Page MenuHomeFreeBSD

V_irtualise ipfilter
ClosedPublic

Authored by bz on Jun 27 2016, 11:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 17, 11:48 AM
Unknown Object (File)
Thu, Oct 31, 11:34 AM
Unknown Object (File)
Wed, Oct 30, 10:32 PM
Unknown Object (File)
Oct 14 2024, 5:12 AM
Unknown Object (File)
Sep 27 2024, 10:28 AM
Unknown Object (File)
Sep 27 2024, 10:28 AM
Unknown Object (File)
Sep 27 2024, 10:28 AM
Unknown Object (File)
Sep 27 2024, 10:22 AM
Subscribers

Details

Summary
Virtualise ipfilter.  Cleanup some entirely unused parts.  Split

initializzation an teardown into module (once global) and VNET (per
virtual network stack) parts. Sadly had to add very special handling
for sysctls (see commit message in projects/vnet).

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 4376
Build 4426: arc lint + arc unit

Event Timeline

bz retitled this revision from to V_irtualise ipfilter.
bz updated this object.
bz edited the test plan for this revision. (Show Details)
bz added reviewers: gnn, emaste, cy.
bz added a subscriber: network.

I've had a chance to review some of the code but not all. Tested on my testbed gateway. No problems so far... I should be able to review the remaining code later this week.

sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
103–104

This should probably be removed through a separate commit so as not to confuse general cleanup with implementation of VNET functionality.

131

An XXX commenting why the cloner was disabled should probably be included for future reference.

cy edited edge metadata.

I can add reasons why later.

sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
217–218

Similarly for ipf_checkp and ipf_savep, genaral cleanup should be committed separately to avoid confusion with actual VNET implenentation vs general cleanup.

sys/contrib/ipfilter/netinet/ip_nat.c
280 ↗(On Diff #17955)

General cleanup should be a separate commit.

This revision is now accepted and ready to land.Jun 29 2016, 4:51 AM

I'll do the general cleanup parts separately; sure.

And I'll add a comment to the code on why the ifc event was disabled.

I'd like to commit this no later than Thu if possible, so if anyone else has further comments, please get to them today! Thanks!

bz edited edge metadata.

Remove the unrelated cleanup already committed to head.
Add comment as to why the cloned eventhandler is disabled.
Remove some #if 0ed code block, which sneaked in.

This revision now requires review to proceed.Jun 30 2016, 1:39 AM
cy edited edge metadata.
This revision is now accepted and ready to land.Jun 30 2016, 3:00 AM
This revision was automatically updated to reflect the committed changes.