Date: Tue, 06 Jul 2004 08:47:09 +0300 From: Alex Lyashkov <shadow@psoft.net> To: Julian Elischer <julian@elischer.org> Cc: "Christian S.J. Peron" <csjp@freebsd.org> Subject: Re: [patch] attach ipfw rules to jails Message-ID: <1089092829.7827.17.camel@berloga.shadowland> In-Reply-To: <Pine.BSF.4.21.0407052230080.66234-100000@InterJet.elischer.org> References: <Pine.BSF.4.21.0407052230080.66234-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
=F7 =F7=D4=D2, 06.07.2004, =D7 08:34, Julian Elischer =D0=C9=DB=C5=D4: > vimage is a good idea but it has great problems in an expandable world. > (i.e. with systems that use klds a lot) >=20 > It relies on all globals being moved to a structure, but > the structure needs to be defined at compile time so it can not be > expanded when a module is loaded to accomodate the globasl from that > module. Thsi COULD be solved by adding an extra level of indirection > for all globals but that is a lot of overhead, and it could be resolved > using something similar to the TLS (thread local storage) > technology being developed but it would still be a non trivial bit of > work to make it a production quality system. >=20 > Julian I do not know who work TLS (if it easy please explain it) but my view for this problem - if for this module not reserve place at global structure - use private per module storage where placed reference from global prison structure to module data. And add 2 callback`s - init/destroy prison context. Or other way - add to prison array where each modules been registered pointer to data associated with this module at this prison context.=20 I use similar way where add per vps ipsec support at FreeVPS. --=20 Alex Lyashkov <shadow@psoft.net> PSoft
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1089092829.7827.17.camel>