From owner-svn-src-head@FreeBSD.ORG  Thu Nov 20 08:11:55 2014
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A82A6E9;
 Thu, 20 Nov 2014 08:11:55 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7BA438D;
 Thu, 20 Nov 2014 08:11:55 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sAK8Btrb035978;
 Thu, 20 Nov 2014 08:11:55 GMT (envelope-from rodrigc@FreeBSD.org)
Received: (from rodrigc@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id sAK8Bt7Q035977;
 Thu, 20 Nov 2014 08:11:55 GMT (envelope-from rodrigc@FreeBSD.org)
Message-Id: <201411200811.sAK8Bt7Q035977@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: rodrigc set sender to
 rodrigc@FreeBSD.org using -f
From: Craig Rodrigues <rodrigc@FreeBSD.org>
Date: Thu, 20 Nov 2014 08:11:55 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r274744 - head/sys/contrib/ipfilter/netinet
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 08:11:55 -0000

Author: rodrigc
Date: Thu Nov 20 08:11:54 2014
New Revision: 274744
URL: https://svnweb.freebsd.org/changeset/base/274744

Log:
  Set the current vnet inside the ioctl handler for ipfilter.
  
  Without this fix, the vnet was NULL and would crash.
  This fix is similar to what was done inside the ioctl handler for PF.
  
  Tested by:
     (1) Boot a kernel with "options VIMAGE" enabled
     (2) Type:
  
     echo "map lo0 from 10.0.0.0/24 to ! 10.0.0.0/24 -> 127.0.0.1/32" > /etc/ipnat.rules ; service ipnat onerestart
  
  PR: 176992
  Differential Revision: https://reviews.freebsd.org/D1191
  Reviewed by: cy

Modified:
  head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c

Modified: head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
==============================================================================
--- head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c	Thu Nov 20 06:32:47 2014	(r274743)
+++ head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c	Thu Nov 20 08:11:54 2014	(r274744)
@@ -33,6 +33,9 @@ static const char rcsid[] = "@(#)$Id$";
 #include <sys/time.h>
 #include <sys/systm.h>
 # include <sys/dirent.h>
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 800000)
+#include <sys/jail.h>
+#endif
 # include <sys/mbuf.h>
 # include <sys/sockopt.h>
 #if !defined(__hpux)
@@ -52,6 +55,12 @@ static const char rcsid[] = "@(#)$Id$";
 #include <netinet/ip.h>
 #include <netinet/ip_var.h>
 #include <netinet/tcp.h>
+#if defined(__FreeBSD_version) && (__FreeBSD_version >= 800000)
+#include <net/vnet.h>
+#else
+#define CURVNET_SET(arg)
+#define CURVNET_RESTORE()
+#endif
 #if defined(__osf__)
 # include <netinet/tcp_timer.h>
 #endif
@@ -323,7 +332,9 @@ ipfioctl(dev, cmd, data, mode
 
 	SPL_NET(s);
 
+	CURVNET_SET(TD_TO_VNET(p));
 	error = ipf_ioctlswitch(&ipfmain, unit, data, cmd, mode, p->p_uid, p);
+	CURVNET_RESTORE();
 	if (error != -1) {
 		SPL_X(s);
 		return error;