Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Oct 2009 12:24:12 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        Julian Elischer <julian@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r197952 - in head/sys: net netgraph netinet netinet/ipfw netinet6
Message-ID:  <20091014115713.N5956@maildrop.int.zabbadoz.net>
In-Reply-To: <200910110559.n9B5xhNg002528@svn.freebsd.org>
References:  <200910110559.n9B5xhNg002528@svn.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 11 Oct 2009, Julian Elischer wrote:

> Author: julian
> Date: Sun Oct 11 05:59:43 2009
> New Revision: 197952
> URL: http://svn.freebsd.org/changeset/base/197952
>
> Log:
>  Virtualize the pfil hooks so that different jails may chose different
>  packet filters. ALso allows ipfw to be enabled on on ejail and disabled
>  on another. In 8.0 it's a global setting.
>
>  Sitting aroung in tree waiting to commit for: 2 months

Unfortunately this broke VIMAGE with IPSEC builds, which I just fixed.

I am not yet convinced this was the right approach but probably the
most straight forward one.


/bz

>  MFC after:	2 months
>
> Modified:
>  head/sys/net/if_bridge.c
>  head/sys/net/if_ethersubr.c
>  head/sys/net/pfil.c
>  head/sys/netgraph/ng_bridge.c
>  head/sys/netinet/ip_fastfwd.c
>  head/sys/netinet/ip_input.c
>  head/sys/netinet/ip_output.c
>  head/sys/netinet/ip_var.h
>  head/sys/netinet/ipfw/ip_fw2.c
>  head/sys/netinet/ipfw/ip_fw_pfil.c
>  head/sys/netinet/raw_ip.c
>  head/sys/netinet6/ip6_forward.c
>  head/sys/netinet6/ip6_input.c
>  head/sys/netinet6/ip6_output.c
>  head/sys/netinet6/ip6_var.h

-- 
Bjoern A. Zeeb         It will not break if you know what you are doing.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091014115713.N5956>