From owner-freebsd-net@FreeBSD.ORG Thu Nov 20 08:21:01 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3F798598; Thu, 20 Nov 2014 08:21:01 +0000 (UTC) Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AA620FD; Thu, 20 Nov 2014 08:21:00 +0000 (UTC) Received: by mail-la0-f42.google.com with SMTP id s18so2034931lam.1 for ; Thu, 20 Nov 2014 00:20:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=HC8k3sf1yl1013ly/RhyhHoDqd61uBL5oJF5jCMXjJk=; b=Q8TYRHNMLnC6fqc1qhlhjtHBBklEpmhgwtFCVGqi2wSGDer+E0Zrog1t3yXX4E/jKw 3aJwXUzw2f/9MJhsSgwH/8LtHgCzzXF7ind3+DqCroQeIJhjeDqtARrWcI/GXBRk+6hQ zCaP6c4dzV2aHdDVNMCiv1IvxNlZW3WEPuCuEhwivfhwMq/elboiG9ccSf0BOw+nRDl2 AM1zAr31APlHZUZIHWMAZG1oGkSvvXu/6D+gj7euUNwOJuFxJ2qwE+Ad1/j9ojvHd5Yy LnDurWmVLtT/gHe1yUvKDILuVAws1m0N90FfhJ6p4kTg7kpPnj56hMf65MI7CBy3Q0LU dTVg== MIME-Version: 1.0 X-Received: by 10.152.28.193 with SMTP id d1mr4878344lah.17.1416471658691; Thu, 20 Nov 2014 00:20:58 -0800 (PST) Sender: crodr001@gmail.com Received: by 10.112.130.168 with HTTP; Thu, 20 Nov 2014 00:20:58 -0800 (PST) In-Reply-To: <201411200232.sAK2Wo2E015272@slippy.cwsent.com> References: <201411200232.sAK2Wo2E015272@slippy.cwsent.com> Date: Thu, 20 Nov 2014 00:20:58 -0800 X-Google-Sender-Auth: D_PobwYUiSFK86vjE_cB9IXF5ek Message-ID: Subject: Re: VIMAGE + ipfilter fix From: Craig Rodrigues To: Cy Schubert Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Net , Cy Schubert X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2014 08:21:01 -0000 On Wed, Nov 19, 2014 at 6:32 PM, Cy Schubert wrote: > In message > om> > , Craig Rodrigues writes: > > Hi, > > > > Can folks take a look at this? > > > > https://reviews.freebsd.org/D1191 > > > > It fixes a crash in ipfilter when a VIMAGE kernel is booted. > > Tested here. It addresses the issue. > > Looking at pf however, global variables were made VIMAGE aware. I've been > working on the global variables since yesterday afternoon (fixing other > issues along the way). If you want I can commit or you can. I'll continue > to work on completing the work I started. > There are two issues here: (1) Eliminating kernel panics that occur when someone boots a VIMAGE kernel, and uses ipfilter but not inside a vnet jail. (2) Virtualizing the variables inside ipfilter so that ipfilter can be used inside a vnet jail. With this patch, I made good headway on fixing (1). I am definitely not signing up to do (2). However, since you are working on it, that is good, so at least some progress. Thanks for doing the review, and taking on the task of fixing ipfilter. I appreciate your help, and efforts. I have done the commit. -- Craig