summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuiz Otavio O Souza <luiz@netgate.com>2016-05-03 10:05:29 -0500
committerLuiz Otavio O Souza <luiz@netgate.com>2016-05-03 10:09:35 -0500
commitb174bde150957ccfa49627f93aa2c0fcd966eb62 (patch)
tree8cc54ac76ea78a75b89409f1416650ce182d4a99
parent5081bace2b0bdb7140682f44a429ab5ef9e71751 (diff)
downloadFreeBSD-src-b174bde150957ccfa49627f93aa2c0fcd966eb62.zip
FreeBSD-src-b174bde150957ccfa49627f93aa2c0fcd966eb62.tar.gz
Revive the sysctl net.inet.ip.fastforward to control the tryforward use.
This is mainly provided for debug aid and should not be used in common cases. The fastforward sysctl is enabled by default. (cherry picked from commit 15f18a5ce3e8c7bc5a9604d5378609441f680b10)
-rw-r--r--sys/netinet/ip_input.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 1eefadc..5adc173 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -99,6 +99,11 @@ SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW,
&VNET_NAME(ipforwarding), 0,
"Enable IP forwarding between interfaces");
+static VNET_DEFINE(int, ipfastforward) = 1;
+#define V_ipfastforward VNET(ipfastforward)
+SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_RW,
+ &VNET_NAME(ipfastforward), 0, "Enable fast IP forwarding");
+
static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */
#define V_ipsendredirects VNET(ipsendredirects)
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW,
@@ -473,7 +478,7 @@ tooshort:
#ifdef IPSEC
/* For now we do not handle IPSEC in tryforward. */
if (!key_havesp(IPSEC_DIR_INBOUND) && !key_havesp(IPSEC_DIR_OUTBOUND) &&
- (V_ipforwarding == 1))
+ (V_ipforwarding == 1 && V_ipfastforward == 1))
if (ip_tryforward(m) == NULL)
return;
/*
@@ -482,7 +487,7 @@ tooshort:
if (ip_ipsec_filtertunnel(m))
goto passin;
#else
- if (V_ipforwarding == 1)
+ if (V_ipforwarding == 1 && V_ipfastforward == 1)
if (ip_tryforward(m) == NULL)
return;
#endif /* IPSEC */
OpenPOWER on IntegriCloud