diff options
author | ae <ae@FreeBSD.org> | 2012-11-02 01:20:55 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2012-11-02 01:20:55 +0000 |
commit | 4354018055d167b2dd190c0ed81b74972a32fe2c (patch) | |
tree | 3080b551004723e63a6f3fe08ee72e510038fe57 /sys/net | |
parent | 99cf02c7fdbbd005e93ef256cbf128c446cd2ee8 (diff) | |
download | FreeBSD-src-4354018055d167b2dd190c0ed81b74972a32fe2c.zip FreeBSD-src-4354018055d167b2dd190c0ed81b74972a32fe2c.tar.gz |
Remove the recently added sysctl variable net.pfil.forward.
Instead, add protocol specific mbuf flags M_IP_NEXTHOP and
M_IP6_NEXTHOP. Use them to indicate that the mbuf's chain
contains the PACKET_TAG_IPFORWARD tag. And do a tag lookup
only when this flag is set.
Suggested by: andre
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pfil.c | 6 | ||||
-rw-r--r-- | sys/net/pfil.h | 3 |
2 files changed, 0 insertions, 9 deletions
diff --git a/sys/net/pfil.c b/sys/net/pfil.c index 8d36999..06da0be 100644 --- a/sys/net/pfil.c +++ b/sys/net/pfil.c @@ -37,7 +37,6 @@ #include <sys/rmlock.h> #include <sys/socket.h> #include <sys/socketvar.h> -#include <sys/sysctl.h> #include <sys/systm.h> #include <sys/condvar.h> #include <sys/lock.h> @@ -65,11 +64,6 @@ VNET_DEFINE(struct pfilheadhead, pfil_head_list); VNET_DEFINE(struct rmlock, pfil_lock); #define V_pfil_lock VNET(pfil_lock) -VNET_DEFINE(int, pfilforward) = 0; -SYSCTL_NODE(_net, OID_AUTO, pfil, CTLFLAG_RW, 0, "Packer filter interface"); -SYSCTL_VNET_INT(_net_pfil, OID_AUTO, forward, CTLFLAG_RW, - &VNET_NAME(pfilforward), 0, - "Enable forwarding performed by packet filters"); /* * pfil_run_hooks() runs the specified packet filter hooks. */ diff --git a/sys/net/pfil.h b/sys/net/pfil.h index 9c45f10..fabfe9a 100644 --- a/sys/net/pfil.h +++ b/sys/net/pfil.h @@ -38,14 +38,11 @@ #include <sys/_mutex.h> #include <sys/lock.h> #include <sys/rmlock.h> -#include <net/vnet.h> struct mbuf; struct ifnet; struct inpcb; -VNET_DECLARE(int, pfilforward); -#define V_pfilforward VNET(pfilforward) /* * The packet filter hooks are designed for anything to call them to * possibly intercept the packet. |