diff options
author | jmallett <jmallett@FreeBSD.org> | 2004-07-17 02:40:13 +0000 |
---|---|---|
committer | jmallett <jmallett@FreeBSD.org> | 2004-07-17 02:40:13 +0000 |
commit | 111d2dd1159354d54660b7275a9d1e2fd35dd227 (patch) | |
tree | 392cef56c71ac33e390c5c4e9f00d4a2b73b6808 /sys/sys/mbuf.h | |
parent | e2c3152e77cba6cc168ce99880e6b6bef9921e4e (diff) | |
download | FreeBSD-src-111d2dd1159354d54660b7275a9d1e2fd35dd227.zip FreeBSD-src-111d2dd1159354d54660b7275a9d1e2fd35dd227.tar.gz |
Make M_SKIP_FIREWALL a global (and semantic) flag, preventing anything from
using M_PROTO6 and possibly shooting someone's foot, as well as allowing the
firewall to be used in multiple passes, or with a packet classifier frontend,
that may need to explicitly allow a certain packet. Presently this is handled
in the ipfw_chk code as before, though I have run with it moved to upper
layers, and possibly it should apply to ipfilter and pf as well, though this
has not been investigated.
Discussed with: luigi, rwatson
Diffstat (limited to 'sys/sys/mbuf.h')
-rw-r--r-- | sys/sys/mbuf.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h index e8b6682..ad443fe 100644 --- a/sys/sys/mbuf.h +++ b/sys/sys/mbuf.h @@ -165,7 +165,7 @@ struct mbuf { #define M_PROTO3 0x0040 /* protocol-specific */ #define M_PROTO4 0x0080 /* protocol-specific */ #define M_PROTO5 0x0100 /* protocol-specific */ -#define M_PROTO6 0x4000 /* protocol-specific (avoid M_BCAST conflict) */ +#define M_SKIP_FIREWALL 0x4000 /* skip firewall processing */ #define M_FREELIST 0x8000 /* mbuf is on the free list */ /* @@ -192,7 +192,7 @@ struct mbuf { * Flags copied when copying m_pkthdr. */ #define M_COPYFLAGS (M_PKTHDR|M_EOR|M_RDONLY|M_PROTO1|M_PROTO1|M_PROTO2|\ - M_PROTO3|M_PROTO4|M_PROTO5|M_PROTO6|\ + M_PROTO3|M_PROTO4|M_PROTO5|M_SKIP_FIREWALL|\ M_BCAST|M_MCAST|M_FRAG|M_FIRSTFRAG|M_LASTFRAG) /* |