Differential D47545

pf: clean up pflow sockets on jail removal
ClosedPublic
Actions

Authored by kp on Wed, Nov 13, 8:29 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Nov 22, 3:30 AM

	Unknown Object (File)
	Tue, Nov 19, 1:45 AM

	Unknown Object (File)
	Mon, Nov 18, 11:22 AM

	Unknown Object (File)
	Mon, Nov 18, 11:22 AM

	Unknown Object (File)
	Fri, Nov 15, 3:55 AM

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

None

Group Reviewers

network
pfsense

Commits

rG83641335f96c: pf: clean up pflow sockets on jail removal

Summary

pflow opens sockets in the kernel to transmit netflow information.
If this is done in a (vnet) jail these sockets end up preventing the removal of
the jail. The VNET_SYSUNINIT() vnet_pflowdetach() function doesn't get called,
but that's the function that would remove the sockets.

Install a callback on the PR_METHOD_REMOVE jail callback and close the sockets
there. This ensures that the jail can get cleaned up.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kp created this revision.Wed, Nov 13, 8:29 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptWed, Nov 13, 8:29 PM

kp requested review of this revision.Wed, Nov 13, 8:29 PM

Harbormaster completed remote builds in B60524: Diff 146375.Wed, Nov 13, 8:29 PM

This revision was not accepted when it landed; it landed in state Needs Review.Mon, Nov 18, 11:23 AM

Closed by commit rG83641335f96c: pf: clean up pflow sockets on jail removal (authored by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rG83641335f96c: pf: clean up pflow sockets on jail removal.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

26 lines

Diff 146643

sys/netpfil/pf/pflow.c

Loading...