svn commit: r348986 - head/sys/contrib/ipfilter/netinet
Cy Schubert
cy at FreeBSD.org
Wed Jun 12 11:06:56 UTC 2019
Author: cy
Date: Wed Jun 12 11:06:54 2019
New Revision: 348986
URL: https://svnweb.freebsd.org/changeset/base/348986
Log:
Register pfil hooks when VNET != vnet0. r302298, which virtualized ipf,
assumed the pfil hook registration performed in ipf_modload() would take
care of this. However ipf_modload() is only called when the ipl kld is
loaded or when ipfilter is first called when it is statically linked
into the kernel at build time.
Prior to this, even though r302298 has been in the tree for a while, it
has never been used. So, r302298 in reality begins now.
PR: 212000
Reported by: ahsanb@
MFC after: 1 month
Modified:
head/sys/contrib/ipfilter/netinet/mlfk_ipl.c
Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c
==============================================================================
--- head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 12 11:06:51 2019 (r348985)
+++ head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jun 12 11:06:54 2019 (r348986)
@@ -225,6 +225,9 @@ vnet_ipf_init(void)
""
#endif
);
+ } else {
+ (void)ipf_pfil_hook();
+ ipf_event_reg();
}
}
VNET_SYSINIT(vnet_ipf_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD,
More information about the svn-src-all
mailing list