From nobody@FreeBSD.org  Thu Nov 11 21:04:24 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7C091106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Nov 2010 21:04:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 6B3E98FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Nov 2010 21:04:24 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id oABL4OA5039527
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Nov 2010 21:04:24 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id oABL4OSv039525;
	Thu, 11 Nov 2010 21:04:24 GMT
	(envelope-from nobody)
Message-Id: <201011112104.oABL4OSv039525@www.freebsd.org>
Date: Thu, 11 Nov 2010 21:04:24 GMT
From: "John A. Murphy" <murf@perftech.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: vnet_pfil_init() happens too late if pfil_head_register() is  called from if_ethersubr.c 
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         152148
>Category:       kern
>Synopsis:       [pfil] vnet_pfil_init() happens too late if pfil_head_register() is called from if_ethersubr.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gnn
>State:          suspended
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 11 21:10:05 UTC 2010
>Closed-Date:    
>Last-Modified:  Sun May 18 05:00:38 UTC 2014
>Originator:     John A. Murphy
>Release:        8.1-Release
>Organization:
PerfTech
>Environment:
FreeBSD freebsd64.perftech.com 8.1-RELEASE FreeBSD 8.1-RELEASE #12: Fri Oct 29 14:07:28 CDT 2010
root@freebsd64.perftech.com:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
I'd like to add a pfil_hook in if_ethersubr.c, similar to the one in NetBSD, but
vnet_pfil_init() happens AFTER ether_ifattach(), so the filter registered in either_ifattach()is lost when vnet_pfil_init() invokes LIST_INIT(&V_pfil_head_list).

>How-To-Repeat:
Build a kernel that registers a pfil_hook in ether_ifattach() and load a module that tries to use that filter.  OR --- look at the code and take my word for it.
>Fix:
Unknown --- maybe change order of execution.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Nov 12 21:13:58 UTC 2010 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152148 
Responsible-Changed-From-To: freebsd-net->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Thu Nov 18 06:16:28 UTC 2010 
Responsible-Changed-Why:  
I have shuffled things for vnets already. Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152148 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org, murf@perftech.com
Cc:  
Subject: Re: kern/152148: [pfil] vnet_pfil_init() happens too late if
 pfil_head_register() is called from if_ethersubr.c
Date: Thu, 18 Nov 2010 06:18:43 +0000 (UTC)

 Hey,  want to send a patch for what exactly you need and we can
 test or discuss it?
State-Changed-From-To: open->feedback 
State-Changed-By: bz 
State-Changed-When: Thu Nov 18 09:04:52 UTC 2010 
State-Changed-Why:  
Asked for further information. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152148 

From: "John A. Murphy" <murf@perftech.com>
To: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/152148: [pfil] vnet_pfil_init() happens too late if pfil_head_register()
 is called from if_ethersubr.c
Date: Thu, 18 Nov 2010 05:32:32 -0600

 The fix suggested by Julian works for me --- edit pfil.c and replace 
 SI_SUB_PROTO_BEGIN with (SI_SUB_INIT_IF - 1)
 
 Murf
 
 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: "John A. Murphy" <murf@perftech.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/152148: [pfil] vnet_pfil_init() happens too late if
 pfil_head_register() is called from if_ethersubr.c
Date: Thu, 18 Nov 2010 12:24:30 +0000 (UTC)

 On Thu, 18 Nov 2010, John A. Murphy wrote:
 
 > The fix suggested by Julian works for me --- edit pfil.c and replace 
 > SI_SUB_PROTO_BEGIN with (SI_SUB_INIT_IF - 1)
 
 That still doesn't explain the larger thing you are doing;-)  Is it
 something private or are you porting functionality over from NetBSD
 to be included in FreeBSD?
 
 Looking into p4 I have an own SI for it:
 
 http://p4web.freebsd.org/@md=d&cd=//depot/user/bz/vimage/src/sys/net/&cdf=//depot/user/bz/vimage/src/sys/net/pfil.c&c=2PY@//depot/user/bz/vimage/src/sys/net/pfil.c?ac=64&rev1=5
 
 that I have put onto 0x8100000.
 
 http://p4web.freebsd.org/@md=d&cd=//depot/user/bz/vimage/src/sys/sys/&cdf=//depot/user/bz/vimage/src/sys/sys/kernel.h&c=EfO@//depot/user/bz/vimage/src/sys/sys/kernel.h?ac=64&rev1=7
 
 Putting it onto SI_SUB_INIT_IF - 1  really doesn't sounds like
 a good idea to me but only a bad hack (that might be ok for you
 locally).
 
 I'd be happy to move it front to SI_SUB_INIT_IF, SI_ORDER_MIDDLE maybe
 or really move the SI_SUB_PROTO_PFIL (renaming it) before
 SI_SUB_INIT_IF if it's something we'd need for FreeBSD, say adding the
 L2 filtering hooks, that are currently private to only ipfw.
 
