6493109 pfil SMF service isn't removed on an upgrade

6498408 fr_slowtimer is inactive 6498986 ipfilter complains bad l4 checksum for loopback packets which hit ftp proxy rules
author: yx160601 <none@none> 2007-01-07 08:10:47 -0800
committer: yx160601 <none@none> 2007-01-07 08:10:47 -0800
commit: ca8c705492a4b40b684b4dbb187d208971f49f2c (patch)
tree: 35ad35c34e316d1bf4d2a277cb75ea9f0dbad51a /usr/src
parent: ad59b69d8d8982a0588be30a82c602e8cb5c67fb (diff)
download: illumos-gate-ca8c705492a4b40b684b4dbb187d208971f49f2c.tar.gz
4 files changed, 65 insertions, 34 deletions
diff --git a/usr/src/pkgdefs/SUNWipfr/Makefile b/usr/src/pkgdefs/SUNWipfr/Makefile
index 3242a7e5e4..e7cf9730b2 100644
--- a/usr/src/pkgdefs/SUNWipfr/Makefile
+++ b/usr/src/pkgdefs/SUNWipfr/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
@@ -11,7 +11,7 @@ DATAFILES = depend i.preserve i.manifest
 
 .KEEP_STATE:
 
-all: $(FILES) preremove
+all: $(FILES) preremove postinstall
 install: all pkg
 
 include ../Makefile.targ
diff --git a/usr/src/pkgdefs/SUNWipfr/postinstall b/usr/src/pkgdefs/SUNWipfr/postinstall
new file mode 100644
index 0000000000..24709bb0ab
--- /dev/null
+++ b/usr/src/pkgdefs/SUNWipfr/postinstall
@@ -0,0 +1,37 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+
+#
+# Remove stale pfil services
+#
+cat >> $BASEDIR/var/svc/profile/upgrade <<\_PFIL
+if [ `/sbin/zonename` = global ]; then
+	svcadm disable -s svc:/network/pfil:default >/dev/null 2>&1
+	svccfg delete svc:/network/pfil:default >/dev/null 2>&1
+fi
+_PFIL
+
+exit 0
diff --git a/usr/src/pkgdefs/SUNWipfr/prototype_com b/usr/src/pkgdefs/SUNWipfr/prototype_com
index a0d550faba..39bf9a08aa 100644
--- a/usr/src/pkgdefs/SUNWipfr/prototype_com
+++ b/usr/src/pkgdefs/SUNWipfr/prototype_com
@@ -19,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
@@ -39,6 +39,7 @@ i pkginfo
 i copyright
 i depend
 i preremove
+i postinstall
 i i.manifest
 i i.preserve
 #
diff --git a/usr/src/uts/common/inet/ipf/ip_fil_solaris.c b/usr/src/uts/common/inet/ipf/ip_fil_solaris.c
index 05e8e8e9c4..738f257ac7 100644
--- a/usr/src/uts/common/inet/ipf/ip_fil_solaris.c
+++ b/usr/src/uts/common/inet/ipf/ip_fil_solaris.c
@@ -3,7 +3,7 @@
  *
  * See the IPFILTER.LICENCE file for details on licencing.
  *
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -85,6 +85,8 @@ static	int	ipf_hook __P((hook_data_t, int, int));
 
 static	hook_t	ipfhook_in;
 static	hook_t	ipfhook_out;
+static  hook_t  ipfhook_loop_in;
+static  hook_t  ipfhook_loop_out;
 static	hook_t	ipfhook_nicevents;
 
 /* flags to indicate whether hooks are registered. */
@@ -183,11 +185,11 @@ int ipldetach()
 		}
 		if (hook6_loopback_in) {
 			hook6_loopback_in = (net_unregister_hook(ipf_ipv6,
-			    NH_LOOPBACK_IN, &ipfhook_in) != 0);
+			    NH_LOOPBACK_IN, &ipfhook_loop_in) != 0);
 		}
 		if (hook6_loopback_out) {
 			hook6_loopback_out = (net_unregister_hook(ipf_ipv6,
-			    NH_LOOPBACK_OUT, &ipfhook_out) != 0);
+			    NH_LOOPBACK_OUT, &ipfhook_loop_out) != 0);
 		}
 
