From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 6 05:47:18 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E629216A4CE; Tue, 6 Jul 2004 05:47:18 +0000 (GMT) Received: from sev.net.ua (sev.net.ua [212.86.233.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id C665C43D1D; Tue, 6 Jul 2004 05:47:16 +0000 (GMT) (envelope-from shadow@psoft.net) Received: from berloga.shadowland ([213.227.237.65]) by sev.net.ua (8.12.11/8.12.9) with ESMTP id i665lAhs058144; Tue, 6 Jul 2004 08:47:10 +0300 (EEST) (envelope-from shadow@psoft.net) Received: from berloga.shadowland (berloga.shadowland [127.0.0.1]) by berloga.shadowland (8.12.10/8.12.10) with ESMTP id i665lA21008520; Tue, 6 Jul 2004 08:47:10 +0300 Received: (from root@localhost) by berloga.shadowland (8.12.10/8.12.10/Submit) id i665l9IH008518; Tue, 6 Jul 2004 08:47:09 +0300 From: Alex Lyashkov To: Julian Elischer In-Reply-To: References: Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: quoted-printable Organization: PSoft Message-Id: <1089092829.7827.17.camel@berloga.shadowland> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 (1.4.5-1) Date: Tue, 06 Jul 2004 08:47:09 +0300 cc: hackers@freebsd.org cc: "Christian S.J. Peron" Subject: Re: [patch] attach ipfw rules to jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2004 05:47:19 -0000 =F7 =F7=D4=D2, 06.07.2004, =D7 08:34, Julian Elischer =D0=C9=DB=C5=D4: > vimage is a good idea but it has great problems in an expandable world. > (i.e. with systems that use klds a lot) >=20 > It relies on all globals being moved to a structure, but > the structure needs to be defined at compile time so it can not be > expanded when a module is loaded to accomodate the globasl from that > module. Thsi COULD be solved by adding an extra level of indirection > for all globals but that is a lot of overhead, and it could be resolved > using something similar to the TLS (thread local storage) > technology being developed but it would still be a non trivial bit of > work to make it a production quality system. >=20 > Julian I do not know who work TLS (if it easy please explain it) but my view for this problem - if for this module not reserve place at global structure - use private per module storage where placed reference from global prison structure to module data. And add 2 callback`s - init/destroy prison context. Or other way - add to prison array where each modules been registered pointer to data associated with this module at this prison context.=20 I use similar way where add per vps ipsec support at FreeVPS. --=20 Alex Lyashkov PSoft