aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet/ipfw/ip_fw_pfil.c
diff options
context:
space:
mode:
authorJulian Elischer <julian@FreeBSD.org>2009-08-21 11:20:10 +0000
committerJulian Elischer <julian@FreeBSD.org>2009-08-21 11:20:10 +0000
commitc4b21cbe4a686587f01e66490bb9a658a5d4c5cf (patch)
treeafa592da98bc02ee59b3326919b0cdec0db5851d /sys/netinet/ipfw/ip_fw_pfil.c
parent2b978628436aae61e9bce492dc375e0e47a2152e (diff)
downloadsrc-c4b21cbe4a686587f01e66490bb9a658a5d4c5cf.tar.gz
src-c4b21cbe4a686587f01e66490bb9a658a5d4c5cf.zip
Fix ipfw's initialization functions to get the correct order of evaluation
to allow vnet and non vnet operation. Move some functions from ip_fw_pfil.c to ip_fw2.c and mode to mostly using the SYSINIT and VNET_SYSINIT handlers instead of the modevent handler. Correct some spelling errors in comments in the affected code. Note this bug fixes a crash in NON VIMAGE kernels when ipfw is unloaded. This patch is a minimal patch for 8.0 I have a much larger patch that actually fixes the underlying problems that will be applied after 8.0 Reviewed by: zec@, rwatson@, bz@(earlier version) Approved by: re (rwatson) MFC after: Immediatly
Notes
Notes: svn path=/head/; revision=196423
Diffstat (limited to 'sys/netinet/ipfw/ip_fw_pfil.c')
-rw-r--r--sys/netinet/ipfw/ip_fw_pfil.c60
1 files changed, 9 insertions, 51 deletions
diff --git a/sys/netinet/ipfw/ip_fw_pfil.c b/sys/netinet/ipfw/ip_fw_pfil.c
index e28d5ca64030..ffffb594546b 100644
--- a/sys/netinet/ipfw/ip_fw_pfil.c
+++ b/sys/netinet/ipfw/ip_fw_pfil.c
@@ -53,6 +53,7 @@ __FBSDID("$FreeBSD$");
#include <net/if.h>
#include <net/route.h>
#include <net/pfil.h>
+#include <net/vnet.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
@@ -441,7 +442,7 @@ nodivert:
return 1;
}
-static int
+int
ipfw_hook(void)
{
struct pfil_head *pfh_inet;
@@ -458,7 +459,7 @@ ipfw_hook(void)
return 0;
}
-static int
+int
ipfw_unhook(void)
{
struct pfil_head *pfh_inet;
@@ -476,7 +477,7 @@ ipfw_unhook(void)
}
#ifdef INET6
-static int
+int
ipfw6_hook(void)
{
struct pfil_head *pfh_inet6;
@@ -493,7 +494,7 @@ ipfw6_hook(void)
return 0;
}
-static int
+int
ipfw6_unhook(void)
{
struct pfil_head *pfh_inet6;
@@ -517,6 +518,10 @@ ipfw_chg_hook(SYSCTL_HANDLER_ARGS)
int enable = *(int *)arg1;
int error;
+#ifdef VIMAGE /* Since enabling is global, only let base do it. */
+ if (! IS_DEFAULT_VNET(curvnet))
+ return (EPERM);
+#endif
error = sysctl_handle_int(oidp, &enable, 0, req);
if (error)
return (error);
@@ -549,50 +554,3 @@ ipfw_chg_hook(SYSCTL_HANDLER_ARGS)
return (0);
}
-static int
-ipfw_modevent(module_t mod, int type, void *unused)
-{
- int err = 0;
-
- switch (type) {
- case MOD_LOAD:
- if ((err = ipfw_init()) != 0) {
- printf("ipfw_init() error\n");
- break;
- }
- if ((err = ipfw_hook()) != 0) {
- printf("ipfw_hook() error\n");
- break;
- }
-#ifdef INET6
- if ((err = ipfw6_hook()) != 0) {
- printf("ipfw_hook() error\n");
- break;
- }
-#endif
- break;
-
- case MOD_UNLOAD:
- if ((err = ipfw_unhook()) > 0)
- break;
-#ifdef INET6
- if ((err = ipfw6_unhook()) > 0)
- break;
-#endif
- ipfw_destroy();
- break;
-
- default:
- return EOPNOTSUPP;
- break;
- }
- return err;
-}
-
-static moduledata_t ipfwmod = {
- "ipfw",
- ipfw_modevent,
- 0
-};
-DECLARE_MODULE(ipfw, ipfwmod, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY - 256);
-MODULE_VERSION(ipfw, 2);