diff options
| author | ae <ae@FreeBSD.org> | 2012-10-25 09:39:14 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2012-10-25 09:39:14 +0000 |
| commit | 71112b5a8eb3a8cd3f5d49eff9664a32fec42b56 (patch) | |
| tree | 74b574e44bf5e980b33dbec1477301fa3513db78 /sys/netinet6/ip6_input.c | |
| parent | ae88b227912c0ec48a0dde46fe47f423ca864059 (diff) | |
| download | FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.zip FreeBSD-src-71112b5a8eb3a8cd3f5d49eff9664a32fec42b56.tar.gz | |
Remove the IPFIREWALL_FORWARD kernel option and make possible to turn
on the related functionality in the runtime via the sysctl variable
net.pfil.forward. It is turned off by default.
Sponsored by: Yandex LLC
Discussed with: net@
MFC after: 2 weeks
Diffstat (limited to 'sys/netinet6/ip6_input.c')
| -rw-r--r-- | sys/netinet6/ip6_input.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index f5ec27a..bbb6fdd 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -628,7 +628,8 @@ ip6_input(struct mbuf *m) ip6 = mtod(m, struct ip6_hdr *); srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); -#ifdef IPFIREWALL_FORWARD + if (V_pfilforward == 0) + goto passin; if (m->m_flags & M_FASTFWD_OURS) { m->m_flags &= ~M_FASTFWD_OURS; ours = 1; @@ -644,7 +645,6 @@ ip6_input(struct mbuf *m) ip6_forward(m, 1); goto out; } -#endif /* IPFIREWALL_FORWARD */ passin: /* |
