Remove the recently added sysctl variable net.pfil.forward.

Instead, add protocol specific mbuf flags M_IP_NEXTHOP and
M_IP6_NEXTHOP. Use them to indicate that the mbuf's chain
contains the PACKET_TAG_IPFORWARD tag. And do a tag lookup
only when this flag is set.

Suggested by:	andre

2 files changed, 2 insertions, 4 deletions

diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index 69d975b..01ef4e1 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -2535,7 +2535,6 @@ ipfw_init(void)
 		"(+ipv6) "
 #endif
 		"initialized, divert %s, nat %s, "
-		"rule-based forwarding turned %s, "
 		"default to %s, logging ",
 #ifdef IPDIVERT
 		"enabled",
@@ -2547,7 +2546,6 @@ ipfw_init(void)
 #else
 		"loadable",
 #endif
-		V_pfilforward ? "on": "off",
 		default_to_accept ? "accept" : "deny");
 
 	/*
diff --git a/sys/netpfil/ipfw/ip_fw_pfil.c b/sys/netpfil/ipfw/ip_fw_pfil.c
index c34650d..5d6c1bd 100644
--- a/sys/netpfil/ipfw/ip_fw_pfil.c
+++ b/sys/netpfil/ipfw/ip_fw_pfil.c
@@ -159,8 +159,6 @@ again:
 		/* next_hop may be set by ipfw_chk */
 		if (args.next_hop == NULL && args.next_hop6 == NULL)
 			break; /* pass */
-		if (V_pfilforward == 0)
-			break;
 #if (!defined(INET6) && !defined(INET))
 		ret = EACCES;
 #else
@@ -201,6 +199,7 @@ again:
 			bcopy(args.next_hop6, (fwd_tag+1), len);
 			if (in6_localip(&args.next_hop6->sin6_addr))
 				(*m0)->m_flags |= M_FASTFWD_OURS;
+			(*m0)->m_flags |= M_IP6_NEXTHOP;
 		}
 #endif
 #ifdef INET
@@ -208,6 +207,7 @@ again:
 			bcopy(args.next_hop, (fwd_tag+1), len);
 			if (in_localip(args.next_hop->sin_addr))
 				(*m0)->m_flags |= M_FASTFWD_OURS;
+			(*m0)->m_flags |= M_IP_NEXTHOP;
 		}
 #endif
 		m_tag_prepend(*m0, fwd_tag);