diff options
| author | Lawrence Stewart <lstewart@FreeBSD.org> | 2010-11-20 07:36:43 +0000 |
|---|---|---|
| committer | Lawrence Stewart <lstewart@FreeBSD.org> | 2010-11-20 07:36:43 +0000 |
| commit | 052aec123cd99006fa7f93d65c9f1401375f20a5 (patch) | |
| tree | 43e7c70d779402933d31efee38055dba56500cd4 /sys/netinet/siftr.c | |
| parent | 4fadeef03f3dbfab7bc98a68c3558daa6f24117e (diff) | |
| download | src-052aec123cd99006fa7f93d65c9f1401375f20a5.tar.gz src-052aec123cd99006fa7f93d65c9f1401375f20a5.zip | |
When enabling or disabling SIFTR with a VIMAGE kernel, ensure we add or remove
the SIFTR pfil(9) hook functions to or from all network stacks. This patch
allows packets inbound or outbound from a vnet to be "seen" by SIFTR.
Additional work is required to allow SIFTR to actually generate log messages for
all vnet related packets because the siftr_findinpcb() function does not yet
search for inpcbs across all vnets. This issue will be fixed separately.
Reported and tested by: David Hayes <dahayes at swin edu au>
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=215552
Diffstat (limited to 'sys/netinet/siftr.c')
| -rw-r--r-- | sys/netinet/siftr.c | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/sys/netinet/siftr.c b/sys/netinet/siftr.c index af77fec5678b..254bea81e39f 100644 --- a/sys/netinet/siftr.c +++ b/sys/netinet/siftr.c @@ -1109,26 +1109,38 @@ ret6: static int siftr_pfil(int action) { - struct pfil_head *pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET); + struct pfil_head *pfh_inet; #ifdef SIFTR_IPV6 - struct pfil_head *pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); + struct pfil_head *pfh_inet6; #endif + VNET_ITERATOR_DECL(vnet_iter); - if (action == HOOK) { - pfil_add_hook(siftr_chkpkt, NULL, - PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET); #ifdef SIFTR_IPV6 - pfil_add_hook(siftr_chkpkt6, NULL, - PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6); + pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); #endif - } else if (action == UNHOOK) { - pfil_remove_hook(siftr_chkpkt, NULL, - PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet); + + if (action == HOOK) { + pfil_add_hook(siftr_chkpkt, NULL, + PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet); +#ifdef SIFTR_IPV6 + pfil_add_hook(siftr_chkpkt6, NULL, + PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6); +#endif + } else if (action == UNHOOK) { + pfil_remove_hook(siftr_chkpkt, NULL, + PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet); #ifdef SIFTR_IPV6 - pfil_remove_hook(siftr_chkpkt6, NULL, - PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6); + pfil_remove_hook(siftr_chkpkt6, NULL, + PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6); #endif + } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); return (0); } |