Conditionalize calls to IPFW code on COMPAT_IPFW. This is done slightly

unconventionally:
	If COMPAT_IPFW is not defined, or if it is defined to 1, enable;
otherwise, disable.

This means that these changes actually have no effect on anyone at the
moment.  (It just makes it easier for me to keep my code in sync.)
In the future, the `not defined' part of the hack should be eliminated,
but doing this now would require everyone to change their config files.

The same conditionals need to be made in ip_input.c as well for this to
ave any useful effect, but I'm not ready to do that right now.

1 files changed, 10 insertions, 1 deletions

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 6e1f90d..cf12527 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_output.c	8.3 (Berkeley) 1/21/94
- *	$Id: ip_output.c,v 1.37 1996/05/06 17:42:13 wollman Exp $
+ *	$Id: ip_output.c,v 1.38 1996/05/21 20:47:31 peter Exp $
  */
 
 #define _IP_VHL
@@ -61,6 +61,13 @@
 #endif
 #include <machine/in_cksum.h>
 
+#if !defined(COMPAT_IPFW) || COMPAT_IPFW == 1
+#undef COMPAT_IPFW
+#define COMPAT_IPFW 1
+#else
+#undef COMPAT_IPFW
+#endif
+
 u_short ip_id;
 
 static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
@@ -325,10 +332,12 @@ sendit:
 	/*
 	 * Check with the firewall...
 	 */
+#ifdef COMPAT_IPFW
 	if (ip_fw_chk_ptr && !(*ip_fw_chk_ptr)(&ip, hlen, ifp, 1, &m)) {
 		error = EACCES;
 		goto done;
 	}
+#endif
 
 	/*
 	 * If small enough for interface, can just send directly.