svn commit: r215927 - stable/8/sys/netinet

Fri, 26 Nov 2010 19:21:07 -0800 

Author: lstewart
Date: Sat Nov 27 03:19:59 2010
New Revision: 215927
URL: http://svn.freebsd.org/changeset/base/215927

Log:
  MFC r215552:
  
  When enabling or disabling SIFTR with a VIMAGE kernel, ensure we add or remove
  the SIFTR pfil(9) hook functions to or from all network stacks. This patch
  allows packets inbound or outbound from a vnet to be "seen" by SIFTR.
  
  Reported and tested by:       David Hayes <dahayes at swin edu au>

Modified:
  stable/8/sys/netinet/siftr.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)

Modified: stable/8/sys/netinet/siftr.c
==============================================================================
--- stable/8/sys/netinet/siftr.c        Sat Nov 27 03:12:39 2010        
(r215926)
+++ stable/8/sys/netinet/siftr.c        Sat Nov 27 03:19:59 2010        
(r215927)
@@ -1109,26 +1109,38 @@ ret6:
 static int
 siftr_pfil(int action)
 {
-       struct pfil_head *pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
+       struct pfil_head *pfh_inet;
 #ifdef SIFTR_IPV6
-       struct pfil_head *pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
+       struct pfil_head *pfh_inet6;
 #endif
+       VNET_ITERATOR_DECL(vnet_iter);
 
-       if (action == HOOK) {
-               pfil_add_hook(siftr_chkpkt, NULL,
-                   PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet);
+       VNET_LIST_RLOCK();
+       VNET_FOREACH(vnet_iter) {
+               CURVNET_SET(vnet_iter);
+               pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
 #ifdef SIFTR_IPV6
-               pfil_add_hook(siftr_chkpkt6, NULL,
-                   PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6);
+               pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
 #endif
-       } else if (action == UNHOOK) {
-               pfil_remove_hook(siftr_chkpkt, NULL,
-                   PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet);
+
+               if (action == HOOK) {
+                       pfil_add_hook(siftr_chkpkt, NULL,
+                           PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet);
+#ifdef SIFTR_IPV6
+                       pfil_add_hook(siftr_chkpkt6, NULL,
+                           PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6);
+#endif
+               } else if (action == UNHOOK) {
+                       pfil_remove_hook(siftr_chkpkt, NULL,
+                           PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet);
 #ifdef SIFTR_IPV6
-               pfil_remove_hook(siftr_chkpkt6, NULL,
-                   PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6);
+                       pfil_remove_hook(siftr_chkpkt6, NULL,
+                           PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh_inet6);
 #endif
+               }
+               CURVNET_RESTORE();
        }
+       VNET_LIST_RUNLOCK();
 
        return (0);
 }
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

Reply via email to