diff options
author | ae <ae@FreeBSD.org> | 2012-11-02 01:20:55 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2012-11-02 01:20:55 +0000 |
commit | 4354018055d167b2dd190c0ed81b74972a32fe2c (patch) | |
tree | 3080b551004723e63a6f3fe08ee72e510038fe57 /sys/netpfil | |
parent | 99cf02c7fdbbd005e93ef256cbf128c446cd2ee8 (diff) | |
download | FreeBSD-src-4354018055d167b2dd190c0ed81b74972a32fe2c.zip FreeBSD-src-4354018055d167b2dd190c0ed81b74972a32fe2c.tar.gz |
Remove the recently added sysctl variable net.pfil.forward.
Instead, add protocol specific mbuf flags M_IP_NEXTHOP and
M_IP6_NEXTHOP. Use them to indicate that the mbuf's chain
contains the PACKET_TAG_IPFORWARD tag. And do a tag lookup
only when this flag is set.
Suggested by: andre
Diffstat (limited to 'sys/netpfil')
-rw-r--r-- | sys/netpfil/ipfw/ip_fw2.c | 2 | ||||
-rw-r--r-- | sys/netpfil/ipfw/ip_fw_pfil.c | 4 |
2 files changed, 2 insertions, 4 deletions
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 69d975b..01ef4e1 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -2535,7 +2535,6 @@ ipfw_init(void) "(+ipv6) " #endif "initialized, divert %s, nat %s, " - "rule-based forwarding turned %s, " "default to %s, logging ", #ifdef IPDIVERT "enabled", @@ -2547,7 +2546,6 @@ ipfw_init(void) #else "loadable", #endif - V_pfilforward ? "on": "off", default_to_accept ? "accept" : "deny"); /* diff --git a/sys/netpfil/ipfw/ip_fw_pfil.c b/sys/netpfil/ipfw/ip_fw_pfil.c index c34650d..5d6c1bd 100644 --- a/sys/netpfil/ipfw/ip_fw_pfil.c +++ b/sys/netpfil/ipfw/ip_fw_pfil.c @@ -159,8 +159,6 @@ again: /* next_hop may be set by ipfw_chk */ if (args.next_hop == NULL && args.next_hop6 == NULL) break; /* pass */ - if (V_pfilforward == 0) - break; #if (!defined(INET6) && !defined(INET)) ret = EACCES; #else @@ -201,6 +199,7 @@ again: bcopy(args.next_hop6, (fwd_tag+1), len); if (in6_localip(&args.next_hop6->sin6_addr)) (*m0)->m_flags |= M_FASTFWD_OURS; + (*m0)->m_flags |= M_IP6_NEXTHOP; } #endif #ifdef INET @@ -208,6 +207,7 @@ again: bcopy(args.next_hop, (fwd_tag+1), len); if (in_localip(args.next_hop->sin_addr)) (*m0)->m_flags |= M_FASTFWD_OURS; + (*m0)->m_flags |= M_IP_NEXTHOP; } #endif m_tag_prepend(*m0, fwd_tag); |