 The problem that immediately comes with it is network stack teardown,
 which will be complicated by that (but nothing we cannot solve though;-)
 
 /bz
 
 -- 
 Bjoern A. Zeeb                              Welcome a new stage of life.
          <ks> Going to jail sucks -- <bz> All my daemons like it!
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html

From: "John A. Murphy" <murf@perftech.com>
To: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/152148: [pfil] vnet_pfil_init() happens too late if pfil_head_register()
 is called from if_ethersubr.c
Date: Thu, 18 Nov 2010 08:16:55 -0600

 Aha, I misunderstood your question!  It's basically something private.  
 We're looking into porting an app to FreeBSD, and we need a hook in 
 ifethersubr.c.  There seems to be a great deal of variety across 
 operating systems as to what pfil hooks are supported, and I thought it 
 would be easier to build my own kernel than to campaign for additional 
 hooks --- but I didn't count on the complications introduced by vnet, 
 something for which we have no use.  I'm a newcomer to FreeBSD, and I 
 don't want to get involved in the intricacies of startup and teardown 
 (at least not yet).  I just wanted to point out a problem --- if the 
 response had been "you shouldn't be adding hooks there", that would have 
 been fine.  Our requirements are admittedly unusual.  Calling 
 vnet_pfil_init() earlier in the game solves my immediate problem, and 
 lets me continue with my evaluation.  The details of exactly how that is 
 accomplished are unimportant to me.  I never meant to imply that the 
 change to (SI_SUB_INIT_IF - 1) would actually be implemented in released 
 code, only that that change did indeed solve the problem.  Sorry for any 
 confusion I may have caused!
 
 Murf
 
 Bjoern A. Zeeb wrote:
 > On Thu, 18 Nov 2010, John A. Murphy wrote:
 >
 >> The fix suggested by Julian works for me --- edit pfil.c and replace 
 >> SI_SUB_PROTO_BEGIN with (SI_SUB_INIT_IF - 1)
 >
 > That still doesn't explain the larger thing you are doing;-)  Is it
 > something private or are you porting functionality over from NetBSD
 > to be included in FreeBSD?
 >
 > Looking into p4 I have an own SI for it:
 >
 > http://p4web.freebsd.org/@md=d&cd=//depot/user/bz/vimage/src/sys/net/&cdf=//depot/user/bz/vimage/src/sys/net/pfil.c&c=2PY@//depot/user/bz/vimage/src/sys/net/pfil.c?ac=64&rev1=5 
 >
 >
 > that I have put onto 0x8100000.
 >
 > http://p4web.freebsd.org/@md=d&cd=//depot/user/bz/vimage/src/sys/sys/&cdf=//depot/user/bz/vimage/src/sys/sys/kernel.h&c=EfO@//depot/user/bz/vimage/src/sys/sys/kernel.h?ac=64&rev1=7 
 >
 >
 > Putting it onto SI_SUB_INIT_IF - 1  really doesn't sounds like
 > a good idea to me but only a bad hack (that might be ok for you
 > locally).
 >
 > I'd be happy to move it front to SI_SUB_INIT_IF, SI_ORDER_MIDDLE maybe
 > or really move the SI_SUB_PROTO_PFIL (renaming it) before
 > SI_SUB_INIT_IF if it's something we'd need for FreeBSD, say adding the
 > L2 filtering hooks, that are currently private to only ipfw.
 >
 > The problem that immediately comes with it is network stack teardown,
 > which will be complicated by that (but nothing we cannot solve though;-)
 >
 > /bz
 >

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: "John A. Murphy" <murf@perftech.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/152148: [pfil] vnet_pfil_init() happens too late if
 pfil_head_register() is called from if_ethersubr.c
Date: Thu, 18 Nov 2010 15:41:09 +0000 (UTC)

 On Thu, 18 Nov 2010, John A. Murphy wrote:
 
 Hi,
 
 Well, it's good to know anyway and if we can help you easily setting
 it early enough, we'll certainly do.  I'll try to update my work in
 progress and merge it to HEAD.  Not sure it'll make 8.2-R and 7.4-R
 but it can certainly make later releases.
 
 I'll also have to look at what NetBSD has there.
 
 /bz
 
 -- 
 Bjoern A. Zeeb                              Welcome a new stage of life.
          <ks> Going to jail sucks -- <bz> All my daemons like it!
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html
State-Changed-From-To: feedback->suspended 
State-Changed-By: bz 
State-Changed-When: Sat Mar 12 09:44:54 UTC 2011 
State-Changed-Why:  
The problem is understood and should be addressed with either 
upcoming vnet or upcoming firewall work.  Until then suspend 
to keep it around as a reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152148 
Responsible-Changed-From-To: bz->gnn 
Responsible-Changed-By: bz 
Responsible-Changed-When: Sun May 18 05:00:28 UTC 2014 
Responsible-Changed-Why:  
I shall not use bugzilla (at least until we will have a CLI). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152148 
>Unformatted:
