Set the current vnet inside the ioctl handler for ipfilter.

Without this fix, the vnet was NULL and would crash.
This fix is similar to what was done inside the ioctl handler for PF.

Tested by:
   (1) Boot a kernel with "options VIMAGE" enabled
   (2) Type:

   echo "map lo0 from 10.0.0.0/24 to ! 10.0.0.0/24 -> 127.0.0.1/32" > /etc/ipnat.rules ; service ipnat onerestart

PR: 176992
Differential Revision: https://reviews.freebsd.org/D1191
Reviewed by: cy

1 files changed, 11 insertions, 0 deletions

diff --git a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
index e9e7051d664e..8f8cb0840844 100644
--- a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
@@ -33,6 +33,9 @@ static const char rcsid[] = "@(#)$Id$";
 #include <sys/time.h>
 #include <sys/systm.h>
 # include <sys/dirent.h>
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 800000)
+#include <sys/jail.h>
+#endif
 # include <sys/mbuf.h>
 # include <sys/sockopt.h>
 #if !defined(__hpux)
@@ -52,6 +55,12 @@ static const char rcsid[] = "@(#)$Id$";
 #include <netinet/ip.h>
 #include <netinet/ip_var.h>
 #include <netinet/tcp.h>
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 800000)
+#include <net/vnet.h>
+#else
+#define CURVNET_SET(arg)
+#define CURVNET_RESTORE()
+#endif
 #if defined(__osf__)
 # include <netinet/tcp_timer.h>
 #endif
@@ -323,7 +332,9 @@ ipfioctl(dev, cmd, data, mode
 
 	SPL_NET(s);
 
+	CURVNET_SET(TD_TO_VNET(p));
 	error = ipf_ioctlswitch(&ipfmain, unit, data, cmd, mode, p->p_uid, p);
+	CURVNET_RESTORE();
 	if (error != -1) {
 		SPL_X(s);
 		return error;