 		if (net_release(ipf_ipv6) != 0)
@@ -213,11 +215,11 @@ int ipldetach()
 		}
 		if (hook4_loopback_in) {
 			hook4_loopback_in = (net_unregister_hook(ipf_ipv4,
-			    NH_LOOPBACK_IN, &ipfhook_in) != 0);
+			    NH_LOOPBACK_IN, &ipfhook_loop_in) != 0);
 		}
 		if (hook4_loopback_out) {
 			hook4_loopback_out = (net_unregister_hook(ipf_ipv4,
-			    NH_LOOPBACK_OUT, &ipfhook_out) != 0);
+			    NH_LOOPBACK_OUT, &ipfhook_loop_out) != 0);
 		}
 
 		if (net_release(ipf_ipv4) != 0)
@@ -281,6 +283,9 @@ int iplattach __P((void))
 		  "ipfilter_hook_nicevents");
 	HOOK_INIT(&ipfhook_in, ipf_hook_in, "ipfilter_hook_in");
 	HOOK_INIT(&ipfhook_out, ipf_hook_out, "ipfilter_hook_out");
+	HOOK_INIT(&ipfhook_loop_in, ipf_hook_loop_in, "ipfilter_hook_loop_in");
+	HOOK_INIT(&ipfhook_loop_out, ipf_hook_loop_out,
+	    "ipfilter_hook_loop_out");
 
 	/*
 	 * If we hold this lock over all of the net_register_hook calls, we
@@ -302,28 +307,24 @@ int iplattach __P((void))
 	if (!hook4_nic_events)
 		goto hookup_failed;
 
-	ipfhook_in.h_func = ipf_hook_in;
 	hook4_physical_in = (net_register_hook(ipf_ipv4, NH_PHYSICAL_IN,
 	    &ipfhook_in) == 0);
 	if (!hook4_physical_in)
 		goto hookup_failed;
 
-	ipfhook_in.h_func = ipf_hook_out;
 	hook4_physical_out = (net_register_hook(ipf_ipv4, NH_PHYSICAL_OUT,
 	    &ipfhook_out) == 0);
 	if (!hook4_physical_out)
 		goto hookup_failed;
 
 	if (ipf_loopback) {
-		ipfhook_in.h_func = ipf_hook_loop_in;
 		hook4_loopback_in = (net_register_hook(ipf_ipv4,
-		    NH_LOOPBACK_IN, &ipfhook_in) == 0);
+		    NH_LOOPBACK_IN, &ipfhook_loop_in) == 0);
 		if (!hook4_loopback_in)
 			goto hookup_failed;
 
-		ipfhook_in.h_func = ipf_hook_loop_out;
 		hook4_loopback_out = (net_register_hook(ipf_ipv4,
-		    NH_LOOPBACK_OUT, &ipfhook_out) == 0);
+		    NH_LOOPBACK_OUT, &ipfhook_loop_out) == 0);
 		if (!hook4_loopback_out)
 			goto hookup_failed;
 	}
@@ -341,28 +342,24 @@ int iplattach __P((void))
 	if (!hook6_nic_events)
 		goto hookup_failed;
 
-	ipfhook_in.h_func = ipf_hook_in;
 	hook6_physical_in = (net_register_hook(ipf_ipv6, NH_PHYSICAL_IN,
 	    &ipfhook_in) == 0);
 	if (!hook6_physical_in)
 		goto hookup_failed;
 
-	ipfhook_in.h_func = ipf_hook_out;
 	hook6_physical_out = (net_register_hook(ipf_ipv6, NH_PHYSICAL_OUT,
 	    &ipfhook_out) == 0);
 	if (!hook6_physical_out)
 		goto hookup_failed;
 
 	if (ipf_loopback) {
-		ipfhook_in.h_func = ipf_hook_loop_in;
 		hook6_loopback_in = (net_register_hook(ipf_ipv6,
-		    NH_LOOPBACK_IN, &ipfhook_in) == 0);
+		    NH_LOOPBACK_IN, &ipfhook_loop_in) == 0);
 		if (!hook6_loopback_in)
 			goto hookup_failed;
 
