Hello All,

I can see Œ#if SOLARIS¹ words in files.
question: can we use ILLUMOS ?

Also - I can see different checks:
#if SOLARIS

#ifdef SOLARIS

#if defined(SOLARIS)


Probably - will be better unify it to one?

Example:
https://us-east.manta.joyent.com/rmustacc/public/webrevs/ipf/all/usr/src/ut
s/common/inet/ipf/netinet/ip_fil.h.cdiff.html

I understand about:
#if defined(SOLARIS) && defined(_KERNEL)


But for other checks will be better to have '#if defined(SOLARIS)¹ or
similar, but the same for all.

I can understand about change 2012 & 2013 year, but, I think, will be
better update it to 2014?

--
Best regards,
Igor Kozhukhov


On 16/10/14 21:50, "Rob Gulewich via illumos-developer"
-------------------------------------------
illumos-developer
Archives: https://www.listbox.com/member/archive/182179/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182179/21175072-86d49504
Modify Your Subscription: https://www.listbox.com/member/?member_id=21175072&id_secret=21175072-abdf7b7e
Powered by Listbox: http://www.listbox.com

Looking at the user space components only...

usr/src/cmd/ipf/lib/common/load_hash.c
ok
usr/src/cmd/ipf/lib/common/load_hashnode.c
ok
usr/src/cmd/ipf/lib/common/load_pool.c
ok
usr/src/cmd/ipf/lib/common/load_poolnode.c
ok
usr/src/cmd/ipf/tools/Makefile.tools
ok
usr/src/cmd/ipf/tools/ipf.c
ok
usr/src/cmd/ipf/tools/ipfs.c
ok
usr/src/cmd/ipf/tools/ipfstat.c
ok
usr/src/cmd/ipf/tools/ipfzone.c
ok
usr/src/cmd/ipf/tools/ipfzone.h
ok
usr/src/cmd/ipf/tools/ipmon.c
ok
usr/src/cmd/ipf/tools/ipnat.c
ok
usr/src/cmd/ipf/tools/ippool.c
ok
usr/src/man/man1m/ipf.1m
ok
usr/src/man/man1m/ipfs.1m
ok
usr/src/man/man1m/ipfstat.1m
ok
usr/src/man/man1m/ipmon.1m
ok
usr/src/man/man1m/ipnat.1m
ok
usr/src/man/man1m/ippool.1m
ok
usr/src/man/man5/ipfilter.5
215: Consider starting with "Each non-global zone in the system ...".

Also, add a simple (similar) diagram representing the global zone, GZ
Firewall
and external. This is to distinguish it from the "In-Zone" and
"GZ-Controlled"
firewalls.

An overall comment is to decide what you want to do with getopt, the
extra options and how they are parsed/printed if "SOLARIS" isn't defined
when compiled. Personally, my advice to you would be to just remove the
"#if SOLARIS" blocks that you've introduced and just concentrate on making
it work consistently for illumos throughout. At present there is a bit of a
mixture of behaviour when SOLARIS is not defined.

Cheers,
Darren



-------------------------------------------
illumos-developer
Archives: https://www.listbox.com/member/archive/182179/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182179/21175072-86d49504
Modify Your Subscription: https://www.listbox.com/member/?member_id=21175072&id_secret=21175072-abdf7b7e
Powered by Listbox: http://www.listbox.com

Ach! There was something I forgot to mention.

What should the behaviour be for "-G global" when running tools in the
global zone?
Should (for example) setzonename_global() still set ipfz_gz to 1?
What about "-z global"?
Should they return an error (without calling an ioctl), do nothing or ...?

Consider that when the user is doing this, they are expecting to control
the firewall
of a "sub-zone" and so far as I know, a sub-zone cannot be called "global".

Cheers,
Darren



-------------------------------------------
illumos-developer
Archives: https://www.listbox.com/member/archive/182179/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182179/21175072-86d49504
Modify Your Subscription: https://www.listbox.com/member/?member_id=21175072&id_secret=21175072-abdf7b7e
Powered by Listbox: http://www.listbox.com

usr/src/uts/common/inet/ipf/netinet/ipf_stack.h
ok

usr/src/uts/common/inet/ipf/netinet/ip_fil.h
ok

usr/src/uts/common/inet/ipf/ip_state.c
#5199 - the pre-patch behaviour was deliberate: state is created when
packets
that have an expectation of a reply are seen. For ICMP_ECHOREPLY it is
rather
obvious that a reply back is not expected (assume single packet rather than
a person running ping) thus it was never included in that case statement
however if that behaviour is not beneficial, I won't argue against this
change.

usr/src/uts/common/inet/ipf/ip_log.c
ok

usr/src/uts/common/inet/ipf/netinet/ipf_stack.h
ok

usr/src/uts/common/inet/ipf/ip_fil_solaris.c
Line 963: I'm not a big fan of using "-1" to represent an invalid
zone because
-1 is define'd to ALL_ZONES (sys/zone.h)

usr/src/uts/common/inet/ipf/fil.c
ok

usr/src/uts/common/inet/ipf/solaris.c
271-291 A better idea might be to use "ipf_gz" so that scripts
collecting the statistics
can more easily recognise the values. Additionally, if there are further
kstats added then
a "_gz" version of each kstat value is required rather than just having
all of the kstats
owned by a "_gz" module.



-------------------------------------------
illumos-developer
Archives: https://www.listbox.com/member/archive/182179/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182179/21175072-86d49504
Modify Your Subscription: https://www.listbox.com/member/?member_id=21175072&id_secret=21175072-abdf7b7e
Powered by Listbox: http://www.listbox.com