Prepare for network stack as a module: Move protocol-specific functionality out of common jail-related source files.
ClosedPublic
Actions

Authored by stevek on Jun 10 2016, 1:47 PM.

Details

Reviewers

jtl
gnn

Commits

rS303863: Move IPv4-specific jail functions to new file netinet/in_jail.c

Summary

Network stack as a module: Move protocol-specific functionality out of common jail-related source files.

Move IPv4-specific jail functions to new file netinet/in_jail.c
_prison_check_ip4 renamed to prison_check_ip4_locked

Move IPv6-specific jail functions to new file netinet6/in6_jail.c
_prison_check_ip6 renamed to prison_check_ip6_locked

Add appropriate prototypes to sys/sys/jail.h

Adjust kern_jail.c to call prison_check_ip4_locked and prison_check_ip6_locked accordingly.

Add netinet/in_jail.c and netinet6/in6_jail.c to the list of files that need to be built when INET and INET6, respectively, are configured in the kernel configuration file.

Note: this is only the first step, more needs to be done to separate the protocol-specific data from jail structures, handle configuration, etc.

Obtained from: Juniper Networks, Inc.

Test Plan

Built LINT and LINT-NOIP kernels.
Booted kernel for amd64 in VM and arm on RPI2.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

stevek updated this revision to Diff 17494.Jun 10 2016, 1:47 PM

stevek retitled this revision from to Prepare for network stack as a module: Move protocol-specific functionality out of common jail-related source files..

stevek updated this object.

stevek edited the test plan for this revision. (Show Details)

stevek added a reviewer: gnn.

stevek set the repository for this revision to rS FreeBSD src repository - subversion.

stevek added subscribers: transport, jtl, sjg.

Herald added a subscriber: imp. · View Herald TranscriptJun 10 2016, 1:47 PM

stevek updated this object.Jun 10 2016, 1:49 PM

stevek updated this object.

See comments. After those changes are made, it looks like it should be OK. But, I'd prefer a second set of eyes...

sys/netinet6/in6_jail.c
147 ↗	(On Diff #17494)	should be pr_ip6s?
sys/sys/jail.h
395 ↗	(On Diff #17494)	Please be consistent in using (or not using) parameter names. I think style(9) says you should include parameter names in kernel-only prototypes.

Updated with changes to netinet6/in6_jail.c and sys/jail.h as commented by jtl

Looks good to me. Thanks!

This revision is now accepted and ready to land.Jul 15 2016, 4:31 PM

hiren added a subscriber: network.Jul 15 2016, 4:36 PM

If there any additional reviews, please submit them this weekend. Unless I hear more comments, I plan to commit this by the end of Monday.

I'd suggest avoiding any style changes in the initial copy of code to the new locations, so diffs can more easily be checked, and changes can be more easily merged. Apply style/comment/etc changes in a separate commit.

In D6799#150249, @rwatson wrote:

I'd suggest avoiding any style changes in the initial copy of code to the new locations, so diffs can more easily be checked, and changes can be more easily merged. Apply style/comment/etc changes in a separate commit.

Sure, makes sense.