diff options
author | julian <julian@FreeBSD.org> | 2009-10-11 05:59:43 +0000 |
---|---|---|
committer | julian <julian@FreeBSD.org> | 2009-10-11 05:59:43 +0000 |
commit | 79c1f884ef6881dc506df5a23203f4cc0a447a35 (patch) | |
tree | d481a2e714a210799fdaf274f5482c3e67e5c845 /sys/net/if_ethersubr.c | |
parent | c98bb6fb8fe1b6c9437608e3d30fd1cbf47e2e6a (diff) | |
download | FreeBSD-src-79c1f884ef6881dc506df5a23203f4cc0a447a35.zip FreeBSD-src-79c1f884ef6881dc506df5a23203f4cc0a447a35.tar.gz |
Virtualize the pfil hooks so that different jails may chose different
packet filters. ALso allows ipfw to be enabled on on ejail and disabled
on another. In 8.0 it's a global setting.
Sitting aroung in tree waiting to commit for: 2 months
MFC after: 2 months
Diffstat (limited to 'sys/net/if_ethersubr.c')
-rw-r--r-- | sys/net/if_ethersubr.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index bac2044..5dff9bc 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -434,7 +434,7 @@ ether_output_frame(struct ifnet *ifp, struct mbuf *m) { #if defined(INET) || defined(INET6) - if (ip_fw_chk_ptr && V_ether_ipfw != 0) { + if (V_ip_fw_chk_ptr && V_ether_ipfw != 0) { if (ether_ipfw_chk(&m, ifp, 0) == 0) { if (m) { m_freem(m); @@ -502,7 +502,7 @@ ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, int shared) args.next_hop = NULL; /* we do not support forward yet */ args.eh = &save_eh; /* MAC header for bridged/MAC packets */ args.inp = NULL; /* used by ipfw uid/gid/jail rules */ - i = ip_fw_chk_ptr(&args); + i = V_ip_fw_chk_ptr(&args); m = args.m; if (m != NULL) { /* @@ -775,7 +775,7 @@ ether_demux(struct ifnet *ifp, struct mbuf *m) * Allow dummynet and/or ipfw to claim the frame. * Do not do this for PROMISC frames in case we are re-entered. */ - if (ip_fw_chk_ptr && V_ether_ipfw != 0 && !(m->m_flags & M_PROMISC)) { + if (V_ip_fw_chk_ptr && V_ether_ipfw != 0 && !(m->m_flags & M_PROMISC)) { if (ether_ipfw_chk(&m, NULL, 0) == 0) { if (m) m_freem(m); /* dropped; free mbuf chain */ |