Date: Thu, 20 Nov 2014 00:20:58 -0800 From: Craig Rodrigues <rodrigc@FreeBSD.org> To: Cy Schubert <Cy.Schubert@komquats.com> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Cy Schubert <cy@freebsd.org> Subject: Re: VIMAGE + ipfilter fix Message-ID: <CAG=rPVfn7QnDSmBjJkeYQF2VeYU=aam6KMKPGXzh2b9tAYejcA@mail.gmail.com> In-Reply-To: <201411200232.sAK2Wo2E015272@slippy.cwsent.com> References: <rodrigc@FreeBSD.org> <CAG=rPVcodQDGD-v8TGaNOLZ_A6_cJM=vbWOMjxyQJ_U=EpB9Ww@mail.gmail.com> <201411200232.sAK2Wo2E015272@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 19, 2014 at 6:32 PM, Cy Schubert <Cy.Schubert@komquats.com> wrote: > In message > <CAG=rPVcodQDGD-v8TGaNOLZ_A6_cJM=vbWOMjxyQJ_U=EpB9Ww@mail.gmail.c > om> > , Craig Rodrigues writes: > > Hi, > > > > Can folks take a look at this? > > > > https://reviews.freebsd.org/D1191 > > > > It fixes a crash in ipfilter when a VIMAGE kernel is booted. > > Tested here. It addresses the issue. > > Looking at pf however, global variables were made VIMAGE aware. I've been > working on the global variables since yesterday afternoon (fixing other > issues along the way). If you want I can commit or you can. I'll continue > to work on completing the work I started. > There are two issues here: (1) Eliminating kernel panics that occur when someone boots a VIMAGE kernel, and uses ipfilter but not inside a vnet jail. (2) Virtualizing the variables inside ipfilter so that ipfilter can be used inside a vnet jail. With this patch, I made good headway on fixing (1). I am definitely not signing up to do (2). However, since you are working on it, that is good, so at least some progress. Thanks for doing the review, and taking on the task of fixing ipfilter. I appreciate your help, and efforts. I have done the commit. -- Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG=rPVfn7QnDSmBjJkeYQF2VeYU=aam6KMKPGXzh2b9tAYejcA>