)
-		return ENOENT;
 
 	pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
 	if (pfh_inet == NULL)
 		return ENOENT;
+
+	pfil_remove_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
+	pfil_remove_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet);
+
+	return 0;
+}
+
 #ifdef INET6
+static int
+ipfw6_hook(void)
+{
+	struct pfil_head *pfh_inet6;
+
+	pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
+	if (pfh_inet6 == NULL)
+		return ENOENT;
+
+	pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet6);
+	pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet6);
+
+	return 0;
+}
+
+static int
+ipfw6_unhook(void)
+{
+	struct pfil_head *pfh_inet6;
+
 	pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
 	if (pfh_inet6 == NULL)
 		return ENOENT;
-#endif
 
-	pfil_remove_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
-	pfil_remove_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet);
-#ifdef INET6
 	pfil_remove_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet6);
 	pfil_remove_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet6);
-#endif
 
 	return 0;
 }
+#endif
 
 static int
 ipfw_modevent(module_t mod, int type, void *unused)
@@ -483,28 +485,39 @@
 		if (ipfw_pfil_hooked) {
 			printf("IP firewall already loaded\n");
 			err = EEXIST;
-		} else {
-			if ((err = ipfw_init()) != 0) {
-				printf("ipfw_init() error\n");
-				break;
-			}
-			if ((err = ipfw_hook()) != 0) {
-				printf("ipfw_hook() error\n");
-				break;
-			}
-			ipfw_pfil_hooked = 1;
+			break;
+		} 
+		if ((err = ipfw_init()) != 0) {
+			printf("ipfw_init() error\n");
+			break;
 		}
+		if ((err = ipfw_hook()) != 0) {
+			printf("ipfw_hook() error\n");
+			break;
+		}
+#ifdef INET6
+		if ((err = ipfw6_hook()) != 0) {
+			ipfw_unhook(); /* revert the ipv4 part */
+			printf("ipfw6_hook() error\n");
+			break;
+		}
+#endif
+		ipfw_pfil_hooked = 1;
 		break;
 
 	case MOD_UNLOAD:
-		if (ipfw_pfil_hooked) {
-			if ((err = ipfw_unhook()) > 0)
-				break;
-			ipfw_destroy();
-			ipfw_pfil_hooked = 0;
-		} else {
+		if (!ipfw_pfil_hooked) {
 			printf("IP firewall already unloaded\n");
+			break;
 		}
+		if ((err = ipfw_unhook()) > 0)
+			break;
+#ifdef INET6
+		if ((err = ipfw6_unhook()) > 0)
+			break;
+#endif
+		ipfw_destroy();
+		ipfw_pfil_hooked = 0;
 		break;
 
 	default:

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4612EE94.1080507>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact