diff options
author | ae <ae@FreeBSD.org> | 2012-10-25 09:39:14 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2012-10-25 09:39:14 +0000 |
commit | 71112b5a8eb3a8cd3f5d49eff9664a32fec42b56 (patch) | |
tree | 74b574e44bf5e980b33dbec1477301fa3513db78 /sys/netinet/ip_input.c | |
parent | ae88b227912c0ec48a0dde46fe47f423ca864059 (diff) | |
download | FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.zip FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.tar.gz |
Remove the IPFIREWALL_FORWARD kernel option and make possible to turn
on the related functionality in the runtime via the sysctl variable
net.pfil.forward. It is turned off by default.
Sponsored by: Yandex LLC
Discussed with: net@
MFC after: 2 weeks
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r-- | sys/netinet/ip_input.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index baa08a4..e0e98a2 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -509,7 +509,9 @@ tooshort: dchg = (odst.s_addr != ip->ip_dst.s_addr); ifp = m->m_pkthdr.rcvif; -#ifdef IPFIREWALL_FORWARD + if (V_pfilforward == 0) + goto passin; + if (m->m_flags & M_FASTFWD_OURS) { m->m_flags &= ~M_FASTFWD_OURS; goto ours; @@ -523,7 +525,6 @@ tooshort: ip_forward(m, dchg); return; } -#endif /* IPFIREWALL_FORWARD */ passin: |