From 79c1f884ef6881dc506df5a23203f4cc0a447a35 Mon Sep 17 00:00:00 2001 From: julian Date: Sun, 11 Oct 2009 05:59:43 +0000 Subject: Virtualize the pfil hooks so that different jails may chose different packet filters. ALso allows ipfw to be enabled on on ejail and disabled on another. In 8.0 it's a global setting. Sitting aroung in tree waiting to commit for: 2 months MFC after: 2 months --- sys/netinet/ip_var.h | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'sys/netinet/ip_var.h') diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index 448ba3d..a1d2166 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -244,14 +244,20 @@ extern int (*ip_rsvp_vif)(struct socket *, struct sockopt *); extern void (*ip_rsvp_force_done)(struct socket *); extern void (*rsvp_input_p)(struct mbuf *m, int off); -extern struct pfil_head inet_pfil_hook; /* packet filter hooks */ +VNET_DECLARE(struct pfil_head, inet_pfil_hook); /* packet filter hooks */ +#define V_inet_pfil_hook VNET(inet_pfil_hook) void in_delayed_cksum(struct mbuf *m); /* ipfw and dummynet hooks. Most are declared in raw_ip.c */ struct ip_fw_args; -extern int (*ip_fw_chk_ptr)(struct ip_fw_args *args); -extern int (*ip_fw_ctl_ptr)(struct sockopt *); +typedef int (*ip_fw_chk_ptr_t)(struct ip_fw_args *args); +typedef int (*ip_fw_ctl_ptr_t)(struct sockopt *); +VNET_DECLARE(ip_fw_chk_ptr_t, ip_fw_chk_ptr); +VNET_DECLARE(ip_fw_ctl_ptr_t, ip_fw_ctl_ptr); +#define V_ip_fw_chk_ptr VNET(ip_fw_chk_ptr) +#define V_ip_fw_ctl_ptr VNET(ip_fw_ctl_ptr) + extern int (*ip_dn_ctl_ptr)(struct sockopt *); extern int (*ip_dn_io_ptr)(struct mbuf **m, int dir, struct ip_fw_args *fwa); extern void (*ip_dn_ruledel_ptr)(void *); /* in ip_fw2.c */ -- cgit v1.1