svn commit: r197952 - in head/sys: net netgraph netinet
netinet/ipfw netinet6
Julian Elischer
julian at elischer.org
Wed Oct 14 16:25:54 UTC 2009
Bjoern A. Zeeb wrote:
> On Sun, 11 Oct 2009, Julian Elischer wrote:
>
>> Author: julian
>> Date: Sun Oct 11 05:59:43 2009
>> New Revision: 197952
>> URL: http://svn.freebsd.org/changeset/base/197952
>>
>> Log:
>> Virtualize the pfil hooks so that different jails may chose different
>> packet filters. ALso allows ipfw to be enabled on on ejail and disabled
>> on another. In 8.0 it's a global setting.
>>
>> Sitting aroung in tree waiting to commit for: 2 months
>
> Unfortunately this broke VIMAGE with IPSEC builds, which I just fixed.
>
> I am not yet convinced this was the right approach but probably the
> most straight forward one.
yes I saw.
however i'm puzzled as to why I didn't see the breakage.
I tested many different builds when I did this and grepped for the
pfil hooks throughout the code.
maybe I missed VIMAGE_LINT? (is ipsec in LINT?)
>
>
> /bz
>
>> MFC after: 2 months
>>
>> Modified:
>> head/sys/net/if_bridge.c
>> head/sys/net/if_ethersubr.c
>> head/sys/net/pfil.c
>> head/sys/netgraph/ng_bridge.c
>> head/sys/netinet/ip_fastfwd.c
>> head/sys/netinet/ip_input.c
>> head/sys/netinet/ip_output.c
>> head/sys/netinet/ip_var.h
>> head/sys/netinet/ipfw/ip_fw2.c
>> head/sys/netinet/ipfw/ip_fw_pfil.c
>> head/sys/netinet/raw_ip.c
>> head/sys/netinet6/ip6_forward.c
>> head/sys/netinet6/ip6_input.c
>> head/sys/netinet6/ip6_output.c
>> head/sys/netinet6/ip6_var.h
>
More information about the svn-src-head
mailing list