net: Implement interface group support
The network interface group (aka ifgroup) functionality is currently only
used by the PF (still needs patch to make PF use the ifgroup), allowing
rules to use group names instead of the specific interface names, which
makes firewall rules more generic and simpler.
* The ifgroup data are stored at the following two places:
- The global list of 'struct ifg_group': each entry is a group which has
the name and members (a list of pointers to the interfaces).
- The per-ifnet 'if_groups' list, which records the groups that the
interface belongs to.
* Introduce the 'ifgroup_lock' locakmgr(9) to protect the global list
of 'struct ifg_group' and per-ifnet 'if_groups' list. The R/W locking
operations are provided by the ifgroup_lockmgr() function.
* Move the copyout() out of the locked loop in if_getgroups() and
if_getgroupmembers() functions.
* Fix several M_NOWAIT to be M_WAITOK.
* Use M_IFNET instead of M_TEMP for allocated ifgroup memory.
* Add SIOC[ADG]IFGROUP and SIOCGIFGMEMB ioctl's,
bump __DragonFly_version.
* Add invocations to group_{attach,change,detach}_event handlers.
* Update eventhandler.9 man page.
* Some style updates.
Great thanks to sephe for his patient guidance and review.
Credit to both FreeBSD and OpenBSD for the ifgroup functionality.
NOTE:
When delete the only group from an interface, which leaves an empty
group that will be destroyed, make sure the group_change_event event
is invoked *before* the group destroy (i.e., group_detach_event).
Both FreeBSD and OpenBSD have the ordering problem with group detach
event. Need to report the problem to them.
projects / dragonfly.git / commit