Print this page
OS-7667 IPFilter needs to keep and report state for cloud firewall logging
Portions contributed by: Mike Gerdts <mike.gerdts@joyent.com>
@@ -4,11 +4,11 @@
* See the IPFILTER.LICENCE file for details on licencing.
*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
- * Copyright (c) 2014, Joyent, Inc. All rights reserved.
+ * Copyright 2019 Joyent, Inc.
*/
/*
* ipfilter kernel module mutexes and locking:
*
@@ -114,11 +114,11 @@
static void ipf_stack_destroy __P((const netid_t, void *));
static void ipf_stack_shutdown __P((const netid_t, void *));
static int ipf_property_g_update __P((dev_info_t *));
static char *ipf_devfiles[] = { IPL_NAME, IPNAT_NAME, IPSTATE_NAME,
IPAUTH_NAME, IPSYNC_NAME, IPSCAN_NAME,
- IPLOOKUP_NAME, NULL };
+ IPLOOKUP_NAME, IPFEV_NAME, NULL };
extern void *ipf_state; /* DDI state */
extern vmem_t *ipf_minor; /* minor number arena */
static struct cb_ops ipf_cb_ops = {
iplopen,
@@ -739,10 +739,13 @@
goto attach_failed;
}
ipf_dev_info = dip;
+ if (ipf_cfw_ring_resize(IPF_CFW_RING_ALLOCATE) != 0)
+ goto attach_failed;
+
ipfncb = net_instance_alloc(NETINFO_VERSION);
if (ipfncb == NULL)
goto attach_failed;
ipfncb->nin_name = "ipf";
@@ -766,10 +769,11 @@
default:
break;
}
attach_failed:
+ (void) ipf_cfw_ring_resize(IPF_CFW_RING_DESTROY);
ddi_remove_minor_node(dip, NULL);
ddi_prop_remove_all(dip);
ddi_soft_state_fini(&ipf_state);
return (DDI_FAILURE);
}
@@ -793,10 +797,11 @@
* Undo what we did in ipf_attach, freeing resources
* and removing things we installed. The system
* framework guarantees we are not active with this devinfo
* node in any other entry points at this time.
*/
+ (void) ipf_cfw_ring_resize(IPF_CFW_RING_DESTROY);
ddi_prop_remove_all(dip);
i = ddi_get_instance(dip);
ddi_remove_minor_node(dip, NULL);
if (i > 0) {
cmn_err(CE_CONT, "IP Filter: still attached (%d)\n", i);