this time, with the patch :-)
Max Laier wrote:
On Tuesday 03 April 2007 10:16, Julian Elischer wrote:
julian 2007-04-03 08:16:05 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_6)
sys/netinet ip_fw.h ip_fw2.c ip_fw_pfil.c ip_input.c
Log:
Revert one of the MFCs from Friday as it produces an
unacceptable ABI change. I will re-MFC this when I have tested a
version that brings back the desirable changes but leaves the ABI the
same.
Thanks for reverting ... but why did you rush in all these MFCs?
pressure from work..
anyhow one again, this time a bit slower..
As part of a move to getting RELENG_6 and HEAD closer,
here is a small partial re-MFC of ip_fw_pfil.c version 1.21
This is mostly diff-reduction, but is a self contained 'cleanup'
that canbe extracted from the functional change in the major change
in the original diff. it obscures the actual change going on
so I would like to commit it separatly.
this isthe 'cleanup' part of:
ip_fw2.c 1.129
ip_fw.h 1.105
ip_fw_pfil.c 1.21
ip_input.c 1.319
" Allow ipv6 filtering to be seperately enabled. plus cleanup"
Index: ip_fw_pfil.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw_pfil.c,v
retrieving revision 1.19.2.3
diff -u -r1.19.2.3 ip_fw_pfil.c
--- ip_fw_pfil.c 3 Apr 2007 08:16:04 -0000 1.19.2.3
+++ ip_fw_pfil.c 4 Apr 2007 00:08:03 -0000
@@ -417,28 +417,13 @@
ipfw_hook(void)
{
struct pfil_head *pfh_inet;
-#ifdef INET6
- struct pfil_head *pfh_inet6;
-#endif
-
- if (ipfw_pfil_hooked)
- return EEXIST;
pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
if (pfh_inet == NULL)
return ENOENT;
-#ifdef INET6
- pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
- if (pfh_inet6 == NULL)
- return ENOENT;
-#endif
pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet);
-#ifdef INET6
- pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet6);
- pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet6);
-#endif
return 0;
}
@@ -447,31 +432,48 @@
ipfw_unhook(void)
{
struct pfil_head *pfh_inet;
-#ifdef INET6
- struct pfil_head *pfh_inet6;
-#endif
-
- if (!ipfw_pfil_hooked)
- return ENOENT;
pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
if (pfh_inet == NULL)
return ENOENT;
+
+ pfil_remove_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
+ pfil_remove_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK,
pfh_inet);
+
+ return 0;
+}
+
#ifdef INET6
+static int
+ipfw6_hook(void)
+{
+ struct pfil_head *pfh_inet6;
+
+ pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
+ if (pfh_inet6 == NULL)
+ return ENOENT;
+
+ pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet6);
+ pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK, pfh_inet6);
+
+ return 0;
+}
+
+static int
+ipfw6_unhook(void)
+{
+ struct pfil_head *pfh_inet6;
+
pfh_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
if (pfh_inet6 == NULL)
return ENOENT;
-#endif
- pfil_remove_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
- pfil_remove_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK,
pfh_inet);
-#ifdef INET6
pfil_remove_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet6);
pfil_remove_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_WAITOK,
pfh_inet6);
-#endif
return 0;
}
+#endif
static int
ipfw_modevent(module_t mod, int type, void *unused)
@@ -483,28 +485,39 @@
if (ipfw_pfil_hooked) {
printf("IP firewall already loaded\n");
err = EEXIST;
- } else {
- if ((err = ipfw_init()) != 0) {
- printf("ipfw_init() error\n");
- break;
- }
- if ((err = ipfw_hook()) != 0) {
- printf("ipfw_hook() error\n");
- break;
- }
- ipfw_pfil_hooked = 1;
+ break;
+ }
+ if ((err = ipfw_init()) != 0) {
+ printf("ipfw_init() error\n");
+ break;
}
+ if ((err = ipfw_hook()) != 0) {
+ printf("ipfw_hook() error\n");
+ break;
+ }
+#ifdef INET6
+ if ((err = ipfw6_hook()) != 0) {
+ ipfw_unhook(); /* revert the ipv4 part */
+ printf("ipfw6_hook() error\n");
+ break;
+ }
+#endif
+ ipfw_pfil_hooked = 1;
break;
case MOD_UNLOAD:
- if (ipfw_pfil_hooked) {
- if ((err = ipfw_unhook()) > 0)
- break;
- ipfw_destroy();
- ipfw_pfil_hooked = 0;
- } else {
+ if (!ipfw_pfil_hooked) {
printf("IP firewall already unloaded\n");
+ break;
}
+ if ((err = ipfw_unhook()) > 0)
+ break;
+#ifdef INET6
+ if ((err = ipfw6_unhook()) > 0)
+ break;
+#endif
+ ipfw_destroy();
+ ipfw_pfil_hooked = 0;
break;
default:
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"