diff options
author | julian <julian@FreeBSD.org> | 2006-08-17 00:37:03 +0000 |
---|---|---|
committer | julian <julian@FreeBSD.org> | 2006-08-17 00:37:03 +0000 |
commit | 4fb1f1e2022c76cd6d80c4c885312f56e2d0a596 (patch) | |
tree | 226aa6adc40051f20816908fd88ce4cd31043f82 /sys/netinet | |
parent | b3160d204fc81f13c71edebc9d67009715c26bac (diff) | |
download | FreeBSD-src-4fb1f1e2022c76cd6d80c4c885312f56e2d0a596.zip FreeBSD-src-4fb1f1e2022c76cd6d80c4c885312f56e2d0a596.tar.gz |
Remove the IPFIREWALL_FORWARD_EXTENDED option and make it on by default as it always was
in older versions of FreeBSD. This option is pointless as it is needed in just
about every interesting usage of forward that I have ever seen. It doesn't make
the system any safer and just wastes huge amounts of develper time
when the system doesn't behave as expected when code is moved from
4.x to 6.x It doesn't make
the system any safer and just wastes huge amounts of develper time
when the system doesn't behave as expected when code is moved from
4.x to 6.x or 7.x
Reviewed by: glebius
MFC after: 1 week
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_fastfwd.c | 6 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 19 |
3 files changed, 6 insertions, 23 deletions
diff --git a/sys/netinet/ip_fastfwd.c b/sys/netinet/ip_fastfwd.c index 3b0496b..ce017d9 100644 --- a/sys/netinet/ip_fastfwd.c +++ b/sys/netinet/ip_fastfwd.c @@ -476,11 +476,7 @@ forwardlocal: */ #ifdef IPFIREWALL_FORWARD if (fwd_tag) { -#ifndef IPFIREWALL_FORWARD_EXTENDED - if (!in_localip(ip->ip_src) && - !in_localaddr(ip->ip_dst)) -#endif - dest.s_addr = ((struct sockaddr_in *) + dest.s_addr = ((struct sockaddr_in *) (fwd_tag + 1))->sin_addr.s_addr; m_tag_delete(m, fwd_tag); } diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index a860074..84768a7 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -423,9 +423,6 @@ tooshort: m->m_flags &= ~M_FASTFWD_OURS; goto ours; } -#ifndef IPFIREWALL_FORWARD_EXTENDED - dchg = (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL); -#else if ((dchg = (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL)) != 0) { /* * Directly ship on the packet. This allows to forward packets @@ -435,7 +432,6 @@ tooshort: ip_forward(m, dchg); return; } -#endif /* IPFIREWALL_FORWARD_EXTENDED */ #endif /* IPFIREWALL_FORWARD */ passin: diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index dcdc635..8efc288 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -457,20 +457,11 @@ sendit: /* Or forward to some other address? */ fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); if (fwd_tag) { -#ifndef IPFIREWALL_FORWARD_EXTENDED - if (!in_localip(ip->ip_src) && !in_localaddr(ip->ip_dst)) { -#endif - dst = (struct sockaddr_in *)&ro->ro_dst; - bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in)); - m->m_flags |= M_SKIP_FIREWALL; - m_tag_delete(m, fwd_tag); - goto again; -#ifndef IPFIREWALL_FORWARD_EXTENDED - } else { - m_tag_delete(m, fwd_tag); - /* Continue. */ - } -#endif + dst = (struct sockaddr_in *)&ro->ro_dst; + bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in)); + m->m_flags |= M_SKIP_FIREWALL; + m_tag_delete(m, fwd_tag); + goto again; } #endif /* IPFIREWALL_FORWARD */ |