d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create sysctl tree dynamically. it is required to share

Browse Source 
net.inet6.ip6.fw with upcomming ipfw2 improvement for IPv6.

Requested by:	bz
This commit is contained in:
Hajimu UMEMOTO 2005-08-11 07:28:01 +00:00
parent 8e7a85fac9
commit ae12c6579e
1 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
sys/netinet6/ip6_fw.c
View File

@ -114,17 +114,9 @@ static int fw6_verbose_limit = 0;
static LIST_HEAD (ip6_fw_head, ip6_fw_chain) ip6_fw_chain; static LIST_HEAD (ip6_fw_head, ip6_fw_chain) ip6_fw_chain;
#ifdef SYSCTL_NODE
SYSCTL_DECL(_net_inet6_ip6); SYSCTL_DECL(_net_inet6_ip6);
SYSCTL_NODE(_net_inet6_ip6, OID_AUTO, fw, CTLFLAG_RW | CTLFLAG_SECURE, static struct sysctl_ctx_list ip6_fw_sysctl_ctx;
0, "Firewall"); static struct sysctl_oid *ip6_fw_sysctl_tree;
SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, enable, CTLFLAG_RW | CTLFLAG_SECURE,
&ip6_fw_enable, 0, "Enable ip6fw");
SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, debug, CTLFLAG_RW, &fw6_debug, 0, "");
SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose, CTLFLAG_RW | CTLFLAG_SECURE,
&fw6_verbose, 0, "");
SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &fw6_verbose_limit, 0, "");
#endif
#define dprintf(a) do { \ #define dprintf(a) do { \
if (fw6_debug) \ if (fw6_debug) \
@ -1245,6 +1237,22 @@ ip6_fw_init(void)
add_entry6(&ip6_fw_chain, &default_rule)) add_entry6(&ip6_fw_chain, &default_rule))
panic(__func__); panic(__func__);
/* Setup our sysctl tree */
sysctl_ctx_init(&ip6_fw_sysctl_ctx);
ip6_fw_sysctl_tree = SYSCTL_ADD_NODE(&ip6_fw_sysctl_ctx,
SYSCTL_STATIC_CHILDREN(_net_inet6_ip6), OID_AUTO, "fw",
CTLFLAG_RW | CTLFLAG_SECURE, 0, "Firewall");
SYSCTL_ADD_INT(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree),
OID_AUTO, "enable", CTLFLAG_RW | CTLFLAG_SECURE, &ip6_fw_enable, 0,
"Enable ip6fw");
SYSCTL_ADD_INT(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree),
OID_AUTO, "debug", CTLFLAG_RW, &fw6_debug, 0, "");
SYSCTL_ADD_INT(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree),
OID_AUTO, "verbose", CTLFLAG_RW | CTLFLAG_SECURE, &fw6_verbose, 0,
"");
SYSCTL_ADD_INT(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree),
OID_AUTO, "verbose_limit", CTLFLAG_RW, &fw6_verbose_limit, 0, "");
printf("IPv6 packet filtering initialized, "); printf("IPv6 packet filtering initialized, ");
#ifdef IPV6FIREWALL_DEFAULT_TO_ACCEPT #ifdef IPV6FIREWALL_DEFAULT_TO_ACCEPT
printf("default to accept, "); printf("default to accept, ");
@ -1289,6 +1297,9 @@ ip6fw_modevent(module_t mod, int type, void *unused)
free(fcp, M_IP6FW); free(fcp, M_IP6FW);
} }
/* Free sysctl tree */
sysctl_ctx_free(&ip6_fw_sysctl_ctx);
splx(s); splx(s);
printf("IPv6 firewall unloaded\n"); printf("IPv6 firewall unloaded\n");
return 0; return 0;