svn commit: r197952 - in head/sys: net netgraph netinet
netinet/ipfw netinet6
Bjoern A. Zeeb
bz at FreeBSD.org
Wed Oct 14 12:25:07 UTC 2009
On Sun, 11 Oct 2009, Julian Elischer wrote:
> Author: julian
> Date: Sun Oct 11 05:59:43 2009
> New Revision: 197952
> URL: http://svn.freebsd.org/changeset/base/197952
>
> Log:
> Virtualize the pfil hooks so that different jails may chose different
> packet filters. ALso allows ipfw to be enabled on on ejail and disabled
> on another. In 8.0 it's a global setting.
>
> Sitting aroung in tree waiting to commit for: 2 months
Unfortunately this broke VIMAGE with IPSEC builds, which I just fixed.
I am not yet convinced this was the right approach but probably the
most straight forward one.
/bz
> MFC after: 2 months
>
> Modified:
> head/sys/net/if_bridge.c
> head/sys/net/if_ethersubr.c
> head/sys/net/pfil.c
> head/sys/netgraph/ng_bridge.c
> head/sys/netinet/ip_fastfwd.c
> head/sys/netinet/ip_input.c
> head/sys/netinet/ip_output.c
> head/sys/netinet/ip_var.h
> head/sys/netinet/ipfw/ip_fw2.c
> head/sys/netinet/ipfw/ip_fw_pfil.c
> head/sys/netinet/raw_ip.c
> head/sys/netinet6/ip6_forward.c
> head/sys/netinet6/ip6_input.c
> head/sys/netinet6/ip6_output.c
> head/sys/netinet6/ip6_var.h
--
Bjoern A. Zeeb It will not break if you know what you are doing.
More information about the svn-src-all
mailing list