-		ipfhook_in.h_func = ipf_hook_loop_out;
 		hook6_loopback_out = (net_register_hook(ipf_ipv6,
-		    NH_LOOPBACK_OUT, &ipfhook_out) == 0);
+		    NH_LOOPBACK_OUT, &ipfhook_loop_out) == 0);
 		if (!hook6_loopback_out)
 			goto hookup_failed;
 	}
@@ -440,22 +437,22 @@ int set;
 		ipf_loopback = 1;
 
 		hook4_loopback_in = (net_register_hook(ipf_ipv4,
-		    NH_LOOPBACK_IN, &ipfhook_in) == 0);
+		    NH_LOOPBACK_IN, &ipfhook_loop_in) == 0);
 		if (!hook4_loopback_in)
 			return EINVAL;
 
 		hook4_loopback_out = (net_register_hook(ipf_ipv4,
-		    NH_LOOPBACK_OUT, &ipfhook_out) == 0);
+		    NH_LOOPBACK_OUT, &ipfhook_loop_out) == 0);
 		if (!hook4_loopback_out)
 			return EINVAL;
 
 		hook6_loopback_in = (net_register_hook(ipf_ipv6,
-		    NH_LOOPBACK_IN, &ipfhook_in) == 0);
+		    NH_LOOPBACK_IN, &ipfhook_loop_in) == 0);
 		if (!hook6_loopback_in)
 			return EINVAL;
 
 		hook6_loopback_out = (net_register_hook(ipf_ipv6,
-		    NH_LOOPBACK_OUT, &ipfhook_out) == 0);
+		    NH_LOOPBACK_OUT, &ipfhook_loop_out) == 0);
 		if (!hook6_loopback_out)
 			return EINVAL;
 
@@ -463,22 +460,22 @@ int set;
 		ipf_loopback = 0;
 
 		hook4_loopback_in = (net_unregister_hook(ipf_ipv4,
-		    NH_LOOPBACK_IN, &ipfhook_in) != 0);
+		    NH_LOOPBACK_IN, &ipfhook_loop_in) != 0);
 		if (hook4_loopback_in)
 			return EBUSY;
 
 		hook4_loopback_out = (net_unregister_hook(ipf_ipv4,
-		    NH_LOOPBACK_OUT, &ipfhook_out) != 0);
+		    NH_LOOPBACK_OUT, &ipfhook_loop_out) != 0);
 		if (hook4_loopback_out)
 			return EBUSY;
 
 		hook6_loopback_in = (net_unregister_hook(ipf_ipv6,
-		    NH_LOOPBACK_IN, &ipfhook_in) != 0);
+		    NH_LOOPBACK_IN, &ipfhook_loop_in) != 0);
 		if (hook6_loopback_in)
 			return EBUSY;
 
 		hook6_loopback_out = (net_unregister_hook(ipf_ipv6,
-		    NH_LOOPBACK_OUT, &ipfhook_out) != 0);
+		    NH_LOOPBACK_OUT, &ipfhook_loop_out) != 0);
 		if (hook6_loopback_out)
 			return EBUSY;
 	}
@@ -1386,12 +1383,8 @@ void fr_slowtimer __P((void *ptr))
 {
 
 	WRITE_ENTER(&ipf_global);
-	if (fr_running <= 0) {
-		if (fr_running == -1)
-			fr_timer_id = timeout(fr_slowtimer, NULL,
-					      drv_usectohz(500000));
-		else
-			fr_timer_id = NULL;
+	if (fr_running == -1 || fr_running == 0) {
+		fr_timer_id = timeout(fr_slowtimer, NULL, drv_usectohz(500000));
 		RWLOCK_EXIT(&ipf_global);
 		return;
 	}
author	yx160601 <none@none>	2007-01-07 08:10:47 -0800
committer	yx160601 <none@none>	2007-01-07 08:10:47 -0800
commit	ca8c705492a4b40b684b4dbb187d208971f49f2c (patch)
tree	35ad35c34e316d1bf4d2a277cb75ea9f0dbad51a /usr/src
parent	ad59b69d8d8982a0588be30a82c602e8cb5c67fb (diff)
download	illumos-gate-ca8c705492a4b40b684b4dbb187d208971f49f2c.tar.gz