diff options
| author | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-03 10:05:29 -0500 |
|---|---|---|
| committer | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-03 10:05:55 -0500 |
| commit | 15f18a5ce3e8c7bc5a9604d5378609441f680b10 (patch) | |
| tree | 8ebae26fa230c725a428be72397b9fc057611712 | |
| parent | 501575fb1206644a3ea8c2cd64a81084745445cc (diff) | |
| download | FreeBSD-src-15f18a5ce3e8c7bc5a9604d5378609441f680b10.zip FreeBSD-src-15f18a5ce3e8c7bc5a9604d5378609441f680b10.tar.gz | |
Revive the sysctl net.inet.ip.fastforward to control the tryforward use.
This is mainly provided for debug aid and should not be used in common cases.
The fastforward sysctl is enabled by default.
| -rw-r--r-- | sys/netinet/ip_input.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1eefadc..5adc173 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -99,6 +99,11 @@ SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, &VNET_NAME(ipforwarding), 0, "Enable IP forwarding between interfaces"); +static VNET_DEFINE(int, ipfastforward) = 1; +#define V_ipfastforward VNET(ipfastforward) +SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_RW, + &VNET_NAME(ipfastforward), 0, "Enable fast IP forwarding"); + static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ #define V_ipsendredirects VNET(ipsendredirects) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, @@ -473,7 +478,7 @@ tooshort: #ifdef IPSEC /* For now we do not handle IPSEC in tryforward. */ if (!key_havesp(IPSEC_DIR_INBOUND) && !key_havesp(IPSEC_DIR_OUTBOUND) && - (V_ipforwarding == 1)) + (V_ipforwarding == 1 && V_ipfastforward == 1)) if (ip_tryforward(m) == NULL) return; /* @@ -482,7 +487,7 @@ tooshort: if (ip_ipsec_filtertunnel(m)) goto passin; #else - if (V_ipforwarding == 1) + if (V_ipforwarding == 1 && V_ipfastforward == 1) if (ip_tryforward(m) == NULL) return; #endif /* IPSEC */ |
