[patch] attach ipfw rules to jails
Alex Lyashkov
shadow at psoft.net
Mon Jul 5 22:47:19 PDT 2004
В Втр, 06.07.2004, в 08:34, Julian Elischer пишет:
> vimage is a good idea but it has great problems in an expandable world.
> (i.e. with systems that use klds a lot)
>
> It relies on all globals being moved to a structure, but
> the structure needs to be defined at compile time so it can not be
> expanded when a module is loaded to accomodate the globasl from that
> module. Thsi COULD be solved by adding an extra level of indirection
> for all globals but that is a lot of overhead, and it could be resolved
> using something similar to the TLS (thread local storage)
> technology being developed but it would still be a non trivial bit of
> work to make it a production quality system.
>
> Julian
I do not know who work TLS (if it easy please explain it) but my view
for this problem - if for this module not reserve place at global
structure - use private per module storage where placed reference from
global prison structure to module data. And add 2 callback`s -
init/destroy prison context.
Or other way - add to prison array where each modules been registered
pointer to data associated with this module at this prison context.
I use similar way where add per vps ipsec support at FreeVPS.
--
Alex Lyashkov <shadow at psoft.net>
PSoft
More information about the freebsd-hackers
mailing list