diff options
| author | ae <ae@FreeBSD.org> | 2012-10-25 09:39:14 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2012-10-25 09:39:14 +0000 |
| commit | 71112b5a8eb3a8cd3f5d49eff9664a32fec42b56 (patch) | |
| tree | 74b574e44bf5e980b33dbec1477301fa3513db78 /sys/netinet/tcp_input.c | |
| parent | ae88b227912c0ec48a0dde46fe47f423ca864059 (diff) | |
| download | FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.zip FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.tar.gz | |
Remove the IPFIREWALL_FORWARD kernel option and make possible to turn
on the related functionality in the runtime via the sysctl variable
net.pfil.forward. It is turned off by default.
Sponsored by: Yandex LLC
Discussed with: net@
MFC after: 2 weeks
Diffstat (limited to 'sys/netinet/tcp_input.c')
| -rw-r--r-- | sys/netinet/tcp_input.c | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 0341207..1d56dfd 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -75,6 +75,7 @@ __FBSDID("$FreeBSD$"); #include <vm/uma.h> #include <net/if.h> +#include <net/pfil.h> #include <net/route.h> #include <net/vnet.h> @@ -544,9 +545,7 @@ tcp_input(struct mbuf *m, int off0) uint8_t sig_checked = 0; #endif uint8_t iptos = 0; -#ifdef IPFIREWALL_FORWARD - struct m_tag *fwd_tag; -#endif + struct m_tag *fwd_tag = NULL; #ifdef INET6 struct ip6_hdr *ip6 = NULL; int isipv6; @@ -754,15 +753,13 @@ findpcb: } #endif -#ifdef IPFIREWALL_FORWARD /* * Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain. */ - fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); -#endif /* IPFIREWALL_FORWARD */ + if (V_pfilforward != 0) + fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); #ifdef INET6 -#ifdef IPFIREWALL_FORWARD if (isipv6 && fwd_tag != NULL) { struct sockaddr_in6 *next_hop6; @@ -788,9 +785,7 @@ findpcb: } /* Remove the tag from the packet. We don't need it anymore. */ m_tag_delete(m, fwd_tag); - } else -#endif /* IPFIREWALL_FORWARD */ - if (isipv6) { + } else if (isipv6) { inp = in6_pcblookup_mbuf(&V_tcbinfo, &ip6->ip6_src, th->th_sport, &ip6->ip6_dst, th->th_dport, INPLOOKUP_WILDCARD | INPLOOKUP_WLOCKPCB, @@ -801,7 +796,6 @@ findpcb: else #endif #ifdef INET -#ifdef IPFIREWALL_FORWARD if (fwd_tag != NULL) { struct sockaddr_in *next_hop; @@ -828,7 +822,6 @@ findpcb: /* Remove the tag from the packet. We don't need it anymore. */ m_tag_delete(m, fwd_tag); } else -#endif /* IPFIREWALL_FORWARD */ inp = in_pcblookup_mbuf(&V_tcbinfo, ip->ip_src, th->th_sport, ip->ip_dst, th->th_dport, INPLOOKUP_WILDCARD | INPLOOKUP_WLOCKPCB, |
