Remove the IPFIREWALL_FORWARD kernel option and make possible to turn

on the related functionality in the runtime via the sysctl variable net.pfil.forward. It is turned off by default. Sponsored by: Yandex LLC Discussed with: net@ MFC after: 2 weeks
author: ae <ae@FreeBSD.org> 2012-10-25 09:39:14 +0000
committer: ae <ae@FreeBSD.org> 2012-10-25 09:39:14 +0000
commit: 71112b5a8eb3a8cd3f5d49eff9664a32fec42b56 (patch)
tree: 74b574e44bf5e980b33dbec1477301fa3513db78 /sys/netinet/ip_input.c
parent: ae88b227912c0ec48a0dde46fe47f423ca864059 (diff)
download: FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.zip
FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index baa08a4..e0e98a2 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -509,7 +509,9 @@ tooshort:
 	dchg = (odst.s_addr != ip->ip_dst.s_addr);
 	ifp = m->m_pkthdr.rcvif;
 
-#ifdef IPFIREWALL_FORWARD
+	if (V_pfilforward == 0)
+		goto passin;
+
 	if (m->m_flags & M_FASTFWD_OURS) {
 		m->m_flags &= ~M_FASTFWD_OURS;
 		goto ours;
@@ -523,7 +525,6 @@ tooshort:
 		ip_forward(m, dchg);
 		return;
 	}
-#endif /* IPFIREWALL_FORWARD */
 
 passin:
author	ae <ae@FreeBSD.org>	2012-10-25 09:39:14 +0000
committer	ae <ae@FreeBSD.org>	2012-10-25 09:39:14 +0000
commit	71112b5a8eb3a8cd3f5d49eff9664a32fec42b56 (patch)
tree	74b574e44bf5e980b33dbec1477301fa3513db78 /sys/netinet/ip_input.c
parent	ae88b227912c0ec48a0dde46fe47f423ca864059 (diff)
download	FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.zip FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.tar.gz