diff options
| author | Rob Gulewich <robert.gulewich@joyent.com> | 2014-06-18 19:03:17 +0000 |
|---|---|---|
| committer | Rob Gulewich <robert.gulewich@joyent.com> | 2014-06-18 22:35:25 +0000 |
| commit | f5ce2481f499cfe40f0d77c736ac4f7889c545b7 (patch) | |
| tree | b9afb961f5f56d7cc73f91c4f2aaa41fa3c6c8dd | |
| parent | 2d41ab915236f96218fdba25b2280c2497d6798c (diff) | |
| download | illumos-joyent-f5ce2481f499cfe40f0d77c736ac4f7889c545b7.tar.gz | |
OS-3119 Enabling firewall fails with "ioctl(SIOCIPFFL): I/O error"
Reviewed by: Robert Mustacchi <rm@joyent.com>
| -rw-r--r-- | usr/src/uts/common/inet/ipf/ip_fil_solaris.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/usr/src/uts/common/inet/ipf/ip_fil_solaris.c b/usr/src/uts/common/inet/ipf/ip_fil_solaris.c index 51d592617b..7ece4fead6 100644 --- a/usr/src/uts/common/inet/ipf/ip_fil_solaris.c +++ b/usr/src/uts/common/inet/ipf/ip_fil_solaris.c @@ -162,9 +162,13 @@ char *hook6_loop_out_gz = "ipfilter_hook6_loop_out_gz"; /* vnd IPv4/v6 hook names */ char *hook4_vnd_in = "ipfilter_hookvndl3v4_in"; +char *hook4_vnd_in_gz = "ipfilter_hookvndl3v4_in_gz"; char *hook6_vnd_in = "ipfilter_hookvndl3v6_in"; +char *hook6_vnd_in_gz = "ipfilter_hookvndl3v6_in_gz"; char *hook4_vnd_out = "ipfilter_hookvndl3v4_out"; +char *hook4_vnd_out_gz = "ipfilter_hookvndl3v4_out_gz"; char *hook6_vnd_out = "ipfilter_hookvndl3v6_out"; +char *hook6_vnd_out_gz = "ipfilter_hookvndl3v6_out_gz"; /* ------------------------------------------------------------------------ */ /* Function: ipldetach */ @@ -487,10 +491,10 @@ ipf_stack_t *ifs; if (ifs->ifs_ipf_vndl3v4 == NULL) goto hookup_failed; - HOOK_INIT(ifs->ifs_ipfhookvndl3v4_in, ipf_hookvndl3v4_in, - hook4_vnd_in, ifs); - HOOK_INIT(ifs->ifs_ipfhookvndl3v4_out, ipf_hookvndl3v4_out, - hook4_vnd_out, ifs); + HOOK_INIT_GZ_BEFORE(ifs->ifs_ipfhookvndl3v4_in, ipf_hookvndl3v4_in, + hook4_vnd_in, hook4_vnd_in_gz, ifs); + HOOK_INIT_GZ_AFTER(ifs->ifs_ipfhookvndl3v4_out, ipf_hookvndl3v4_out, + hook4_vnd_out, hook4_vnd_out_gz, ifs); ifs->ifs_hookvndl3v4_physical_in = (net_hook_register(ifs->ifs_ipf_vndl3v4, NH_PHYSICAL_IN, ifs->ifs_ipfhookvndl3v4_in) == 0); if (!ifs->ifs_hookvndl3v4_physical_in) @@ -509,10 +513,10 @@ ipf_stack_t *ifs; if (ifs->ifs_ipf_vndl3v6 == NULL) goto hookup_failed; - HOOK_INIT(ifs->ifs_ipfhookvndl3v6_in, ipf_hookvndl3v6_in, - hook6_vnd_in, ifs); - HOOK_INIT(ifs->ifs_ipfhookvndl3v6_out, ipf_hookvndl3v6_out, - hook6_vnd_out, ifs); + HOOK_INIT_GZ_BEFORE(ifs->ifs_ipfhookvndl3v6_in, ipf_hookvndl3v6_in, + hook6_vnd_in, hook6_vnd_in_gz, ifs); + HOOK_INIT_GZ_AFTER(ifs->ifs_ipfhookvndl3v6_out, ipf_hookvndl3v6_out, + hook6_vnd_out, hook6_vnd_out_gz, ifs); ifs->ifs_hookvndl3v6_physical_in = (net_hook_register(ifs->ifs_ipf_vndl3v6, NH_PHYSICAL_IN, ifs->ifs_ipfhookvndl3v6_in) == 0); if (!ifs->ifs_hookvndl3v6_physical_in) |