diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-03 10:05:29 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-03 10:09:35 -0500 |
commit | b174bde150957ccfa49627f93aa2c0fcd966eb62 (patch) | |
tree | 8cc54ac76ea78a75b89409f1416650ce182d4a99 | |
parent | 5081bace2b0bdb7140682f44a429ab5ef9e71751 (diff) | |
download | FreeBSD-src-b174bde150957ccfa49627f93aa2c0fcd966eb62.zip FreeBSD-src-b174bde150957ccfa49627f93aa2c0fcd966eb62.tar.gz |
Revive the sysctl net.inet.ip.fastforward to control the tryforward use.
This is mainly provided for debug aid and should not be used in common cases.
The fastforward sysctl is enabled by default.
(cherry picked from commit 15f18a5ce3e8c7bc5a9604d5378609441f680b10)
-rw-r--r-- | sys/netinet/ip_input.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1eefadc..5adc173 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -99,6 +99,11 @@ SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, &VNET_NAME(ipforwarding), 0, "Enable IP forwarding between interfaces"); +static VNET_DEFINE(int, ipfastforward) = 1; +#define V_ipfastforward VNET(ipfastforward) +SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_RW, + &VNET_NAME(ipfastforward), 0, "Enable fast IP forwarding"); + static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ #define V_ipsendredirects VNET(ipsendredirects) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, @@ -473,7 +478,7 @@ tooshort: #ifdef IPSEC /* For now we do not handle IPSEC in tryforward. */ if (!key_havesp(IPSEC_DIR_INBOUND) && !key_havesp(IPSEC_DIR_OUTBOUND) && - (V_ipforwarding == 1)) + (V_ipforwarding == 1 && V_ipfastforward == 1)) if (ip_tryforward(m) == NULL) return; /* @@ -482,7 +487,7 @@ tooshort: if (ip_ipsec_filtertunnel(m)) goto passin; #else - if (V_ipforwarding == 1) + if (V_ipforwarding == 1 && V_ipfastforward == 1) if (ip_tryforward(m) == NULL) return; #endif /* IPSEC */ |